<Drive name for removable media>:\RECYCLER\NOD32-RAMGuard.v.2009.exe
Malicious functions:
Creates and executes the following:
<SYSTEM32>\nod32krn.exe
%TEMP%\csrss.exe
Executes the following:
<SYSTEM32>\taskkill.exe /IM sslmgr.exe /F
<SYSTEM32>\regsvr32.exe <SYSTEM32>\mfncom.dll /s
<SYSTEM32>\taskkill.exe /IM msconfig.exe /F
Modifies file system :
Creates the following files:
%TEMP%\38660.3951454163.tmp
<SYSTEM32>\nod32krn.exe
C:\autorun.inf
C:\RECYCLER\NOD32-RAMGuard.v.2009.exe
%TEMP%\76399.7375965118.tmp
%TEMP%\36637.0797157288.tmp
%TEMP%\csrss.exe
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
<SYSTEM32>\nod32krn.exe
C:\autorun.inf
C:\RECYCLER\NOD32-RAMGuard.v.2009.exe
<Drive name for removable media>:\RECYCLER\NOD32-RAMGuard.v.2009.exe
Deletes the following files:
%TEMP%\~DFA54D.tmp
%TEMP%\~DFBBDD.tmp
%TEMP%\~DF53D7.tmp
%TEMP%\~DF8512.tmp
%TEMP%\~DFEA16.tmp
%TEMP%\~DF483C.tmp
%TEMP%\~DF58BB.tmp
%TEMP%\~DFF9AA.tmp
%TEMP%\~DF21F0.tmp
%TEMP%\~DF81AC.tmp
%TEMP%\~DFAFD2.tmp
%TEMP%\~DF4872.tmp
%TEMP%\~DF6B27.tmp
%TEMP%\~DFBD6D.tmp
%TEMP%\~DF1F09.tmp
%TEMP%\~DF4E9B.tmp
%TEMP%\~DFE7C4.tmp
%TEMP%\~DF671.tmp
%TEMP%\~DF8614.tmp
%TEMP%\~DFF06A.tmp
%TEMP%\~DF1289.tmp
%TEMP%\~DFB8FE.tmp
%TEMP%\~DFCC43.tmp
%TEMP%\~DF27C2.tmp
%TEMP%\~DFAEF3.tmp
%TEMP%\~DFCB7E.tmp
%TEMP%\~DF550C.tmp
%TEMP%\~DF62C1.tmp
%TEMP%\~DFE76A.tmp
%TEMP%\~DFF5DA.tmp
%TEMP%\~DF9F11.tmp
%TEMP%\~DFBEB5.tmp
%TEMP%\~DF2141.tmp
%TEMP%\~DF7D42.tmp
%TEMP%\~DF8F3D.tmp
%TEMP%\~DF37A3.tmp
%TEMP%\~DF589C.tmp
%TEMP%\~DFE190.tmp
%TEMP%\~DF1008.tmp
%TEMP%\~DFBD3D.tmp
%TEMP%\~DFD38A.tmp
%TEMP%\~DF28C9.tmp
%TEMP%\~DF7EB0.tmp
%TEMP%\~DFACDA.tmp
%TEMP%\~DF47BF.tmp
%TEMP%\~DF6F83.tmp
%TEMP%\~DFC637.tmp
%TEMP%\~DF3F6D.tmp
%TEMP%\csrss.exe
%TEMP%\~DF183F.tmp
%TEMP%\~DF5E6D.tmp
%TEMP%\~DF8FAB.tmp
%TEMP%\~DF9DE9.tmp
<SYSTEM32>\nod32krn.exe
%TEMP%\~DF786E.tmp
%TEMP%\~DFC635.tmp
%TEMP%\~DF4BBC.tmp
%TEMP%\~DF547E.tmp
%TEMP%\~DF60B.tmp
%TEMP%\~DF1D6B.tmp
%TEMP%\~DF824C.tmp
%TEMP%\~DFE98E.tmp
%TEMP%\~DFFD25.tmp
%TEMP%\~DFA39A.tmp
%TEMP%\~DFBBDE.tmp
%TEMP%\~DF1E44.tmp
%TEMP%\~DF4B96.tmp
%TEMP%\~DFE505.tmp
%TEMP%\~DF1084.tmp
%TEMP%\~DF6840.tmp
%TEMP%\~DFB97A.tmp
%TEMP%\~DFE5EB.tmp
%TEMP%\~DF821A.tmp
%TEMP%\~DFAEF6.tmp
Network activity:
Connects to:
'www.pa###ools.com':80
TCP:
HTTP POST requests:
www.pa###ools.com/sendform/default.asp
UDP:
DNS ASK www.pa###ools.com
Miscellaneous:
Searches for the following windows:
ClassName: '' WindowName: ''
ClassName: 'Shell_traywnd' WindowName: ''
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni