Pour le fonctionnement correct du site, vous devez activer JavaScript dans votre navigateur.
Win32.HLLM.Reset.460
Added to the Dr.Web virus database:
2014-07-19
Virus description added:
2014-07-21
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,<LS_APPDATA>\jwaroevi\rarexsdb.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RarExsdb' = '<LS_APPDATA>\jwaroevi\rarexsdb.exe'
Creates or modifies the following files:
%HOMEPATH%\Start Menu\Programs\Startup\rarexsdb.exe
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
To complicate detection of its presence in the operating system,
blocks the following features:
User Account Control (UAC)
Windows Security Center
Creates and executes the following:
Executes the following:
Injects code into
the following system processes:
Modifies file system :
Creates the following files:
%ALLUSERSPROFILE%\Application Data\ybfcuwpc.log
<LS_APPDATA>\lawhwilb.log
<LS_APPDATA>\jwaroevi\rarexsdb.exe
%TEMP%\byjjjqlf.exe
%TEMP%\ifqydaby.exe
Sets the 'hidden' attribute to the following files:
%HOMEPATH%\Start Menu\Programs\Startup\rarexsdb.exe
Network activity:
Connects to:
'it####xjghvvxa.com':443
'kn#####cwtlvgrdyhd.com':443
'jh###lufoh.com':443
'hu###fjq.com':443
'tq###ylf.com':443
'vr####rdrjoff.com':443
'an#####wcbnjopdd.com':443
'74.##5.232.51':80
UDP:
DNS ASK xr#####awtlmulghjj.com
DNS ASK yc####vxdnlsa.com
DNS ASK jm####wtcjev.com
DNS ASK rr####fucjjylju.com
DNS ASK fg####gcdomle.com
DNS ASK re####njqssbrnf.com
DNS ASK ea####aobohxb.com
DNS ASK xb###sli.com
DNS ASK jy####gwfhyns.com
DNS ASK ib#####ochoyjidm.com
DNS ASK vw####josuovul.com
DNS ASK lv####bdtfapwev.com
DNS ASK ri####otkuysyfh.com
DNS ASK af###gddfi.com
DNS ASK wn#####nwiugtvwyo.com
DNS ASK im###kaudq.com
DNS ASK tb#####iecloxihf.com
DNS ASK xo###bqb.com
DNS ASK dh###whoj.com
DNS ASK ov#####jcnvwwooiamj.com
DNS ASK uc#####ryboqwbmlxke.com
DNS ASK qp###bstn.com
DNS ASK ha#####qjkkaejwi.com
DNS ASK nw#####auuwsyuppii.com
DNS ASK if###anec.com
DNS ASK gw###jueqme.com
DNS ASK bing.com
DNS ASK ok###clblpl.com
DNS ASK to###nnhm.com
DNS ASK nf####vxyssyda.com
DNS ASK ll###gbqhv.com
DNS ASK sc####lmfbgf.com
DNS ASK em###yirx.com
DNS ASK yo###axsana.com
DNS ASK ex###gyv.com
DNS ASK sh#####teeocltymxe.com
DNS ASK qd#####uhwabhwik.com
DNS ASK fs#####ychumrgrmhwo.com
DNS ASK ec#####vvoydawmfni.com
DNS ASK vb####wyurqem.com
DNS ASK hg####eedieibxy.com
DNS ASK pp###aohb.com
DNS ASK je###rgatod.com
DNS ASK kh###mpmare.com
DNS ASK ri###ysk.com
DNS ASK an###qyfy.com
DNS ASK ck####lutybvcxv.com
DNS ASK google.com
DNS ASK an#####wcbnjopdd.com
DNS ASK vr####rdrjoff.com
DNS ASK tq###ylf.com
DNS ASK kn#####cwtlvgrdyhd.com
DNS ASK jh###lufoh.com
DNS ASK nv###fua.com
DNS ASK it####xjghvvxa.com
DNS ASK hu###fjq.com
DNS ASK vf####ablskkqrx.com
DNS ASK uv#####fbeyvebqeb.com
DNS ASK jm#####ktxvegsxid.com
DNS ASK hj###duyebf.com
DNS ASK eb###yrs.com
DNS ASK my###puoh.com
DNS ASK qt#####tfgmkxqjrik.com
DNS ASK wx#####eacmrtdam.com
DNS ASK vf####sgsfsodw.com
DNS ASK sb#####tiavvtrkrn.com
DNS ASK qy###vjwh.com
DNS ASK wl###wlygck.com
DNS ASK eg####frdsefc.com
DNS ASK fy####uksgjfxy.com
DNS ASK lc###ndroo.com
DNS ASK eu####bkwahxxjn.com
DNS ASK ty#####ijdcxtdxd.com
DNS ASK ac#####dvnmhthwnlxv.com
DNS ASK qv#####pofqsxdnr.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: '(null)'
Téléchargez Dr.Web pour Android
Gratuit pour 3 mois
Tous les composants de protection
Renouvellement de la démo via AppGallery/Google Pay
Nous utilisons des cookies sur notre site web à des fins d’analyse et de récolte de données statistiques. En naviguant sur notre site, vous pouvez accepter ou refuser l’utilisation de ces fichiers cookies, sauf ceux strictement nécessaires au fonctionnement du site web.
En savoir plus : Politique de confidentialité
Accepter
Refuser