PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.29808

Aggiunto al database dei virus Dr.Web: 2025-07-17

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\yzw1afy girls (y8oxsqa).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e 7nd83wovj xxx hot (!) glans sgoibhh .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay bq4kno (sarah).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx horse mzwpstr8n girls sm .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec 8ok6yf beast [bangbus] boots (sandy,sarah).rar.exe
  • %ProgramFiles%\microsoft office\templates\upfgetx 7nd83wovj gay [milf] boots .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gzn4ud7e horse horse hot (!) hole 40+ .avi.exe
  • %ProgramFiles%\windows journal\templates\sperm apv53deiq9fw (jade).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx bd1l5ir beast ihthd33 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f1i7cm horse mnho9y54 nom72kl 779mipj .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z9z7rwe h93bklf nom72kl [bangbus] .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl uncut qq6w54yfhtqrbwcslg (rdl1tfkz,liz).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tsomq34 nom72kl titts ejn547rbxhd1 .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\h93bklf [bangbus] (y8oxsqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 uncut (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast bq4kno .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx cum xxx l9hwcs7vvnphd9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm ihthd33 (karin).mpg.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 ddqayq beast epyxwn gh5b6gd7wrv .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay hot (!) .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave h93bklf yzw1afy [bangbus] hole 8bgkvshe1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm nude beast bq4kno cock ash .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe wep6b08 mnho9y54 ihthd33 glans boots .mpeg.exe
  • %ALLUSERSPROFILE%\templates\nom72kl uncut glans .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt horse mnho9y54 girls .rar.exe
  • C:\users\default\appdata\local\temp\f1i7cm ddqayq tsomq34 hot (!) js80j73 .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\black bd1l5ir beast [bangbus] (jade).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\black cum mnho9y54 apv53deiq9fw .avi.exe
  • C:\users\default\templates\upfgetx h93bklf yzw1afy uncut rv0y8n .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\xxx [free] hole .avi.exe
  • %TEMP%\fac71w2 ddqayq tsomq34 l9hwcs7vvnphd9 .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\tsomq34 [bangbus] glans 779mipj .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\sperm uncut sgoibhh .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\gzn4ud7e w6csjja14n1 mzwpstr8n [bangbus] sweet .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black xakmpl horse nom72kl hole .rar.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 hot (!) feet b37oavmx289 (y8oxsqa).rar.exe
  • %APPDATA%\microsoft\windows\templates\black xakmpl vjq39c1gwy shoes .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\nom72kl vjq39c1gwy b37oavmx289 .mpg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\black xakmpl xxx uncut gsva2xn .avi.exe
  • %HOMEPATH%\templates\tsomq34 uncut 779mipj .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\lpcu5ai3 sgu4m7oc .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e bd1l5ir mzwpstr8n [milf] lady .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e w6csjja14n1 tsomq34 [milf] cock rv0y8n .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f07qtt nude bq4kno sgoibhh .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z9z7rwe 8ok6yf horse ihthd33 hole young (sarah).avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black bd1l5ir xxx [milf] cock (sandy,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gzn4ud7e 8ok6yf mnho9y54 apv53deiq9fw (dxocjwba).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e h93bklf sperm vjq39c1gwy cock 6tl9zg0uqa .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\mnho9y54 ihthd33 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\beast hot (!) rv0y8n .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\mzwpstr8n epyxwn js80j73 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\xxx hot (!) ash .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt 7nd83wovj lpcu5ai3 girls titts qx2j1b5 (2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\temp\fac71w2 porn xxx hot (!) sweet (sandy,y8oxsqa).mpg.exe
  • %WINDIR%\assembly\tmp\8r3baiec nude ihthd33 titts .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm cum gay nom72kl lady .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e porn nom72kl epyxwn titts .mpeg.exe
  • %WINDIR%\pla\templates\yzw1afy [free] .mpeg.exe
  • %WINDIR%\security\templates\8r3baiec nude horse [bangbus] cock boots .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave w6csjja14n1 yzw1afy big (jade).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\nom72kl epyxwn zn3tvn (sonja,y8oxsqa).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\nom72kl [milf] young (haj1oyikd,jade).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave 7nd83wovj horse big qx2j1b5 (rdl1tfkz,g6u8n4r).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\fac71w2 h93bklf mnho9y54 7vepaqjm qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt porn yzw1afy [bangbus] titts .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e cum lpcu5ai3 sgu4m7oc .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 7nd83wovj tsomq34 l9hwcs7vvnphd9 .mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play