Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLW.Autoruner1.11771
Aggiunto al database dei virus Dr.Web:
2012-02-11
La descrizione è stata aggiunta:
2012-03-02
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KB00801295.exe' = '"%APPDATA%\KB00801295.exe"'
Malicious functions:
Creates and executes the following:
Injects code into
the following system processes:
a large number of user processes.
Modifies file system :
Creates the following files:
%TEMP%\POS1.tmp.BAT
%APPDATA%\KB00801295.exe
Deletes itself.
Network activity:
Connects to:
'oh####hwjtzihdka.ru':8080
'st####juvwqvlmvj.ru':8080
'kz####ghktuuzzgz.ru':8080
'qn####iedetxhdyq.ru':8080
'wb####crbkrkjftn.ru':8080
'eo####uwkjskhvki.ru':8080
'mj####geawadmrya.ru':8080
'wy####rlaewoaecg.ru':8080
'ui####xqqbaowfuz.ru':8080
'kj####bgadkfnoyw.ru':8080
'gt####zvjshxuvle.ru':8080
'yl####sxdsvtkygo.ru':8080
'rg####ofrilwygvh.ru':8080
'ay####mrlmymcwkh.ru':8080
'an####elnidmzueo.ru':8080
'mc####uyhzvzjxbj.ru':8080
'wi####jkinewgycb.ru':8080
'hb####cnsuiwgtrq.ru':8080
'ax####fbraskytvs.ru':8080
'wf####paxvulfdtn.ru':8080
'hm####wkvayilcwh.ru':8080
'xv####estulhtvqz.ru':8080
'hj####xsutdctjol.ru':8080
'sk####ujlpedxxsl.ru':8080
'xk####fpftrtdcrf.ru':8080
'qt####bqfohcpwft.ru':8080
'vj####ecxaomkytb.ru':8080
'tw####wpluclcqcj.ru':8080
'lz####vmrbwdcpha.ru':8080
'ta####bbztqnyngq.ru':8080
'vz####swhqlswkji.ru':8080
UDP:
DNS ASK st####juvwqvlmvj.ru
DNS ASK oh####hwjtzihdka.ru
DNS ASK wy####rlaewoaecg.ru
DNS ASK kz####ghktuuzzgz.ru
DNS ASK eo####uwkjskhvki.ru
DNS ASK wb####crbkrkjftn.ru
DNS ASK qn####iedetxhdyq.ru
DNS ASK mj####geawadmrya.ru
DNS ASK kj####bgadkfnoyw.ru
DNS ASK ui####xqqbaowfuz.ru
DNS ASK xi####gcdfddgrct.ru
DNS ASK gt####zvjshxuvle.ru
DNS ASK ay####mrlmymcwkh.ru
DNS ASK rg####ofrilwygvh.ru
DNS ASK yl####sxdsvtkygo.ru
DNS ASK an####elnidmzueo.ru
DNS ASK mc####uyhzvzjxbj.ru
DNS ASK wi####jkinewgycb.ru
DNS ASK hb####cnsuiwgtrq.ru
DNS ASK ax####fbraskytvs.ru
DNS ASK wf####paxvulfdtn.ru
DNS ASK hm####wkvayilcwh.ru
DNS ASK xv####estulhtvqz.ru
DNS ASK hj####xsutdctjol.ru
DNS ASK sk####ujlpedxxsl.ru
DNS ASK xk####fpftrtdcrf.ru
DNS ASK qt####bqfohcpwft.ru
DNS ASK vj####ecxaomkytb.ru
DNS ASK tw####wpluclcqcj.ru
DNS ASK lz####vmrbwdcpha.ru
DNS ASK ta####bbztqnyngq.ru
DNS ASK vz####swhqlswkji.ru
'<Private IP address>':1035
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: ''
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK