PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.25389

Aggiunto al database dei virus Dr.Web: 2025-07-10

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\tsomq34 sperm nom72kl lady .mpg.exe
  • %ProgramFiles%\dvd maker\shared\0287zh nom72kl gay sgu4m7oc wifey .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\ikdyfwhy porn epyxwn boobs .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black mzwpstr8n horse big lady (cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\h93bklf [free] hole 6tl9zg0uqa .rar.exe
  • %ProgramFiles%\microsoft office\templates\ddqayq [milf] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\tsomq34 [free] (dxocjwba,sarah).rar.exe
  • %ProgramFiles%\windows journal\templates\7b6fhxi horse bd1l5ir girls lzxyhb7k .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\w6csjja14n1 [free] feet .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 xakmpl sperm l9hwcs7vvnphd9 kfp2yqq .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\8r3baiec porn vjq39c1gwy cock (jade,sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\z9z7rwe tsomq34 l9hwcs7vvnphd9 feet 50+ .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\eq7k2xcxt yzw1afy horse [milf] kfp2yqq sm .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti porn bq4kno young .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\jxaglwti nude horse sgu4m7oc ash .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\porn mnho9y54 apv53deiq9fw latex .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black h93bklf bd1l5ir uncut .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian porn sperm vjq39c1gwy hotel .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec beast tsomq34 7vepaqjm glans 50+ (sandy,sandy).mpg.exe
  • %ALLUSERSPROFILE%\templates\zc8giv9 ddqayq beast [milf] feet nmibe2 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave porn horse hot (!) nrb42wq (karin,karin).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt beast uncut (hyo87il).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7b6fhxi bd1l5ir 7vepaqjm zn3tvn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt lpcu5ai3 vjq39c1gwy glans qx2j1b5 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\nude 7nd83wovj ihthd33 .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 horse 8ok6yf nom72kl .zip.exe
  • C:\users\default\appdata\local\temp\0287zh w6csjja14n1 sgu4m7oc .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\nude h93bklf girls ash .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\eq7k2xcxt xakmpl epyxwn boots (sandy,jade).avi.exe
  • C:\users\default\templates\nom72kl yzw1afy ihthd33 .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\wpjwijv beast vjq39c1gwy titts 8pfmdyy (gina).mpg.exe
  • %TEMP%\gzn4ud7e lpcu5ai3 [milf] .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\s2fkave 8ok6yf horse 7vepaqjm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\zc8giv9 xxx xxx hot (!) (sarah,hyo87il).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian 7nd83wovj ihthd33 qq6w54yfhtqrbwcslg (cy4xpd).mpeg.exe
  • %APPDATA%\microsoft\templates\8r3baiec cum cum [milf] titts ol6p1tua (sandy,jenna).mpg.exe
  • %APPDATA%\microsoft\windows\templates\viaz50 xakmpl apv53deiq9fw js80j73 (dxocjwba).zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\f1i7cm nude uncut b37oavmx289 .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\porn 7vepaqjm titts .mpg.exe
  • %HOMEPATH%\templates\fac71w2 gay gay l9hwcs7vvnphd9 6tl9zg0uqa .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\zc8giv9 horse epyxwn .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe ddqayq big young .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\h93bklf uncut .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black tsomq34 beast uncut titts js80j73 (haj1oyikd).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8ok6yf horse nom72kl gsva2xn (dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\wpjwijv cum 8ok6yf hot (!) kfp2yqq balls .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt wep6b08 cum big sweet .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\cum [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast l9hwcs7vvnphd9 titts qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\7b6fhxi nom72kl xakmpl uncut zmc8ujp .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gay ihthd33 nmibe2 (cy4xpd,sonja).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\fac71w2 8ok6yf cum [bangbus] young .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black xxx sgu4m7oc .zip.exe
  • %WINDIR%\assembly\temp\ddqayq h93bklf [bangbus] girly (sonja).mpg.exe
  • %WINDIR%\assembly\tmp\ gay 7vepaqjm lady .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\jxaglwti cum w6csjja14n1 uncut .mpeg.exe
  • %WINDIR%\pla\templates\viaz50 xakmpl beast girls .zip.exe
  • %WINDIR%\security\templates\beast bd1l5ir big cock .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8ok6yf uncut titts latex .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\nude sgu4m7oc (dxocjwba).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\bd1l5ir xxx l9hwcs7vvnphd9 (jenna,dehod0).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\sperm h93bklf hot (!) kfp2yqq sweet .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\viaz50 xxx bq4kno boots (dxocjwba,sonja).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wep6b08 tsomq34 sgu4m7oc young .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 7vepaqjm titts .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy 8ok6yf 7nd83wovj ihthd33 779mipj .avi.exe
  • %WINDIR%\syswow64\ime\shared\bd1l5ir [milf] young (liz).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\bd1l5ir gay bq4kno .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 7nd83wovj ihthd33 js80j73 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt horse vjq39c1gwy nmibe2 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\sperm tsomq34 uncut (dehod0,sonja).mpg.exe
  • %WINDIR%\temp\xakmpl hot (!) glans .avi.exe
  • %WINDIR%\winsxs\installtemp\mzwpstr8n xxx girls .zip.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\8ok6yf gay [bangbus] feet nmibe2 (karin,karin).mpg.exe
  • %CommonProgramFiles%\microsoft shared\porn uncut sweet .mpg.exe
  • %ProgramFiles%\dvd maker\shared\8r3baiec bd1l5ir l9hwcs7vvnphd9 qx2j1b5 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\horse lpcu5ai3 [free] .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\0287zh bd1l5ir uncut lzxyhb7k .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\7b6fhxi horse wep6b08 [bangbus] .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 xxx 7nd83wovj nom72kl ash qx2j1b5 .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt horse uncut feet .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gzn4ud7e nude nom72kl girls cock shoes .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt beast l9hwcs7vvnphd9 (y8oxsqa,hyo87il).rar.exe
  • %ProgramFiles%\microsoft office\templates\horse [free] kfp2yqq sweet .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e gay girls gh5b6gd7wrv (g6u8n4r).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm mnho9y54 tsomq34 big glans .mpeg.exe
  • %ProgramFiles%\windows journal\templates\black l9hwcs7vvnphd9 jxqgtp .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\0287zh bd1l5ir bq4kno legs rv0y8n .avi.exe
  • %ProgramFiles%\windows journal\templates\gay girls b37oavmx289 .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black nom72kl horse [bangbus] 40+ (haj1oyikd,sonja).mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\asian w6csjja14n1 mzwpstr8n [bangbus] glans ash .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\cum w6csjja14n1 epyxwn cock gsva2xn .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z1qxwcd lpcu5ai3 sgu4m7oc sweet .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\wep6b08 nom72kl nom72kl ash mg9fvb2xk9 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\xakmpl sperm ihthd33 hairy .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx xxx apv53deiq9fw 6tl9zg0uqa .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\horse nom72kl uncut .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mzwpstr8n h93bklf 7vepaqjm sm (karin).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gay w6csjja14n1 l9hwcs7vvnphd9 legs sm .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\lpcu5ai3 w6csjja14n1 big .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\s2fkave sperm apv53deiq9fw .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\h93bklf l9hwcs7vvnphd9 rv0y8n (gina).avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f1i7cm mzwpstr8n lpcu5ai3 ihthd33 (jade,dxocjwba).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 horse big qx2j1b5 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse mnho9y54 big jxqgtp (rdl1tfkz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 horse tsomq34 [bangbus] wifey (sarah,sandy).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt mzwpstr8n beast girls legs 40+ .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8ok6yf uncut glans sm .mpeg.exe
  • %ALLUSERSPROFILE%\templates\4h1e2a346 mzwpstr8n l9hwcs7vvnphd9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\0287zh sperm l9hwcs7vvnphd9 ash .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv horse [bangbus] balls (gina,gina).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe horse mnho9y54 vjq39c1gwy hole .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx cum uncut hotel .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 horse xxx girls jxqgtp young (sonja).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\jxaglwti 7nd83wovj nom72kl legs latex .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe lpcu5ai3 ddqayq big .zip.exe
  • %ALLUSERSPROFILE%\templates\z1qxwcd w6csjja14n1 7vepaqjm .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd xakmpl big boobs .zip.exe
  • C:\users\default\appdata\local\temp\f1i7cm w6csjja14n1 big (sarah).mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\zc8giv9 nude ihthd33 (sonja,sandy).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\h93bklf girls lzxyhb7k .zip.exe
  • %ALLUSERSPROFILE%\templates\upfgetx gay hot (!) 779mipj .zip.exe
  • C:\users\default\templates\asian bd1l5ir beast bq4kno boots .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\zc8giv9 uncut legs ol6p1tua .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx xxx bd1l5ir [bangbus] wifey (dxocjwba,dxocjwba).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx yzw1afy horse [free] legs .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt 8ok6yf ihthd33 rv0y8n .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e tsomq34 [bangbus] feet fishy .mpeg.exe
  • %ALLUSERSPROFILE%\templates\4h1e2a346 h93bklf nude [free] (dehod0,haj1oyikd).mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\0287zh horse epyxwn .avi.exe
  • %TEMP%\fac71w2 tsomq34 sperm vjq39c1gwy glans wifey (gina).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\7nd83wovj uncut titts .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\fac71w2 porn 7vepaqjm sweet .mpeg.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e lpcu5ai3 apv53deiq9fw fw58kpr41ob1w (liz).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\8r3baiec big kfp2yqq .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\black bq4kno (cy4xpd,c4w8hqa).mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\tsomq34 ddqayq girls boobs boots .zip.exe
  • C:\users\default\templates\f07qtt mnho9y54 lpcu5ai3 girls .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\jxaglwti h93bklf uncut young .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\asian horse porn ihthd33 hole wifey (sonja).zip.exe
  • %APPDATA%\microsoft\templates\fac71w2 horse hot (!) (jade,y8oxsqa).mpeg.exe
  • %TEMP%\zc8giv9 beast vjq39c1gwy kfp2yqq ejn547rbxhd1 .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\porn uncut b37oavmx289 (haj1oyikd).avi.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx nom72kl tsomq34 hot (!) mg9fvb2xk9 (36mho73).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\beast epyxwn legs b37oavmx289 .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f1i7cm porn big ash .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\gay 7vepaqjm .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\mzwpstr8n big kfp2yqq b37oavmx289 (2hbt8wr).rar.exe
  • %APPDATA%\microsoft\templates\xakmpl hot (!) boots .zip.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx beast horse vjq39c1gwy boobs mg9fvb2xk9 (karin,sonja).mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\zc8giv9 gay l9hwcs7vvnphd9 legs .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\nom72kl beast l9hwcs7vvnphd9 boobs 8pfmdyy .zip.exe
  • %HOMEPATH%\templates\s2fkave xakmpl uncut .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\porn xakmpl [bangbus] legs nrb42wq .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\s2fkave mzwpstr8n gay girls .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e girls latex .mpg.exe
  • %HOMEPATH%\templates\black wep6b08 apv53deiq9fw .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ddqayq wep6b08 bq4kno .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl [free] .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z1qxwcd 7nd83wovj bq4kno .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\7b6fhxi wep6b08 mzwpstr8n epyxwn .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 w6csjja14n1 uncut sweet .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z1qxwcd lpcu5ai3 nude [free] girly .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\bd1l5ir nom72kl .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe mnho9y54 8ok6yf 7vepaqjm ash .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\4h1e2a346 lpcu5ai3 uncut .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt sperm mnho9y54 uncut nmibe2 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xakmpl cum apv53deiq9fw (jade,haj1oyikd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx h93bklf porn 7vepaqjm latex .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe lpcu5ai3 horse hot (!) ae2sd7u4xh .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\viaz50 w6csjja14n1 uncut girly .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mzwpstr8n bd1l5ir [milf] boobs .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\asian tsomq34 h93bklf ihthd33 (liz,sonja).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse nude girls boobs .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt h93bklf 7vepaqjm titts shoes .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\jxaglwti wep6b08 xakmpl uncut shoes (sonja,dehod0).mpg.exe
  • %WINDIR%\assembly\temp\asian wep6b08 gay sgu4m7oc .zip.exe
  • %WINDIR%\assembly\tmp\z1qxwcd 7nd83wovj uncut eigt45 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast hot (!) (rdl1tfkz).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\f1i7cm mzwpstr8n sgu4m7oc cock .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\4h1e2a346 yzw1afy epyxwn nmibe2 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh 8ok6yf [milf] titts b37oavmx289 .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\upfgetx mzwpstr8n beast uncut hole .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm girls wifey (g6u8n4r).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7b6fhxi horse [free] (liz,dehod0).avi.exe
  • %WINDIR%\pla\templates\7b6fhxi 8ok6yf bd1l5ir [milf] titts young .zip.exe
  • %WINDIR%\security\templates\ 7nd83wovj ihthd33 (sarah,dehod0).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n horse [milf] (haj1oyikd,hyo87il).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e xxx girls .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe beast yzw1afy nom72kl .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z1qxwcd 8ok6yf vjq39c1gwy qx2j1b5 (sonja).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 h93bklf yzw1afy vjq39c1gwy (karin,36mho73).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\8ok6yf mzwpstr8n apv53deiq9fw cock .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\xxx 8ok6yf uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\7nd83wovj uncut titts ae2sd7u4xh (jenna,36mho73).zip.exe
  • %WINDIR%\assembly\temp\z9z7rwe lpcu5ai3 uncut nmibe2 (36mho73).rar.exe
  • %WINDIR%\assembly\tmp\4h1e2a346 8ok6yf nude bq4kno .rar.exe
  • %WINDIR%\syswow64\fxstmp\xakmpl horse uncut boobs ash .mpg.exe
  • %WINDIR%\syswow64\ime\shared\viaz50 h93bklf ddqayq uncut qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\wep6b08 bq4kno lady .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 nude epyxwn .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt ddqayq bd1l5ir big boots (jenna,dehod0).avi.exe
  • %WINDIR%\syswow64\ime\shared\z1qxwcd tsomq34 ihthd33 kfp2yqq .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt xxx 7vepaqjm .avi.exe
  • %WINDIR%\temp\horse [milf] gh5b6gd7wrv .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z1qxwcd bd1l5ir tsomq34 big lady .mpeg.exe
  • %WINDIR%\pla\templates\eq7k2xcxt xxx girls ejn547rbxhd1 .rar.exe
  • %WINDIR%\security\templates\wpjwijv tsomq34 7vepaqjm .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\porn ddqayq uncut jxqgtp 6tl9zg0uqa .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 mzwpstr8n hot (!) girly .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\nom72kl mzwpstr8n uncut (hyo87il).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave ddqayq girls feet zn3tvn (karin,rdl1tfkz).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\s2fkave nude [bangbus] hairy (dehod0,sandy).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z1qxwcd nom72kl xxx apv53deiq9fw sgoibhh .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\bd1l5ir girls hairy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 nom72kl jxqgtp js80j73 (haj1oyikd).rar.exe
  • %WINDIR%\syswow64\fxstmp\z9z7rwe cum big js80j73 .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\black h93bklf bd1l5ir hot (!) jxqgtp fishy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse uncut 40+ .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx cum vjq39c1gwy lady .zip.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e w6csjja14n1 hot (!) ash lady .rar.exe
  • %WINDIR%\temp\4h1e2a346 cum uncut gsva2xn (liz).mpeg.exe
  • %WINDIR%\winsxs\installtemp\nom72kl big .mpg.exe
  • %WINDIR%\winsxs\installtemp\black nom72kl [free] .mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play