PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.30147

Aggiunto al database dei virus Dr.Web: 2025-07-17

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\lpcu5ai3 uncut .avi.exe
  • %ProgramFiles%\dvd maker\shared\ikdyfwhy yzw1afy sperm vjq39c1gwy wifey .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\yzw1afy beast epyxwn glans fishy .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\fac71w2 sperm h93bklf [bangbus] js80j73 (sonja).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\s2fkave gay w6csjja14n1 uncut (jenna,sarah).zip.exe
  • %ProgramFiles%\microsoft office\templates\sperm girls (karin).zip.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm gay vjq39c1gwy 8pfmdyy (sarah,liz).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm h93bklf gay bq4kno .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 xxx wep6b08 ihthd33 glans qx2j1b5 .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\horse wep6b08 apv53deiq9fw ash (gina).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\4h1e2a346 beast mnho9y54 uncut titts (36mho73).avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 ddqayq [milf] zn3tvn .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\viaz50 porn wep6b08 ihthd33 ejn547rbxhd1 .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z9z7rwe h93bklf gay uncut .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\porn horse vjq39c1gwy b37oavmx289 (sandy).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\h93bklf [milf] legs eigt45 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xxx cum vjq39c1gwy js80j73 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\viaz50 7nd83wovj 8ok6yf girls hole 779mipj (c4w8hqa).mpeg.exe
  • %ALLUSERSPROFILE%\templates\upfgetx nom72kl xakmpl [bangbus] 779mipj (hyo87il).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8ok6yf hot (!) .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe ddqayq w6csjja14n1 vjq39c1gwy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0287zh bd1l5ir girls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\tsomq34 gay uncut ae2sd7u4xh (liz).mpg.exe
  • %ALLUSERSPROFILE%\templates\gzn4ud7e bd1l5ir yzw1afy [milf] jxqgtp nmibe2 .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd 8ok6yf uncut sm .mpg.exe
  • C:\users\default\appdata\local\temp\upfgetx bq4kno 8pfmdyy (jade,g6u8n4r).zip.exe
  • C:\users\default\appdata\local\<INETFILES>\f07qtt gay [bangbus] (2hbt8wr,36mho73).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\horse epyxwn sweet .zip.exe
  • C:\users\default\templates\4h1e2a346 ddqayq big glans .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\8r3baiec yzw1afy epyxwn kfp2yqq .avi.exe
  • %TEMP%\ddqayq nom72kl ihthd33 sweet (36mho73).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\wep6b08 mzwpstr8n epyxwn cock ash .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\8r3baiec w6csjja14n1 sgu4m7oc .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\xxx epyxwn (rdl1tfkz,2hbt8wr).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\wep6b08 h93bklf epyxwn jxqgtp boots .mpeg.exe
  • %APPDATA%\microsoft\templates\fac71w2 sperm [milf] glans zn3tvn .mpg.exe
  • %APPDATA%\microsoft\windows\templates\h93bklf wep6b08 [free] sweet .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\jxaglwti cum 7nd83wovj big titts (haj1oyikd,c4w8hqa).mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\jxaglwti wep6b08 8ok6yf big ol6p1tua .mpeg.exe
  • %HOMEPATH%\templates\7b6fhxi horse xakmpl l9hwcs7vvnphd9 (rdl1tfkz,cy4xpd).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gzn4ud7e beast girls .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ikdyfwhy 8ok6yf bq4kno nrb42wq (karin,y8oxsqa).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\sperm lpcu5ai3 [free] cock 40+ (sonja,jenna).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt mzwpstr8n 7vepaqjm 8bgkvshe1 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm ddqayq ihthd33 (hyo87il).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec horse sperm nom72kl nmibe2 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\s2fkave beast [milf] fishy .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm nom72kl lpcu5ai3 [bangbus] ol6p1tua (gina,dxocjwba).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\zc8giv9 lpcu5ai3 porn [milf] ol6p1tua .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z1qxwcd porn girls .zip.exe
  • %WINDIR%\assembly\temp\horse sgu4m7oc sm .rar.exe
  • %WINDIR%\assembly\tmp\z1qxwcd wep6b08 mzwpstr8n l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\jxaglwti porn 7nd83wovj uncut .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\4h1e2a346 nude lpcu5ai3 girls b37oavmx289 (sonja).rar.exe
  • %WINDIR%\pla\templates\xxx bq4kno lzxyhb7k .zip.exe
  • %WINDIR%\security\templates\upfgetx xakmpl gay ihthd33 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt nude uncut glans shoes .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\4h1e2a346 mzwpstr8n l9hwcs7vvnphd9 ol6p1tua .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\cum gay ihthd33 sweet .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\jxaglwti porn vjq39c1gwy wifey .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\zc8giv9 ddqayq beast sgu4m7oc (jade,g6u8n4r).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe sperm bq4kno lzxyhb7k .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\gay hot (!) .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yzw1afy big ol6p1tua .zip.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 girls .mpg.exe
  • %WINDIR%\syswow64\ime\shared\horse sgu4m7oc jxqgtp hotel .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\asian mnho9y54 [free] ash .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm gay bq4kno gsva2xn (cy4xpd).zip.exe
  • %WINDIR%\syswow64\fxstmp\w6csjja14n1 sgu4m7oc gsva2xn (dxocjwba).avi.exe
  • %WINDIR%\syswow64\ime\shared\asian gay vjq39c1gwy jxqgtp js80j73 (hyo87il,hyo87il).rar.exe
  • %WINDIR%\temp\zc8giv9 xakmpl yzw1afy vjq39c1gwy gsva2xn .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play