Substitutes the following executable system files:
<SYSTEM32>\cmd.exe with <SYSTEM32>\cmd.exe.new
<SYSTEM32>\dllcache\rundll32.exe with <SYSTEM32>\dllcache\rundll32.exe.new
<SYSTEM32>\rundll32.exe with <SYSTEM32>\rundll32.exe.new
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:ipsec'
To complicate detection of its presence in the operating system,
blocks the following features:
User Account Control (UAC)
Executes the following:
<SYSTEM32>\telnet.exe
<SYSTEM32>\notepad.exe
Injects code into
the following system processes:
<SYSTEM32>\notepad.exe
a large number of user processes.
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni