Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLW.Autoruner.9680
Aggiunto al database dei virus Dr.Web:
2009-11-13
La descrizione è stata aggiunta:
2015-01-07
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'mircos.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = ' mircos.dll'
Malicious functions:
Creates and executes the following:
'<SYSTEM32>\mircosk.exe' ‰
'<Current directory>\winrar.com'
Executes the following:
'<SYSTEM32>\wbem\wmiadap.exe' /R /T
'<SYSTEM32>\cmd.exe' /c <Current directory>\winrar.com.bat
Modifies file system :
Creates the following files:
<Current directory>\DNF xiaofeng秒怪免费版\data\data00
<Current directory>\DNF xiaofeng秒怪免费版\data\data_bak
<Current directory>\DNF xiaofeng秒怪免费版\data\data10
<Current directory>\DNF xiaofeng秒怪免费版\data\data01
<Current directory>\DNF xiaofeng秒怪免费版\小峰启动.exe
<Current directory>\DNF xiaofeng秒怪免费版\Easy2Game.exe
<Current directory>\DNF xiaofeng秒怪免费版\mydll.dll
<Current directory>\DNF xiaofeng秒怪免费版\GameLink.dll
<Current directory>\DNF xiaofeng秒怪免费版\data\data11
<Current directory>\DNF xiaofeng秒怪免费版\unins000.dat
<Current directory>\DNF xiaofeng秒怪免费版\data\data.dat
<SYSTEM32>\mircosk.exe
<SYSTEM32>\mircos.dll
<Current directory>\DNF xiaofeng秒怪免费版\data\data30
<Current directory>\DNF xiaofeng秒怪免费版\data\data20
<Current directory>\DNF xiaofeng秒怪免费版\data\ServerData
<Current directory>\DNF xiaofeng秒怪免费版\data\Lang
<Current directory>\DNF xiaofeng秒怪免费版\CCProxy.exe
<Current directory>\DNF xiaofeng秒怪免费版\Language\ChineseGB.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\ChineseBig5.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\English.ini
<Current directory>\DNF xiaofeng秒怪免费版\Config.ini
<Current directory>\DNF xiaofeng秒怪免费版\AccInfo.ini
<Current directory>\DNF xiaofeng秒怪免费版\使用方法.txt
<Current directory>\DNF xiaofeng秒怪免费版\CCProxy.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Bulgarian.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\French.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Spanish.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Russian.ini
<Current directory>\winrar.com
<Current directory>\DNF xiaofeng秒怪免费版\Language\Swedish.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Italian.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\German.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Romanian.ini
<Current directory>\DNF xiaofeng秒怪免费版\Language\Portuguese.ini
Sets the 'hidden' attribute to the following files:
<Current directory>\winrar.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'EDIT' WindowName: ''
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK