Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Win32.HLLW.Autoruner2.23941

Added to the Dr.Web virus database: 2016-05-14

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
  • '<SYSTEM32>\svchost.exe'
Injects code into
the following system processes:
  • <SYSTEM32>\svchost.exe
Modifies file system:
Creates the following files:
  • %HOMEPATH%\aegvvp.exe
Sets the 'hidden' attribute to the following files:
  • %HOMEPATH%\aegvvp.exe
Network activity:
UDP:
  • DNS ASK mu###.###tal-protection.net.ru
  • DNS ASK sl###.##fehousenumber.com
  • 'mu###.###tal-protection.net.ru':30915
  • 'sl###.##fehousenumber.com':30915
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Fqqaxtt Gdotucit' WindowName: 'Vbpmbwu Gfxi. Jsa'
  • ClassName: 'Ohbjxu Vqpkhv Smxge' WindowName: 'Qpknswiq. Luqeb'
  • ClassName: 'Lmyigv, Jbsvm Obt' WindowName: 'Turhq, Mlmwyd. Ec'
  • ClassName: 'Pypcmxjj Nehef. Bup' WindowName: 'Nlsevlmk Potbe, Xpl'
  • ClassName: 'Drtbq. Iweemt Vlx' WindowName: 'Taetx. Oxujf. Ysvc'
  • ClassName: 'Tvxm Mma. Jxlof, Jn' WindowName: 'Xsla. Hqa, Qhykep K'
  • ClassName: 'Eqfkx Slexbccou' WindowName: 'Hxaiaf Nshxa Mi'
  • ClassName: 'Lqvcr Nklcs Igxp' WindowName: 'Clqqfcowl Seluj'
  • ClassName: 'Jn' WindowName: 'Xsla. Hqa, Qhykep K, Tvxm Mma. Jxlof'
  • ClassName: 'Jbsvm Obt' WindowName: 'Turhq, Mlmwyd. Ec, Lmyigv'
  • ClassName: 'Wetesnb Euvia Cxhel' WindowName: 'Ifwqctnx Uyfvtyb'
  • ClassName: 'Qixdivk Lpopnfls Pd' WindowName: 'Nfoxxdxo Xtgsn, Ie'
  • ClassName: 'Pwj' WindowName: 'Mtbyn, Jcv, Pde, Aiovdfngex'
  • ClassName: 'Aiovdfngex, Pwj' WindowName: 'Mtbyn, Jcv, Pde'
  • ClassName: 'Kebc' WindowName: 'Jkwjslg. Qxf, Sts, Oprxtrfad'
  • ClassName: 'Swwrjj Ncivwkmccm A' WindowName: 'Toacbagjev Knean, U'
  • ClassName: 'Kehabexalnb Boq' WindowName: 'Uxdqkw. Ospl Sbtk'
  • ClassName: 'Oprxtrfad, Kebc' WindowName: 'Jkwjslg. Qxf, Sts'
  • ClassName: 'Ihmyk Rufkseys El' WindowName: 'Gqdb Lvlaid, Wdwlpi'
  • ClassName: 'Fkf Hwb' WindowName: 'Jnrdl, Xvypupy. Ek, Bgtdk Fh'
  • ClassName: 'Bgtdk Fh, Fkf Hwb' WindowName: 'Jnrdl, Xvypupy. Ek'
  • ClassName: 'Krpnqeu' WindowName: 'Jjyghcch Ejvndyev, Hkutlq Kfs'
  • ClassName: 'Hkutlq Kfs, Krpnqeu' WindowName: 'Jjyghcch Ejvndyev'
  • ClassName: 'Lylel Litrh. Raghv' WindowName: 'Lvh. Oheiby Kqe'
  • ClassName: 'Ufedre. Tp, Xywxvwd' WindowName: 'Yvpat. Gmpftx. E'
  • ClassName: 'Btidru Tbghvglj Yxd' WindowName: 'Yohuuuc Teyjbnue U'
  • ClassName: 'Jbegi. Ylsg. Ivmwa' WindowName: 'Akt. Tniaqmkwyw Rw'
  • ClassName: 'Xywxvwd' WindowName: 'Yvpat. Gmpftx. E, Ufedre. Tp'
  • ClassName: 'Unowhx, Lkgoijd' WindowName: 'Chhj Avcxm Cupx'
  • ClassName: 'Ajjtm Rixydu Bkq' WindowName: 'Gxrtpf Djdj Kexdu'
  • ClassName: 'Eqwaja. Mdwc Kpf' WindowName: 'Skyyci, Wwle Rnjr X'
  • ClassName: 'Iiur Mjtf Xkpgebku' WindowName: 'Tty, Flu, Ypdgj'
  • ClassName: 'Ucbsohhf. Ftaj K' WindowName: 'Jrwknc. Ioomuuq'
  • ClassName: 'Eag' WindowName: 'Aonjhiyod, Cjsqh, Tkxcwqt Dgn'
  • ClassName: 'Bmjpenr Ofckk Ksi' WindowName: 'Uujm, Bgqldyw. Ped'
  • ClassName: 'Lkgoijd' WindowName: 'Chhj Avcxm Cupx, Unowhx'
  • ClassName: 'Tkxcwqt Dgn, Eag' WindowName: 'Aonjhiyod, Cjsqh'
  • ClassName: 'Cmquuudlh Qyffg U' WindowName: 'Jfjvt Vbyigm Wby'