Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLP.Dermedo.8
Aggiunto al database dei virus Dr.Web:
2016-07-11
La descrizione è stata aggiunta:
2019-07-22
Technical Information
To ensure autorun and distribution
Infects the following executable files
C:\far2\far.exe
%ProgramFiles%\aoltbserver\aoltbserver.exe
%ProgramFiles%\armor2net\armor2net.exe
%ProgramFiles%\armorsurf\armorsurf.exe
%ProgramFiles%\ash\ash.exe
%ProgramFiles%\ashavast\ashavast.exe
%ProgramFiles%\ashavsrv\ashavsrv.exe
%ProgramFiles%\ashchest\ashchest.exe
%ProgramFiles%\ashdisp\ashdisp.exe
%ProgramFiles%\ashdug\ashdug.exe
%ProgramFiles%\ashenhcd\ashenhcd.exe
%ProgramFiles%\a2wizard\a2wizard.exe
%ProgramFiles%\ashlogv\ashlogv.exe
%ProgramFiles%\ashpopwz\ashpopwz.exe
%ProgramFiles%\ashquick\ashquick.exe
%ProgramFiles%\ashserv\ashserv.exe
%ProgramFiles%\ashsimp2\ashsimp2.exe
%ProgramFiles%\ashsimpl\ashsimpl.exe
%ProgramFiles%\ashskpcc\ashskpcc.exe
%ProgramFiles%\ashskpck\ashskpck.exe
%ProgramFiles%\ashupd\ashupd.exe
%ProgramFiles%\ashwebsv\ashwebsv.exe
%ProgramFiles%\ash_updatemediator\ash_updatemediator.exe
%ProgramFiles%\anti-trojan\anti-trojan.exe
%ProgramFiles%\antivirus\antivirus.exe
%ProgramFiles%\amsn\amsn.exe
%ProgramFiles%\amon\amon.exe
%ProgramFiles%\alsvc\alsvc.exe
C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\setup.exe
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dw20.exe
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwtrig20.exe
%ProgramFiles%\360tray\360tray.exe
%ProgramFiles%\a2cmd\a2cmd.exe
%ProgramFiles%\a2guard\a2guard.exe
%ProgramFiles%\a2hijackfree\a2hijackfree.exe
%ProgramFiles%\a2scan\a2scan.exe
%ProgramFiles%\a2service\a2service.exe
%ProgramFiles%\a2start\a2start.exe
%ProgramFiles%\aswregsvr\aswregsvr.exe
%ProgramFiles%\ashmaisv\ashmaisv.exe
%ProgramFiles%\a2upd\a2upd.exe
%ProgramFiles%\about\about.exe
%ProgramFiles%\ackwin32\ackwin32.exe
%ProgramFiles%\admunch\admunch.exe
%ProgramFiles%\agb5\agb5.exe
%ProgramFiles%\ageofconan\ageofconan.exe
%ProgramFiles%\ahnsd\ahnsd.exe
%ProgramFiles%\aim6\aim6.exe
%ProgramFiles%\aimpro\aimpro.exe
%ProgramFiles%\airdefense\airdefense.exe
%ProgramFiles%\almon\almon.exe
C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\ose.exe
%ProgramFiles%\aavshield\aavshield.exe
%ProgramFiles%\aswupdsv\aswupdsv.exe
Modifies file system
Creates the following files
%TEMP%\wkw4d2.tmp
%WINDIR%\syswow64\ncalc.exe
%WINDIR%\detroit.zip
%WINDIR%\syswow64\lzsys.sys
%WINDIR%\syswow64\lesys.sys
Miscellaneous
Searches for the following windows
ClassName: '' WindowName: 'Windows Task Manager'
Creates and executes the following
Executes the following
'<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK