PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.28489

Aggiunto al database dei virus Dr.Web: 2025-07-16

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\horse h93bklf girls sm (jenna,c4w8hqa).zip.exe
  • %ProgramFiles%\dvd maker\shared\7b6fhxi nude hot (!) sm (rdl1tfkz).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\z1qxwcd sperm l9hwcs7vvnphd9 boobs .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave bd1l5ir mzwpstr8n apv53deiq9fw hairy .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\h93bklf [bangbus] hairy .rar.exe
  • %ProgramFiles%\microsoft office\templates\0287zh w6csjja14n1 vjq39c1gwy cock fishy .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\h93bklf 7vepaqjm hole sweet (hyo87il).mpeg.exe
  • %ProgramFiles%\windows journal\templates\ddqayq h93bklf 7vepaqjm jxqgtp 50+ (haj1oyikd,sonja).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\bd1l5ir tsomq34 ihthd33 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm hot (!) legs 8pfmdyy .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\porn cum sgu4m7oc jxqgtp nrb42wq (y8oxsqa,jenna).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\jxaglwti mzwpstr8n 8ok6yf apv53deiq9fw fw58kpr41ob1w .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mnho9y54 nude ihthd33 hole .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\xxx lpcu5ai3 ihthd33 feet 6tl9zg0uqa .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8ok6yf 8ok6yf uncut cock gsva2xn (gina).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xakmpl cum apv53deiq9fw (sonja,jenna).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wep6b08 epyxwn glans young .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xakmpl [bangbus] (g6u8n4r).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx horse cum bq4kno .zip.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 horse girls (karin,hyo87il).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black tsomq34 l9hwcs7vvnphd9 sweet .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\mzwpstr8n vjq39c1gwy jxqgtp rv0y8n (karin).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0287zh xakmpl nom72kl bq4kno (36mho73,haj1oyikd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt wep6b08 ihthd33 lzxyhb7k .rar.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 7nd83wovj cum [bangbus] hole shoes (rdl1tfkz,liz).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\nude h93bklf hot (!) sweet .zip.exe
  • C:\users\default\appdata\local\temp\7nd83wovj h93bklf apv53deiq9fw .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\black h93bklf h93bklf uncut ol6p1tua (karin,gina).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gzn4ud7e 7nd83wovj [free] .avi.exe
  • C:\users\default\templates\f1i7cm xxx tsomq34 uncut girly .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\s2fkave mnho9y54 nom72kl gh5b6gd7wrv (y8oxsqa).avi.exe
  • %TEMP%\asian lpcu5ai3 lpcu5ai3 7vepaqjm eigt45 (jade,rdl1tfkz).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\nom72kl cum ihthd33 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\black yzw1afy girls ejn547rbxhd1 (sonja,gina).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\z1qxwcd tsomq34 sperm 7vepaqjm (liz,haj1oyikd).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\nom72kl hot (!) (2hbt8wr).rar.exe
  • %APPDATA%\microsoft\templates\wpjwijv wep6b08 ihthd33 legs (gina,y8oxsqa).zip.exe
  • %APPDATA%\microsoft\windows\templates\fac71w2 sperm l9hwcs7vvnphd9 hairy (sarah,sonja).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\0287zh gay bd1l5ir nom72kl .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\mzwpstr8n mnho9y54 nom72kl gh5b6gd7wrv .mpg.exe
  • %HOMEPATH%\templates\s2fkave lpcu5ai3 h93bklf apv53deiq9fw young (c4w8hqa,jenna).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt yzw1afy 7vepaqjm 40+ .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\beast uncut balls (dxocjwba).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z9z7rwe nom72kl uncut .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\xxx l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\black nude cum 7vepaqjm .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\wep6b08 big feet gh5b6gd7wrv (c4w8hqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gay uncut feet rv0y8n .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8ok6yf [free] boobs nrb42wq .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\nom72kl cum apv53deiq9fw cock (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\viaz50 mzwpstr8n uncut .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\8ok6yf sgu4m7oc gsva2xn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z9z7rwe bd1l5ir tsomq34 [milf] 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\tsomq34 7nd83wovj [milf] boots (sandy).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\upfgetx beast girls jxqgtp fw58kpr41ob1w .avi.exe
  • %WINDIR%\assembly\temp\horse xakmpl hot (!) glans sgoibhh .mpg.exe
  • %WINDIR%\assembly\tmp\asian nude 7vepaqjm .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ddqayq 7vepaqjm latex .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\eq7k2xcxt xxx nude ihthd33 .mpg.exe
  • %WINDIR%\pla\templates\porn wep6b08 hot (!) ae2sd7u4xh .zip.exe
  • %WINDIR%\security\templates\asian porn sgu4m7oc .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm w6csjja14n1 bq4kno .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\fac71w2 nude uncut js80j73 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe tsomq34 vjq39c1gwy girly .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gay wep6b08 vjq39c1gwy glans wifey .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\yzw1afy gay [milf] legs lady (dehod0).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\fac71w2 yzw1afy [free] feet 40+ (dehod0,karin).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\xakmpl ddqayq apv53deiq9fw 50+ (sarah).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave lpcu5ai3 uncut legs .avi.exe
  • %WINDIR%\syswow64\fxstmp\porn lpcu5ai3 [free] hole .mpg.exe
  • %WINDIR%\syswow64\ime\shared\ddqayq xakmpl [free] zmc8ujp .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\jxaglwti girls nmibe2 (c4w8hqa).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 mzwpstr8n sgu4m7oc legs .rar.exe
  • %WINDIR%\syswow64\fxstmp\bd1l5ir horse bq4kno jxqgtp nrb42wq .rar.exe
  • %WINDIR%\syswow64\ime\shared\cum mnho9y54 apv53deiq9fw qx2j1b5 .avi.exe
  • %WINDIR%\temp\f07qtt wep6b08 sperm sgu4m7oc 50+ (jenna,sonja).mpeg.exe
  • %WINDIR%\winsxs\installtemp\jxaglwti [milf] (sarah).rar.exe
  • <Current directory>\sqjaed7r1vnw
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play