La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Win32.HLLW.Autoruner2.23915

Aggiunto al database dei virus Dr.Web: 2016-05-13

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
  • '<SYSTEM32>\svchost.exe'
Injects code into
the following system processes:
  • <SYSTEM32>\svchost.exe
Modifies file system:
Creates the following files:
  • %HOMEPATH%\aegvvp.exe
Sets the 'hidden' attribute to the following files:
  • %HOMEPATH%\aegvvp.exe
Network activity:
UDP:
  • DNS ASK mu###.###tal-protection.net.ru
  • DNS ASK sl###.##fehousenumber.com
  • 'mu###.###tal-protection.net.ru':33111
  • 'sl###.##fehousenumber.com':33111
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Qfdeq Tgooab' WindowName: 'Nwngrg Tcqd. Xjnn, Mkeyg'
  • ClassName: 'Ytfnti. Xlmsb. Sltx' WindowName: 'Fyjwl, Fvrl Mgh'
  • ClassName: 'Sftyl, Ggcrmx Ts' WindowName: 'Lrpriaun Ntt Wc'
  • ClassName: 'Mkeyg, Qfdeq Tgooab' WindowName: 'Nwngrg Tcqd. Xjnn'
  • ClassName: 'Kfmg Jjm. Hxpydxvr' WindowName: 'Ucnl, Sefhnhnt D'
  • ClassName: 'Rdnvm. Ppov Crjkava' WindowName: 'Frynvavf. Ovrsjq'
  • ClassName: 'Rnbsm Qblh Dinbr' WindowName: 'Ocul, Rupfjc Ucmqc'
  • ClassName: 'Ggcrmx Ts' WindowName: 'Lrpriaun Ntt Wc, Sftyl'
  • ClassName: 'Chjwm, Rdlbcs Lqblt' WindowName: 'Hjwwe. Fkaciyr. Eh'
  • ClassName: 'Rdlbcs Lqblt' WindowName: 'Hjwwe. Fkaciyr. Eh, Chjwm'
  • ClassName: 'Vwbnofu Xbrxlvb' WindowName: 'Hgwjwv Vlnri. Soce'
  • ClassName: 'Pplhctul' WindowName: 'Pvqrukh Xdm. Mhhi, Uinedap'
  • ClassName: 'Qcluudt Uxrlr Qgy' WindowName: 'Mbyjxe Thpxipiu'
  • ClassName: 'Onqod Qdkha. Bthsv' WindowName: 'Ibhynlu Txywtrw Hak'
  • ClassName: 'Uinedap, Pplhctul' WindowName: 'Pvqrukh Xdm. Mhhi'
  • ClassName: 'Idkawvntmb, Yy, Mgk' WindowName: 'Kqyi Yehjn Xihvj B'
  • ClassName: 'Mgk' WindowName: 'Kqyi Yehjn Xihvj B, Idkawvntmb, Yy'
  • ClassName: 'Nclrftt Beiilme' WindowName: 'Lmgop Oluwtd. Hxmk'
  • ClassName: 'Elhnmlki Rj. Pq' WindowName: 'Doabeosd Oedgakoos'
  • ClassName: 'Vjpwxh Wgverflb' WindowName: 'Bse, Uae. Yd. Ys'
  • ClassName: 'Siwphp Wgpwx. Sjxir' WindowName: 'Obwefwkueora Dsrc'
  • ClassName: 'Kgto. Ncfq Rgnuy' WindowName: 'Bxnri Muemdm Lpnxxy'
  • ClassName: 'Fftpbjg Hqjelju Q' WindowName: 'Qkpjjkp Icisp Lum'
  • ClassName: 'Geqp. Nhwvfh Hxprh' WindowName: 'Jtylkm, Kvdb Oyej'
  • ClassName: 'Vkbjny. Kqxu Bbal' WindowName: 'Fkghfheh Epryqc'
  • ClassName: 'Vkrkhj Egsvfn Wy' WindowName: 'Ecpjmk Wcaebiyp'
  • ClassName: 'Rtbhlkec Ikp' WindowName: 'Svao. Mcrbqif Eapqn, Qcpn'
  • ClassName: 'Cwphamr Luiclysb' WindowName: 'Bebtuchb Bqiegdbw O'
  • ClassName: 'Qfneln. Xdtq. Sdd' WindowName: 'Byjamxuj. Alwua, Q'
  • ClassName: 'Qcpn, Rtbhlkec Ikp' WindowName: 'Svao. Mcrbqif Eapqn'