PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.29623

Aggiunto al database dei virus Dr.Web: 2025-07-17

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\cum lpcu5ai3 [milf] jxqgtp js80j73 .rar.exe
  • %ProgramFiles%\dvd maker\shared\z1qxwcd horse porn [free] ash .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\z9z7rwe wep6b08 big lzxyhb7k .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8ok6yf lpcu5ai3 big zmc8ujp .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\s2fkave ddqayq horse girls lady .rar.exe
  • %ProgramFiles%\microsoft office\templates\ddqayq [free] ash .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\nom72kl ihthd33 .mpg.exe
  • %ProgramFiles%\windows journal\templates\7nd83wovj cum girls titts sweet .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\gay sperm apv53deiq9fw (jenna).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7b6fhxi gay big 6tl9zg0uqa .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\viaz50 lpcu5ai3 gay [free] .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\jxaglwti ddqayq [free] balls .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tsomq34 [free] .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\7nd83wovj apv53deiq9fw zn3tvn .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e nom72kl girls .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt horse 7vepaqjm ae2sd7u4xh (karin,c4w8hqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\w6csjja14n1 horse big .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\horse l9hwcs7vvnphd9 zmc8ujp .rar.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 nude [free] 779mipj (hyo87il).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 ihthd33 feet hairy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\porn uncut .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ikdyfwhy xxx nom72kl girls young .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gay [free] 8bgkvshe1 (dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec 8ok6yf uncut fishy (jade).mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\jxaglwti mnho9y54 yzw1afy girls feet .mpeg.exe
  • C:\users\default\appdata\local\temp\cum 7nd83wovj epyxwn sgoibhh .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\w6csjja14n1 porn nom72kl hotel (sandy).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gzn4ud7e nude [bangbus] legs (jade,dxocjwba).mpg.exe
  • C:\users\default\templates\z9z7rwe porn beast [bangbus] girly (dxocjwba,2hbt8wr).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\s2fkave nude nude ihthd33 50+ (sandy,jade).avi.exe
  • %TEMP%\xakmpl mnho9y54 ihthd33 ash ejn547rbxhd1 (hyo87il,sonja).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\z9z7rwe wep6b08 vjq39c1gwy gh5b6gd7wrv (dxocjwba,sonja).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\s2fkave sperm w6csjja14n1 [milf] lady .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\eq7k2xcxt gay mzwpstr8n uncut .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f07qtt nom72kl sperm 7vepaqjm mg9fvb2xk9 (c4w8hqa,haj1oyikd).zip.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 bq4kno gh5b6gd7wrv .zip.exe
  • %APPDATA%\microsoft\windows\templates\asian wep6b08 uncut (y8oxsqa,karin).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\porn horse [free] legs young .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z9z7rwe 7nd83wovj [free] boobs 6tl9zg0uqa (hyo87il,liz).zip.exe
  • %HOMEPATH%\templates\wep6b08 nom72kl sgu4m7oc jxqgtp 8bgkvshe1 .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\jxaglwti wep6b08 cum girls young .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f1i7cm porn hot (!) cock zn3tvn .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt nude mnho9y54 girls qx2j1b5 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black bd1l5ir apv53deiq9fw titts .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe xxx hot (!) (gina).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\asian horse sperm epyxwn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\wpjwijv mnho9y54 tsomq34 [bangbus] cock (haj1oyikd,2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\0287zh mnho9y54 sgu4m7oc 779mipj .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\bd1l5ir cum 7vepaqjm qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\0287zh 7nd83wovj big titts shoes .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\4h1e2a346 sperm uncut legs shoes .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mzwpstr8n yzw1afy bq4kno .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave horse horse [free] .avi.exe
  • %WINDIR%\assembly\temp\zc8giv9 7nd83wovj l9hwcs7vvnphd9 kfp2yqq .mpeg.exe
  • %WINDIR%\assembly\tmp\z9z7rwe nom72kl gay big kfp2yqq .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black porn girls legs qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 mzwpstr8n [bangbus] jxqgtp (haj1oyikd).zip.exe
  • %WINDIR%\pla\templates\s2fkave ddqayq vjq39c1gwy gsva2xn .rar.exe
  • %WINDIR%\security\templates\cum apv53deiq9fw young .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 mzwpstr8n h93bklf girls (sonja,liz).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt horse mzwpstr8n big ash (sonja,c4w8hqa).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\bd1l5ir mzwpstr8n [milf] 50+ .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\lpcu5ai3 nom72kl big gh5b6gd7wrv .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ xakmpl sgu4m7oc kfp2yqq .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\fac71w2 nude tsomq34 sgu4m7oc feet (sonja,dehod0).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\7b6fhxi xxx xxx [milf] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi yzw1afy xakmpl sgu4m7oc zmc8ujp .avi.exe
  • %WINDIR%\syswow64\fxstmp\0287zh mnho9y54 xakmpl hot (!) hotel .mpg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt cum big balls .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\7nd83wovj cum [free] ash .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\black nude [milf] (rdl1tfkz).mpg.exe
  • %WINDIR%\syswow64\fxstmp\beast cum uncut gsva2xn .zip.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt 7nd83wovj bq4kno fishy .mpg.exe
  • %WINDIR%\temp\cum bq4kno young .mpeg.exe
  • %WINDIR%\winsxs\installtemp\nude mnho9y54 nom72kl .mpeg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\yzw1afy apv53deiq9fw .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\wpjwijv nude mnho9y54 nom72kl .mpg.exe
  • %ProgramFiles%\dvd maker\shared\xakmpl 8ok6yf sgu4m7oc .avi.exe
  • %ProgramFiles%\dvd maker\shared\mzwpstr8n [bangbus] ol6p1tua .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\fac71w2 horse lpcu5ai3 vjq39c1gwy (jade).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\zc8giv9 horse gay bq4kno cock .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\0287zh w6csjja14n1 sgu4m7oc hole ae2sd7u4xh .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8r3baiec bd1l5ir xxx ihthd33 titts lady (sarah).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xxx [bangbus] qq6w54yfhtqrbwcslg (sonja,c4w8hqa).zip.exe
  • %ProgramFiles%\microsoft office\templates\mzwpstr8n vjq39c1gwy titts (rdl1tfkz,cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\sperm girls hotel .mpg.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe 8ok6yf xxx bq4kno young (sandy,cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black 7nd83wovj yzw1afy [bangbus] hole fw58kpr41ob1w .zip.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm h93bklf uncut hole .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec sperm uncut sm .avi.exe
  • %ProgramFiles%\windows journal\templates\ikdyfwhy mzwpstr8n mzwpstr8n epyxwn hole (gina,jade).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx 8ok6yf yzw1afy ihthd33 js80j73 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\s2fkave xakmpl gay bq4kno zmc8ujp .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx porn lpcu5ai3 sgu4m7oc cock eigt45 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\eq7k2xcxt 8ok6yf gay [milf] b37oavmx289 .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\mzwpstr8n [bangbus] .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black horse tsomq34 l9hwcs7vvnphd9 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt wep6b08 yzw1afy 7vepaqjm (liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm ddqayq xxx [free] (liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ [milf] (g6u8n4r).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\viaz50 sperm mnho9y54 7vepaqjm (dehod0,y8oxsqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\nom72kl uncut feet lzxyhb7k (g6u8n4r).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\jxaglwti mnho9y54 h93bklf hot (!) lady (sarah).avi.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 [bangbus] 8pfmdyy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe w6csjja14n1 horse epyxwn glans ol6p1tua (cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ bq4kno cock boots .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xxx nom72kl glans js80j73 (liz).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave w6csjja14n1 yzw1afy apv53deiq9fw .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f07qtt cum tsomq34 uncut boots .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gay uncut zn3tvn .zip.exe
  • C:\users\default\appdata\local\temp\horse [free] titts .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx ddqayq xxx apv53deiq9fw (jade).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec horse uncut wifey (36mho73,y8oxsqa).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast horse [milf] hole (g6u8n4r,rdl1tfkz).mpeg.exe
  • C:\users\default\templates\gay sgu4m7oc titts lady (y8oxsqa).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\wpjwijv cum mnho9y54 uncut zn3tvn (sonja,sonja).zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\nom72kl sgu4m7oc feet b37oavmx289 (dxocjwba).rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\s2fkave h93bklf girls .avi.exe
  • %TEMP%\f07qtt ddqayq xxx [milf] gsva2xn (haj1oyikd,c4w8hqa).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\f07qtt w6csjja14n1 beast nom72kl lzxyhb7k (jenna,c4w8hqa).rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z1qxwcd bd1l5ir tsomq34 [bangbus] titts zmc8ujp (sonja,hyo87il).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\upfgetx nude tsomq34 vjq39c1gwy shoes .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\black nude tsomq34 7vepaqjm fishy .mpeg.exe
  • %APPDATA%\microsoft\templates\mnho9y54 nom72kl gh5b6gd7wrv .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black 8ok6yf sgu4m7oc ol6p1tua .avi.exe
  • %APPDATA%\microsoft\windows\templates\eq7k2xcxt wep6b08 nom72kl 7vepaqjm (karin).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay wep6b08 [milf] 50+ (jenna,liz).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\xxx big cock qq6w54yfhtqrbwcslg .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv h93bklf [bangbus] titts .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\fac71w2 w6csjja14n1 l9hwcs7vvnphd9 cock mg9fvb2xk9 .mpg.exe
  • %HOMEPATH%\templates\f1i7cm w6csjja14n1 nom72kl vjq39c1gwy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx bq4kno hole (36mho73,sarah).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black 8ok6yf horse sgu4m7oc hole wifey .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy nom72kl cock boots .rar.exe
  • %ALLUSERSPROFILE%\templates\bd1l5ir [milf] boobs .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\sperm epyxwn sm .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec cum nom72kl nom72kl .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\w6csjja14n1 vjq39c1gwy lzxyhb7k (2hbt8wr,cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec ddqayq mzwpstr8n vjq39c1gwy shoes .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm mnho9y54 [bangbus] legs .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\beast girls zmc8ujp .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\zc8giv9 yzw1afy vjq39c1gwy (gina).avi.exe
  • %ALLUSERSPROFILE%\templates\nom72kl vjq39c1gwy .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt nom72kl [bangbus] sgoibhh .rar.exe
  • C:\users\default\appdata\local\temp\zc8giv9 wep6b08 xakmpl nom72kl sweet .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\z1qxwcd ddqayq ihthd33 wifey .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt ddqayq yzw1afy hot (!) glans sm (liz).avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\asian mzwpstr8n mnho9y54 epyxwn 6tl9zg0uqa .zip.exe
  • C:\users\default\templates\viaz50 lpcu5ai3 bq4kno ol6p1tua .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\zc8giv9 8ok6yf big glans lzxyhb7k .avi.exe
  • %TEMP%\bd1l5ir bq4kno .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\mnho9y54 [milf] zn3tvn .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\fac71w2 7nd83wovj bq4kno .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\xakmpl 8ok6yf ihthd33 nrb42wq .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\h93bklf beast [bangbus] (karin).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt bd1l5ir epyxwn .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian 7nd83wovj apv53deiq9fw boots .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\xxx hot (!) nmibe2 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\horse girls (liz).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xxx girls qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ [bangbus] .rar.exe
  • %APPDATA%\microsoft\templates\xakmpl horse bq4kno .zip.exe
  • %APPDATA%\microsoft\windows\templates\wpjwijv xakmpl hot (!) .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\black big gsva2xn .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\ddqayq ihthd33 (haj1oyikd).rar.exe
  • %HOMEPATH%\templates\eq7k2xcxt 8ok6yf yzw1afy [free] nmibe2 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\viaz50 tsomq34 [bangbus] lady .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nom72kl uncut latex .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy lpcu5ai3 gay ihthd33 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f1i7cm tsomq34 vjq39c1gwy 40+ .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\cum big .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gzn4ud7e 7nd83wovj nom72kl ihthd33 b37oavmx289 .avi.exe
  • %WINDIR%\assembly\temp\fac71w2 xakmpl mzwpstr8n ihthd33 sm (gina,dxocjwba).mpg.exe
  • %WINDIR%\assembly\tmp\upfgetx 8ok6yf mnho9y54 [free] hole .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\h93bklf nom72kl zn3tvn .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt yzw1afy 7vepaqjm (hyo87il).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm bd1l5ir gay epyxwn eigt45 (hyo87il,cy4xpd).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black xakmpl horse l9hwcs7vvnphd9 (c4w8hqa).mpeg.exe
  • %WINDIR%\pla\templates\tsomq34 l9hwcs7vvnphd9 hole .mpeg.exe
  • %WINDIR%\security\templates\z9z7rwe xakmpl sperm [milf] glans .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black [milf] .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt xakmpl mnho9y54 uncut .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave bd1l5ir nom72kl sgu4m7oc hole ash .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\s2fkave 8ok6yf sgu4m7oc cock .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 hot (!) .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\beast vjq39c1gwy titts .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\s2fkave h93bklf sperm vjq39c1gwy fishy .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe xakmpl mzwpstr8n [bangbus] glans .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e cum gay ihthd33 ol6p1tua .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm 7nd83wovj yzw1afy [bangbus] titts 40+ (dxocjwba).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\cum uncut nmibe2 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8ok6yf 7vepaqjm 8pfmdyy .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\cum ddqayq ihthd33 kfp2yqq 779mipj (dehod0).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z9z7rwe w6csjja14n1 big lzxyhb7k .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse xxx hot (!) lzxyhb7k .zip.exe
  • %WINDIR%\syswow64\fxstmp\horse gay l9hwcs7vvnphd9 (jade).mpg.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl l9hwcs7vvnphd9 feet (36mho73,karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt gay beast uncut latex .rar.exe
  • %WINDIR%\assembly\temp\mnho9y54 bq4kno legs .rar.exe
  • %WINDIR%\assembly\tmp\zc8giv9 sperm [bangbus] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gay [free] young (hyo87il,sarah).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\lpcu5ai3 uncut hole .zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx wep6b08 gay sgu4m7oc (sarah).avi.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec h93bklf mzwpstr8n vjq39c1gwy .avi.exe
  • %WINDIR%\temp\eq7k2xcxt wep6b08 tsomq34 bq4kno gh5b6gd7wrv (haj1oyikd,c4w8hqa).rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black 7nd83wovj tsomq34 uncut boobs hotel .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 nude hot (!) zn3tvn .avi.exe
  • %WINDIR%\security\templates\zc8giv9 lpcu5ai3 uncut qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi wep6b08 sperm ihthd33 girly (y8oxsqa,sarah).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e 7nd83wovj lpcu5ai3 [free] (cy4xpd).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\ddqayq tsomq34 [free] 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy tsomq34 vjq39c1gwy hotel .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ikdyfwhy porn h93bklf apv53deiq9fw zn3tvn .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8ok6yf hot (!) kfp2yqq ash (dxocjwba,sonja).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt mzwpstr8n [milf] hole (gina,36mho73).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0287zh wep6b08 ihthd33 .avi.exe
  • %WINDIR%\syswow64\fxstmp\asian bd1l5ir vjq39c1gwy ash nrb42wq (sandy,dxocjwba).zip.exe
  • %WINDIR%\syswow64\ime\shared\beast 8ok6yf big kfp2yqq (hyo87il).mpg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play