PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.28343

Aggiunto al database dei virus Dr.Web: 2025-07-16

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\mnho9y54 bq4kno glans .rar.exe
  • %ProgramFiles%\dvd maker\shared\nom72kl [bangbus] mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mnho9y54 uncut gsva2xn .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\yzw1afy sgu4m7oc feet 8pfmdyy (sarah).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\lpcu5ai3 bq4kno hole .rar.exe
  • %ProgramFiles%\microsoft office\templates\lpcu5ai3 apv53deiq9fw titts .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\sperm 7vepaqjm 8bgkvshe1 .avi.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy uncut (dxocjwba).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\horse l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\nom72kl hot (!) cock 8bgkvshe1 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gay 7vepaqjm titts qq6w54yfhtqrbwcslg .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl [free] ejn547rbxhd1 .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\nom72kl apv53deiq9fw lady .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\tsomq34 [milf] .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z9z7rwe bd1l5ir xxx nom72kl glans hotel (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 xxx [free] glans sgoibhh .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 ihthd33 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt porn lpcu5ai3 sgu4m7oc balls .mpg.exe
  • %ALLUSERSPROFILE%\templates\gzn4ud7e bd1l5ir yzw1afy hot (!) 40+ .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt bd1l5ir tsomq34 apv53deiq9fw hole js80j73 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm nude tsomq34 uncut sweet .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 horse xxx ihthd33 hole shoes .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\yzw1afy big lzxyhb7k (jenna,c4w8hqa).rar.exe
  • %ALLUSERSPROFILE%\templates\nom72kl epyxwn 8pfmdyy (rdl1tfkz,cy4xpd).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gay bq4kno feet .zip.exe
  • C:\users\default\appdata\local\temp\8r3baiec 8ok6yf lpcu5ai3 7vepaqjm balls .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\f1i7cm wep6b08 mnho9y54 apv53deiq9fw .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nom72kl sgu4m7oc titts eigt45 (2hbt8wr).zip.exe
  • C:\users\default\templates\s2fkave h93bklf xxx uncut hole .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\yzw1afy l9hwcs7vvnphd9 hole .mpg.exe
  • %TEMP%\mnho9y54 bq4kno .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\black bd1l5ir yzw1afy ihthd33 .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\eq7k2xcxt nude yzw1afy girls .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\f07qtt h93bklf yzw1afy uncut glans 50+ (y8oxsqa).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\eq7k2xcxt xakmpl tsomq34 7vepaqjm .mpg.exe
  • %APPDATA%\microsoft\templates\upfgetx horse mnho9y54 epyxwn rv0y8n (rdl1tfkz,y8oxsqa).zip.exe
  • %APPDATA%\microsoft\windows\templates\mnho9y54 bq4kno hole .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\sperm big eigt45 (dehod0,dxocjwba).mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z9z7rwe nude sperm [free] girly .mpeg.exe
  • %HOMEPATH%\templates\mnho9y54 girls cock hotel .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mnho9y54 big hole 40+ .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 h93bklf tsomq34 [free] hole .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z9z7rwe horse yzw1afy apv53deiq9fw hole .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 girls 40+ .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tsomq34 [bangbus] .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ [free] .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt porn xxx [milf] (cy4xpd).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\fac71w2 horse yzw1afy epyxwn hole .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec 8ok6yf lpcu5ai3 bq4kno mg9fvb2xk9 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8r3baiec w6csjja14n1 lpcu5ai3 l9hwcs7vvnphd9 (g6u8n4r).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt horse beast girls 50+ .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f07qtt horse nom72kl uncut .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\beast big lzxyhb7k (rdl1tfkz,c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\mnho9y54 7vepaqjm lzxyhb7k .avi.exe
  • %WINDIR%\assembly\temp\8r3baiec bd1l5ir beast sgu4m7oc hole .avi.exe
  • %WINDIR%\assembly\tmp\s2fkave w6csjja14n1 tsomq34 uncut glans .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\mzwpstr8n bq4kno cock .avi.exe
  • %WINDIR%\pla\templates\w6csjja14n1 gay girls glans zn3tvn (g6u8n4r).rar.exe
  • %WINDIR%\security\templates\mzwpstr8n [free] (2hbt8wr).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec horse mzwpstr8n uncut rv0y8n (sonja,karin).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\black bd1l5ir lpcu5ai3 ihthd33 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 uncut fishy .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\black h93bklf horse uncut boots .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx porn mzwpstr8n nom72kl titts girly (liz).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm 8ok6yf tsomq34 ihthd33 .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\black ddqayq nom72kl nom72kl js80j73 .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave xakmpl xxx uncut glans .zip.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy tsomq34 [milf] 8bgkvshe1 (gina,dxocjwba).mpg.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e bd1l5ir mzwpstr8n [milf] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 hot (!) titts .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt bd1l5ir lpcu5ai3 [milf] feet hairy (liz).zip.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e cum horse girls sm .mpg.exe
  • %WINDIR%\syswow64\ime\shared\beast [free] cock sm (dxocjwba).mpeg.exe
  • %WINDIR%\temp\f07qtt horse gay uncut cock ash .rar.exe
  • %WINDIR%\winsxs\installtemp\7nd83wovj nom72kl vjq39c1gwy gsva2xn .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\xakmpl w6csjja14n1 uncut (gina).rar.exe
  • %CommonProgramFiles%\microsoft shared\ikdyfwhy porn porn epyxwn .rar.exe
  • %ProgramFiles%\dvd maker\shared\lpcu5ai3 mnho9y54 [milf] lzxyhb7k (karin,sandy).avi.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe ddqayq hot (!) titts .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\black wep6b08 horse bq4kno .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\ikdyfwhy w6csjja14n1 porn nom72kl kfp2yqq .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\asian horse mzwpstr8n vjq39c1gwy fishy .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wpjwijv bd1l5ir wep6b08 7vepaqjm ash .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\7b6fhxi gay yzw1afy girls .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt nude epyxwn rv0y8n .avi.exe
  • %ProgramFiles%\microsoft office\templates\8r3baiec wep6b08 [free] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\0287zh cum horse hot (!) cock qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\7b6fhxi bd1l5ir 8ok6yf hot (!) .mpg.exe
  • %ProgramFiles%\windows journal\templates\ikdyfwhy mzwpstr8n girls .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\xxx w6csjja14n1 bq4kno eigt45 .zip.exe
  • %ProgramFiles%\windows journal\templates\mzwpstr8n 8ok6yf hot (!) hole .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\porn nom72kl qx2j1b5 (2hbt8wr,jenna).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\8r3baiec bd1l5ir tsomq34 [bangbus] gsva2xn .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 lpcu5ai3 hot (!) hole sweet .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\tsomq34 yzw1afy l9hwcs7vvnphd9 hotel (2hbt8wr).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ horse nom72kl shoes (sonja).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ikdyfwhy nom72kl nom72kl wifey .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 horse apv53deiq9fw sweet .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gzn4ud7e 7nd83wovj bq4kno feet .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 nude horse [free] titts .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\4h1e2a346 beast sgu4m7oc .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\z1qxwcd [bangbus] shoes (jade).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\viaz50 mnho9y54 uncut .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\asian h93bklf apv53deiq9fw 8bgkvshe1 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\7b6fhxi porn mnho9y54 ihthd33 (sandy,sarah).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt sperm gay sgu4m7oc 8bgkvshe1 .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec [bangbus] qx2j1b5 (liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nom72kl nom72kl nom72kl .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8r3baiec porn [bangbus] 50+ .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\zc8giv9 yzw1afy nom72kl ejn547rbxhd1 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black yzw1afy nom72kl titts gsva2xn .rar.exe
  • %ALLUSERSPROFILE%\templates\black bd1l5ir nom72kl boobs .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8ok6yf hot (!) boobs lady (haj1oyikd,g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 sperm uncut .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\h93bklf bd1l5ir [milf] .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx sperm epyxwn .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\bd1l5ir girls boobs eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\wpjwijv mnho9y54 l9hwcs7vvnphd9 feet (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\templates\h93bklf xakmpl nom72kl lzxyhb7k .avi.exe
  • %ALLUSERSPROFILE%\templates\jxaglwti ddqayq [bangbus] legs qq6w54yfhtqrbwcslg (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx 7nd83wovj 7vepaqjm cock .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f1i7cm cum mnho9y54 vjq39c1gwy girly .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\7nd83wovj ihthd33 jxqgtp ash .rar.exe
  • C:\users\default\appdata\local\temp\horse [milf] .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\black yzw1afy nom72kl boobs girly (gina,sonja).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian xakmpl hot (!) 779mipj .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\jxaglwti mzwpstr8n 7vepaqjm .zip.exe
  • C:\users\default\templates\s2fkave mzwpstr8n [bangbus] sm .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\0287zh tsomq34 tsomq34 nom72kl cock zn3tvn .avi.exe
  • %ALLUSERSPROFILE%\templates\4h1e2a346 tsomq34 uncut cock (rdl1tfkz,jenna).avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd girls .rar.exe
  • C:\users\default\appdata\local\temp\0287zh 7nd83wovj horse l9hwcs7vvnphd9 kfp2yqq hairy .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\eq7k2xcxt w6csjja14n1 mzwpstr8n uncut fw58kpr41ob1w .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\mnho9y54 tsomq34 girls feet 8bgkvshe1 .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\4h1e2a346 yzw1afy bq4kno .zip.exe
  • %TEMP%\z1qxwcd horse wep6b08 [free] qx2j1b5 .mpeg.exe
  • C:\users\default\templates\wep6b08 vjq39c1gwy (sonja).avi.exe
  • %LOCALAPPDATA%\<INETFILES>\f07qtt ddqayq h93bklf sgu4m7oc .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\lpcu5ai3 7vepaqjm girly .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\xakmpl 7vepaqjm 8bgkvshe1 (cy4xpd,2hbt8wr).rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black ddqayq xxx apv53deiq9fw latex .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt 7vepaqjm jxqgtp (rdl1tfkz,jenna).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\eq7k2xcxt beast 8ok6yf ihthd33 779mipj .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\mnho9y54 beast big .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\0287zh sperm [milf] boobs js80j73 (sarah).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\horse apv53deiq9fw .zip.exe
  • %APPDATA%\microsoft\templates\0287zh yzw1afy hot (!) .mpeg.exe
  • %APPDATA%\microsoft\templates\upfgetx ddqayq w6csjja14n1 uncut .zip.exe
  • %APPDATA%\microsoft\windows\templates\wpjwijv bd1l5ir hot (!) sweet .rar.exe
  • %APPDATA%\microsoft\windows\templates\z1qxwcd h93bklf sgu4m7oc shoes .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\zc8giv9 w6csjja14n1 uncut boobs .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\ddqayq gay nom72kl .rar.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\cum h93bklf hot (!) ol6p1tua (g6u8n4r).rar.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\yzw1afy wep6b08 bq4kno .mpeg.exe
  • %HOMEPATH%\templates\upfgetx xakmpl [bangbus] boobs nmibe2 .rar.exe
  • %HOMEPATH%\templates\ uncut sweet .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mnho9y54 8ok6yf girls qq6w54yfhtqrbwcslg (sandy).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\asian wep6b08 horse sgu4m7oc boots .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt 7nd83wovj porn [milf] legs js80j73 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8ok6yf w6csjja14n1 epyxwn ol6p1tua (c4w8hqa).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\7b6fhxi gay l9hwcs7vvnphd9 50+ .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\w6csjja14n1 l9hwcs7vvnphd9 eigt45 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\upfgetx 8ok6yf [free] 8pfmdyy .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt nom72kl girls legs .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\bd1l5ir girls .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl [bangbus] 779mipj (dehod0).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\gay xxx epyxwn titts .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec w6csjja14n1 w6csjja14n1 [milf] hole ol6p1tua .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z1qxwcd porn [free] jxqgtp shoes .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt ddqayq epyxwn sgoibhh .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\asian ddqayq sperm 7vepaqjm hole wifey (haj1oyikd,karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\porn 7nd83wovj [milf] b37oavmx289 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\fac71w2 sperm sperm [bangbus] feet 6tl9zg0uqa .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\fac71w2 beast nom72kl .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh 7nd83wovj w6csjja14n1 vjq39c1gwy hole .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8ok6yf cum apv53deiq9fw eigt45 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\asian gay horse vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\ikdyfwhy mnho9y54 mzwpstr8n [bangbus] .mpeg.exe
  • %WINDIR%\assembly\temp\z9z7rwe nude ddqayq epyxwn zmc8ujp .zip.exe
  • %WINDIR%\assembly\tmp\ddqayq uncut jxqgtp .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\h93bklf nude bq4kno titts wifey .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt yzw1afy uncut 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7nd83wovj xxx uncut 8pfmdyy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh wep6b08 [bangbus] jxqgtp 50+ .zip.exe
  • %WINDIR%\pla\templates\h93bklf vjq39c1gwy legs ae2sd7u4xh .mpg.exe
  • %WINDIR%\security\templates\eq7k2xcxt porn [milf] boobs ol6p1tua .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\s2fkave gay beast vjq39c1gwy hole 50+ (karin,jade).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 w6csjja14n1 [milf] hole (dxocjwba,gina).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 vjq39c1gwy eigt45 (liz,liz).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\yzw1afy wep6b08 apv53deiq9fw .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\7nd83wovj nude apv53deiq9fw zn3tvn .zip.exe
  • %WINDIR%\assembly\temp\lpcu5ai3 mzwpstr8n hot (!) mg9fvb2xk9 .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\asian xakmpl [milf] gsva2xn .zip.exe
  • %WINDIR%\assembly\tmp\ddqayq uncut hole .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\xxx tsomq34 uncut fw58kpr41ob1w .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec ddqayq bd1l5ir uncut ash 8bgkvshe1 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl 7vepaqjm boobs gh5b6gd7wrv (haj1oyikd).zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx ddqayq [free] .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\upfgetx yzw1afy apv53deiq9fw feet mg9fvb2xk9 .zip.exe
  • %WINDIR%\syswow64\ime\shared\cum epyxwn .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\4h1e2a346 7nd83wovj nom72kl sgu4m7oc 779mipj .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm epyxwn b37oavmx289 .mpeg.exe
  • %WINDIR%\pla\templates\yzw1afy vjq39c1gwy jxqgtp nmibe2 (gina).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse nom72kl ash eigt45 (sandy,g6u8n4r).rar.exe
  • %WINDIR%\security\templates\0287zh w6csjja14n1 bq4kno .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe yzw1afy girls .avi.exe
  • %WINDIR%\syswow64\fxstmp\lpcu5ai3 [free] .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt [bangbus] zmc8ujp (y8oxsqa,hyo87il).rar.exe
  • %WINDIR%\syswow64\ime\shared\xakmpl tsomq34 girls latex .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\beast epyxwn young .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe xakmpl 7vepaqjm sm .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wep6b08 horse 7vepaqjm fishy .avi.exe
  • %WINDIR%\temp\bd1l5ir epyxwn qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\horse uncut ejn547rbxhd1 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\7nd83wovj uncut .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt horse sgu4m7oc .zip.exe
  • %WINDIR%\syswow64\fxstmp\yzw1afy [bangbus] eigt45 .rar.exe
  • %WINDIR%\syswow64\ime\shared\w6csjja14n1 yzw1afy ihthd33 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\z9z7rwe ddqayq nom72kl b37oavmx289 (y8oxsqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd xxx ddqayq big hole .zip.exe
  • %WINDIR%\syswow64\fxstmp\0287zh bd1l5ir uncut .mpeg.exe
  • %WINDIR%\temp\4h1e2a346 8ok6yf uncut cock ejn547rbxhd1 .avi.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play