Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLM.Reset.69
Aggiunto al database dei virus Dr.Web:
2010-04-02
La descrizione è stata aggiunta:
2014-07-24
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'german.exe' = '%WINDIR%\wintems.exe'
Malicious functions:
Creates and executes the following:
'%WINDIR%\wintems.exe'
'%WINDIR%\mdelk.exe' -upd
Searches for windows to
detect analytical utilities:
ClassName: 'FilemonClass' WindowName: '(null)'
ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
ClassName: 'RegmonClass' WindowName: '(null)'
ClassName: 'OLLYDBG' WindowName: '(null)'
ClassName: 'GBDYLLO' WindowName: '(null)'
ClassName: 'pediy06' WindowName: '(null)'
Modifies file system :
Creates the following files:
%WINDIR%\ban_list.txt
%WINDIR%\wintems.exe
%WINDIR%\mdelk.exe
Deletes the following files:
Network activity:
Connects to:
'bi###rd-88.ch':80
'ba##os.be':80
'po###oem.com':80
'bi###landia.org':80
'ne###yonnzz.ws':80
'an##agic.gr':80
'bi####breaker.com':80
'www.bm###wfirm.com':80
'www.be##eh.ru':80
'tu#####lesticketing.com':80
'bi###rchiv.de':80
'bi###shop.com':80
'bi####valdinon.it':80
TCP:
HTTP GET requests:
bi###rd-88.ch/images/file.txt
ba##os.be/images/file.txt
po###oem.com/images/file.txt
bi###landia.org/images/file.txt
ne###yonnzz.ws/images/file.txt
an##agic.gr/images/file.txt
bi####breaker.com/images/file.txt
www.bm###wfirm.com/images/file.txt
www.be##eh.ru/images/ludi/file.txt
tu#####lesticketing.com/images/file.txt
bi###rchiv.de/images/file.txt
bi###shop.com/images/file.txt
bi####valdinon.it/images/file.txt
UDP:
DNS ASK bi###rd-88.ch
DNS ASK ba##os.be
DNS ASK po###oem.com
DNS ASK an##agic.gr
DNS ASK bi##a.pl
DNS ASK bi###landia.org
DNS ASK ne###yonnzz.ws
DNS ASK www.bm###wfirm.com
DNS ASK www.be##eh.ru
DNS ASK tu#####lesticketing.com
DNS ASK bi####valdinon.it
DNS ASK BI####BREAKER.com
DNS ASK bi###rchiv.de
DNS ASK bi###shop.com
Miscellaneous:
Searches for the following windows:
ClassName: '18467-41' WindowName: '(null)'
ClassName: 'Indicator' WindowName: '(null)'
ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK