FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.25397

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\nom72kl [free] titts .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\lpcu5ai3 [free] hole .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\ epyxwn glans young (sarah).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f07qtt nude uncut hole fw58kpr41ob1w .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\mzwpstr8n girls hole sweet .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\lpcu5ai3 bq4kno ae2sd7u4xh .rar.exe
  • %ProgramFiles%\windows journal\templates\fac71w2 cum gay nom72kl titts zn3tvn (karin).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\gzn4ud7e 7nd83wovj nom72kl .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\lpcu5ai3 hot (!) feet .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f1i7cm porn tsomq34 l9hwcs7vvnphd9 (jade).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\yzw1afy bq4kno 40+ .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\eq7k2xcxt xakmpl ihthd33 hole .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ girls cock .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xakmpl yzw1afy uncut (dxocjwba).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy ihthd33 cock sgoibhh .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black wep6b08 mnho9y54 big js80j73 (36mho73,dxocjwba).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black cum mzwpstr8n ihthd33 hole .mpg.exe
  • %ALLUSERSPROFILE%\templates\black wep6b08 sperm bq4kno 50+ .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 8ok6yf sperm ihthd33 8pfmdyy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e 7nd83wovj tsomq34 [milf] feet sweet (c4w8hqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\sperm ihthd33 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\yzw1afy nom72kl .mpg.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy [bangbus] (g6u8n4r).zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt porn xxx nom72kl young (gina,c4w8hqa).zip.exe
  • C:\users\default\appdata\local\temp\ apv53deiq9fw 8pfmdyy .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe 8ok6yf horse apv53deiq9fw glans .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nom72kl ihthd33 glans wifey .mpeg.exe
  • C:\users\default\templates\f07qtt xakmpl mnho9y54 girls (sarah).zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm ddqayq gay vjq39c1gwy cock sgoibhh (cy4xpd).mpg.exe
  • %TEMP%\yzw1afy vjq39c1gwy titts .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\ ihthd33 titts sm .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\eq7k2xcxt h93bklf beast [milf] hole .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\sperm uncut .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\beast [bangbus] feet zmc8ujp (2hbt8wr).zip.exe
  • %APPDATA%\microsoft\templates\eq7k2xcxt cum nom72kl girls hole lady .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\sperm vjq39c1gwy balls .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\fac71w2 h93bklf nom72kl [milf] .mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\gay bq4kno .rar.exe
  • %HOMEPATH%\templates\mzwpstr8n [free] latex .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay nom72kl feet js80j73 (2hbt8wr).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n vjq39c1gwy feet eigt45 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e ddqayq nom72kl big (dxocjwba).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 vjq39c1gwy gh5b6gd7wrv .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\sperm big hole fw58kpr41ob1w .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe bd1l5ir mnho9y54 sgu4m7oc feet b37oavmx289 (jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\beast [free] 8pfmdyy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\yzw1afy vjq39c1gwy titts hotel (liz).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy uncut sweet (dehod0,2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\fac71w2 8ok6yf nom72kl titts .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black wep6b08 tsomq34 uncut .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mnho9y54 [bangbus] latex (sonja,cy4xpd).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse big titts (dehod0,g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\horse hot (!) 40+ .mpeg.exe
  • %WINDIR%\assembly\temp\z9z7rwe cum mzwpstr8n uncut (sarah).zip.exe
  • %WINDIR%\assembly\tmp\gay uncut hole b37oavmx289 .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\s2fkave xakmpl sperm epyxwn .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f07qtt w6csjja14n1 xxx l9hwcs7vvnphd9 hole .rar.exe
  • %WINDIR%\pla\templates\f07qtt xakmpl tsomq34 sgu4m7oc hole .rar.exe
  • %WINDIR%\security\templates\tsomq34 vjq39c1gwy .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e ddqayq beast uncut glans hairy (sarah).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\8r3baiec bd1l5ir mzwpstr8n epyxwn .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e bd1l5ir gay 7vepaqjm zn3tvn .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe porn tsomq34 [milf] hotel .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\eq7k2xcxt w6csjja14n1 gay apv53deiq9fw (2hbt8wr).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 mnho9y54 [milf] fw58kpr41ob1w .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt wep6b08 mnho9y54 l9hwcs7vvnphd9 young .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt horse lpcu5ai3 l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy gay vjq39c1gwy ol6p1tua .rar.exe
  • %WINDIR%\syswow64\ime\shared\mnho9y54 bq4kno young (36mho73,cy4xpd).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 cum mnho9y54 ihthd33 sgoibhh (36mho73,y8oxsqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave w6csjja14n1 nom72kl uncut feet lzxyhb7k .mpg.exe
  • %WINDIR%\syswow64\fxstmp\z9z7rwe wep6b08 yzw1afy [milf] ae2sd7u4xh .avi.exe
  • %WINDIR%\syswow64\ime\shared\upfgetx cum tsomq34 uncut glans qx2j1b5 .rar.exe
  • %WINDIR%\temp\upfgetx h93bklf lpcu5ai3 vjq39c1gwy feet fishy .mpg.exe
  • %WINDIR%\winsxs\installtemp\z9z7rwe cum lpcu5ai3 vjq39c1gwy (cy4xpd).mpeg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\beast uncut rv0y8n .mpg.exe
  • %CommonProgramFiles%\microsoft shared\fac71w2 wep6b08 horse [bangbus] glans .rar.exe
  • %ProgramFiles%\dvd maker\shared\f1i7cm w6csjja14n1 xxx ihthd33 balls .mpg.exe
  • %ProgramFiles%\dvd maker\shared\black 8ok6yf horse [milf] ae2sd7u4xh .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f07qtt w6csjja14n1 lpcu5ai3 ihthd33 young .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gzn4ud7e bd1l5ir yzw1afy hot (!) 779mipj .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt 7nd83wovj horse vjq39c1gwy feet rv0y8n (cy4xpd).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mnho9y54 nom72kl (karin).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec cum mnho9y54 [bangbus] .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xxx [free] .avi.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 xakmpl beast ihthd33 gh5b6gd7wrv .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\s2fkave xakmpl gay ihthd33 .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gzn4ud7e bd1l5ir mzwpstr8n vjq39c1gwy titts .mpeg.exe
  • %ProgramFiles%\windows journal\templates\beast epyxwn titts .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 ddqayq tsomq34 ihthd33 glans wifey .rar.exe
  • %ProgramFiles%\windows journal\templates\s2fkave h93bklf lpcu5ai3 [milf] nmibe2 .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\mnho9y54 ihthd33 glans 6tl9zg0uqa (karin).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\8r3baiec ddqayq horse [bangbus] lady .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 7nd83wovj sperm [milf] b37oavmx289 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast nom72kl hole .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\lpcu5ai3 [milf] hole ash .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\xxx l9hwcs7vvnphd9 hole 8bgkvshe1 (c4w8hqa).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black 8ok6yf sperm [bangbus] feet .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f07qtt 8ok6yf tsomq34 l9hwcs7vvnphd9 feet .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\tsomq34 hot (!) feet 40+ .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 cum horse uncut hole lzxyhb7k .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse girls hole .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe horse tsomq34 ihthd33 8pfmdyy .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt nude beast girls feet .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave horse xxx epyxwn 6tl9zg0uqa .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave 7nd83wovj xxx hot (!) .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt w6csjja14n1 mnho9y54 l9hwcs7vvnphd9 feet gsva2xn .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave cum sperm [free] gh5b6gd7wrv .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\nom72kl l9hwcs7vvnphd9 cock gh5b6gd7wrv (sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\xxx nom72kl 40+ .mpg.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe 7nd83wovj horse uncut feet zn3tvn (2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\nude yzw1afy apv53deiq9fw hole zmc8ujp (sarah).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt cum nom72kl uncut feet young .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm uncut girly .mpg.exe
  • %ALLUSERSPROFILE%\templates\s2fkave h93bklf gay 7vepaqjm glans js80j73 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm w6csjja14n1 gay [bangbus] fishy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec 8ok6yf beast nom72kl .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm uncut ejn547rbxhd1 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\horse big feet mg9fvb2xk9 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm w6csjja14n1 horse l9hwcs7vvnphd9 feet .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f1i7cm 7nd83wovj epyxwn .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe w6csjja14n1 tsomq34 epyxwn fw58kpr41ob1w .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe porn tsomq34 uncut titts .avi.exe
  • C:\users\default\appdata\local\temp\mnho9y54 vjq39c1gwy (cy4xpd).rar.exe
  • C:\users\default\appdata\local\<INETFILES>\eq7k2xcxt bd1l5ir sperm epyxwn cock .mpg.exe
  • %ALLUSERSPROFILE%\templates\s2fkave bd1l5ir yzw1afy hot (!) hole nmibe2 .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 apv53deiq9fw (karin).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\fac71w2 7nd83wovj mnho9y54 girls feet .mpg.exe
  • C:\users\default\appdata\local\temp\xxx [bangbus] (sarah).zip.exe
  • C:\users\default\templates\fac71w2 bd1l5ir tsomq34 l9hwcs7vvnphd9 gh5b6gd7wrv .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe bd1l5ir tsomq34 girls eigt45 .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gay bq4kno 779mipj .mpeg.exe
  • C:\users\default\templates\sperm girls .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e bd1l5ir sperm ihthd33 .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black nude mnho9y54 epyxwn .mpeg.exe
  • %TEMP%\8r3baiec xakmpl tsomq34 epyxwn (karin).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\8ok6yf mzwpstr8n [milf] 8pfmdyy .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\upfgetx horse big cock nmibe2 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\8r3baiec ddqayq horse apv53deiq9fw feet .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\gay uncut .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\8r3baiec cum yzw1afy nom72kl hole nrb42wq (y8oxsqa).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\black 8ok6yf yzw1afy 7vepaqjm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\z9z7rwe wep6b08 xxx [free] glans .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\gzn4ud7e ddqayq lpcu5ai3 [free] feet sgoibhh .zip.exe
  • %APPDATA%\microsoft\templates\eq7k2xcxt porn mzwpstr8n [milf] .zip.exe
  • %APPDATA%\microsoft\templates\xxx hot (!) cock .zip.exe
  • %APPDATA%\microsoft\windows\templates\beast ihthd33 hole .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\f1i7cm wep6b08 vjq39c1gwy 779mipj .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f1i7cm h93bklf tsomq34 apv53deiq9fw ae2sd7u4xh (rdl1tfkz,y8oxsqa).mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\s2fkave 8ok6yf tsomq34 [milf] cock .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\upfgetx 7nd83wovj horse epyxwn titts .avi.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\eq7k2xcxt w6csjja14n1 mzwpstr8n [free] latex .mpeg.exe
  • %HOMEPATH%\templates\black cum horse [free] gsva2xn .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gzn4ud7e cum beast sgu4m7oc ol6p1tua .avi.exe
  • %HOMEPATH%\templates\z9z7rwe ddqayq tsomq34 uncut feet ol6p1tua (dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\lpcu5ai3 epyxwn titts nrb42wq (y8oxsqa).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt 7nd83wovj nom72kl epyxwn (c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 girls feet gh5b6gd7wrv (c4w8hqa).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt cum lpcu5ai3 epyxwn .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\s2fkave horse yzw1afy uncut (y8oxsqa).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy uncut .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n hot (!) cock rv0y8n (c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt nude mzwpstr8n nom72kl titts .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\horse bq4kno glans latex (g6u8n4r).zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play