FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.29102

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\7b6fhxi 7nd83wovj h93bklf l9hwcs7vvnphd9 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\jxaglwti nude 7nd83wovj l9hwcs7vvnphd9 glans zmc8ujp (cy4xpd,gina).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\wpjwijv w6csjja14n1 horse [free] .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\beast ihthd33 8pfmdyy .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xakmpl epyxwn lzxyhb7k .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 bd1l5ir vjq39c1gwy kfp2yqq .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\7b6fhxi h93bklf bd1l5ir epyxwn rv0y8n (gina).rar.exe
  • %ProgramFiles%\windows journal\templates\w6csjja14n1 [milf] .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\yzw1afy bd1l5ir vjq39c1gwy .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\wpjwijv nom72kl nude [free] glans js80j73 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\wpjwijv horse xxx epyxwn titts zn3tvn (dehod0,haj1oyikd).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ddqayq l9hwcs7vvnphd9 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\nom72kl sperm epyxwn girly .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\eq7k2xcxt mzwpstr8n [bangbus] glans qq6w54yfhtqrbwcslg (sarah,jenna).avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\lpcu5ai3 l9hwcs7vvnphd9 cock .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv nom72kl xxx big wifey (sarah,dehod0).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\nom72kl 7vepaqjm zmc8ujp .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\zc8giv9 beast 8ok6yf vjq39c1gwy legs .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e nude sgu4m7oc .avi.exe
  • %ALLUSERSPROFILE%\templates\f07qtt beast hot (!) girly .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\0287zh nude uncut ash 50+ .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec mzwpstr8n porn [bangbus] kfp2yqq rv0y8n .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e 7nd83wovj epyxwn ash qq6w54yfhtqrbwcslg (sarah).zip.exe
  • %ALLUSERSPROFILE%\templates\horse ddqayq girls boobs lzxyhb7k .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 girls zmc8ujp .mpg.exe
  • C:\users\default\appdata\local\temp\f07qtt xxx lpcu5ai3 big fishy .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx lpcu5ai3 [milf] qx2j1b5 (jenna,liz).avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\z9z7rwe cum 7nd83wovj [milf] eigt45 .rar.exe
  • C:\users\default\templates\gzn4ud7e beast sperm ihthd33 titts b37oavmx289 .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\wpjwijv horse nom72kl boobs nmibe2 (sonja).rar.exe
  • %TEMP%\viaz50 7nd83wovj wep6b08 7vepaqjm (jade,cy4xpd).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\z1qxwcd lpcu5ai3 cum [free] jxqgtp .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\yzw1afy ihthd33 ash .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt 7nd83wovj cum girls zmc8ujp .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\mnho9y54 [bangbus] 6tl9zg0uqa .rar.exe
  • %APPDATA%\microsoft\templates\black gay xakmpl nom72kl hairy .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\0287zh yzw1afy nude uncut (sonja,sonja).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\upfgetx lpcu5ai3 porn vjq39c1gwy ae2sd7u4xh .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\nom72kl h93bklf epyxwn rv0y8n .zip.exe
  • %HOMEPATH%\templates\gay [free] glans girly .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\wpjwijv ddqayq apv53deiq9fw .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\cum l9hwcs7vvnphd9 titts lady .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fac71w2 gay uncut ae2sd7u4xh .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\nom72kl apv53deiq9fw (karin).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\bd1l5ir vjq39c1gwy .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe wep6b08 [bangbus] fw58kpr41ob1w .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\w6csjja14n1 girls gsva2xn (36mho73,rdl1tfkz).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt bd1l5ir porn hot (!) sweet .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\bd1l5ir tsomq34 [milf] fishy (sandy,karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\ikdyfwhy wep6b08 [free] (36mho73,jenna).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ikdyfwhy mnho9y54 h93bklf big (36mho73).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx tsomq34 cum uncut hole girly .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\lpcu5ai3 7nd83wovj girls (karin).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\h93bklf 7nd83wovj girls (haj1oyikd).avi.exe
  • %WINDIR%\assembly\temp\h93bklf girls fishy .rar.exe
  • %WINDIR%\assembly\tmp\7b6fhxi 8ok6yf epyxwn b37oavmx289 .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\8ok6yf [milf] .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\sperm 7vepaqjm kfp2yqq hairy (dehod0).rar.exe
  • %WINDIR%\pla\templates\ddqayq [milf] young .mpg.exe
  • %WINDIR%\security\templates\black bd1l5ir horse l9hwcs7vvnphd9 (36mho73,cy4xpd).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\beast girls kfp2yqq (karin).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\horse bd1l5ir epyxwn hole hotel .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\jxaglwti sgu4m7oc zmc8ujp .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 bd1l5ir apv53deiq9fw .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ikdyfwhy lpcu5ai3 [bangbus] sweet (dxocjwba,sonja).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\porn epyxwn 8pfmdyy .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse 7nd83wovj vjq39c1gwy .rar.exe
  • %WINDIR%\syswow64\fxstmp\z1qxwcd mzwpstr8n horse big ejn547rbxhd1 .rar.exe
  • %WINDIR%\syswow64\ime\shared\z1qxwcd yzw1afy ddqayq uncut zn3tvn (haj1oyikd).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\ddqayq vjq39c1gwy wifey .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\asian yzw1afy 7nd83wovj [milf] legs .rar.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti sperm ihthd33 latex .mpg.exe
  • %WINDIR%\syswow64\ime\shared\ikdyfwhy horse yzw1afy ihthd33 qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\winsxs\installtemp\wpjwijv horse 7vepaqjm boobs (gina).mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\sperm big ol6p1tua .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\gay uncut titts .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\tsomq34 sgu4m7oc .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx cum tsomq34 [milf] glans wifey .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\black ddqayq gay vjq39c1gwy glans .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe w6csjja14n1 beast apv53deiq9fw cock .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black h93bklf lpcu5ai3 vjq39c1gwy ol6p1tua .mpg.exe
  • %ProgramFiles%\windows journal\templates\upfgetx cum yzw1afy big nmibe2 .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\horse sgu4m7oc (sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\mzwpstr8n 7vepaqjm (g6u8n4r).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt h93bklf sperm sgu4m7oc 8pfmdyy .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl sgu4m7oc b37oavmx289 .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx horse xxx nom72kl 40+ .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black horse beast uncut .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec bd1l5ir xxx nom72kl (g6u8n4r).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8r3baiec w6csjja14n1 lpcu5ai3 apv53deiq9fw latex (hyo87il,jade).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\zc8giv9 [free] (y8oxsqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx hot (!) eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 uncut hole .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave 7nd83wovj gay nom72kl titts .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ [bangbus] .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay [bangbus] (karin).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm nude xxx ihthd33 feet .rar.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt horse nom72kl sgu4m7oc rv0y8n .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec wep6b08 beast l9hwcs7vvnphd9 feet (rdl1tfkz,c4w8hqa).zip.exe
  • C:\users\default\appdata\local\temp\black cum beast [bangbus] .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e porn tsomq34 vjq39c1gwy young .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\lpcu5ai3 7vepaqjm js80j73 .avi.exe
  • C:\users\default\templates\f07qtt bd1l5ir beast vjq39c1gwy young .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\mzwpstr8n [bangbus] eigt45 .avi.exe
  • %TEMP%\beast [milf] titts .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy sgu4m7oc .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\gzn4ud7e w6csjja14n1 yzw1afy [milf] cock wifey (y8oxsqa).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt cum [bangbus] .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f07qtt bd1l5ir gay uncut titts .avi.exe
  • %APPDATA%\microsoft\templates\yzw1afy hot (!) 6tl9zg0uqa (haj1oyikd,cy4xpd).mpg.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec bd1l5ir yzw1afy [milf] eigt45 (36mho73,jade).mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\horse big feet .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\xxx [free] (c4w8hqa).avi.exe
  • %HOMEPATH%\templates\upfgetx bd1l5ir beast l9hwcs7vvnphd9 latex .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\xxx girls (y8oxsqa).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\sperm 7vepaqjm (g6u8n4r).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e wep6b08 horse uncut feet .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n girls .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt 7nd83wovj yzw1afy [milf] lzxyhb7k .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\lpcu5ai3 [bangbus] fishy .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\fac71w2 nude yzw1afy uncut (y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec w6csjja14n1 gay hot (!) sweet .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\black 7nd83wovj lpcu5ai3 big titts shoes (g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\s2fkave xakmpl vjq39c1gwy cock ae2sd7u4xh .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\sperm ihthd33 (y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8r3baiec porn xxx ihthd33 779mipj .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\tsomq34 7vepaqjm .avi.exe
  • %WINDIR%\assembly\temp\gzn4ud7e ddqayq yzw1afy apv53deiq9fw .mpg.exe
  • %WINDIR%\assembly\tmp\8r3baiec 7nd83wovj horse [bangbus] sgoibhh .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm cum nom72kl sgu4m7oc feet js80j73 (y8oxsqa).rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\tsomq34 epyxwn hole lady .avi.exe
  • %WINDIR%\pla\templates\tsomq34 vjq39c1gwy (cy4xpd).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave w6csjja14n1 tsomq34 nom72kl glans ol6p1tua .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mnho9y54 [milf] 50+ (sonja,sarah).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\lpcu5ai3 uncut glans 40+ (liz).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\8r3baiec bd1l5ir xxx hot (!) cock ejn547rbxhd1 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 l9hwcs7vvnphd9 sweet .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\s2fkave 7nd83wovj lpcu5ai3 bq4kno nrb42wq .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n uncut cock gh5b6gd7wrv (dxocjwba).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\xakmpl sperm big glans nmibe2 .avi.exe
  • %WINDIR%\syswow64\ime\shared\mzwpstr8n hot (!) hole (hyo87il,c4w8hqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm uncut titts (jenna,jade).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt 8ok6yf beast hot (!) (g6u8n4r).mpg.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx bd1l5ir horse 7vepaqjm boots .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm porn nom72kl epyxwn shoes (haj1oyikd,g6u8n4r).mpg.exe
  • %WINDIR%\winsxs\installtemp\black 7nd83wovj beast bq4kno cock .zip.exe
  • %CommonProgramFiles%\microsoft shared\gzn4ud7e gay nom72kl ihthd33 legs .mpg.exe
  • %CommonProgramFiles%\microsoft shared\tsomq34 vjq39c1gwy (cy4xpd).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe cum horse 7vepaqjm hotel .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\gay nom72kl glans sm (jade).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\wep6b08 7vepaqjm js80j73 (gina).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay hot (!) 8pfmdyy (dehod0,2hbt8wr).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e porn yzw1afy [free] qq6w54yfhtqrbwcslg .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\fac71w2 wep6b08 xxx [bangbus] feet .mpg.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 xakmpl tsomq34 hot (!) cock gh5b6gd7wrv .rar.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e tsomq34 8ok6yf vjq39c1gwy (hyo87il,c4w8hqa).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\upfgetx porn uncut fw58kpr41ob1w .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe w6csjja14n1 tsomq34 bq4kno wifey .avi.exe
  • %ProgramFiles%\windows journal\templates\s2fkave w6csjja14n1 tsomq34 [milf] b37oavmx289 .rar.exe
  • %ProgramFiles%\windows journal\templates\beast yzw1afy [milf] .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black cum gay hot (!) hole .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt 8ok6yf horse apv53deiq9fw lady .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd lpcu5ai3 cum sgu4m7oc shoes .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave sperm uncut fishy (dehod0,jenna).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt xakmpl [bangbus] glans sm .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\nude [bangbus] kfp2yqq hotel (36mho73).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\sperm [free] .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\tsomq34 uncut (haj1oyikd).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\nom72kl sperm 7vepaqjm ash .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\lpcu5ai3 [milf] .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\zc8giv9 porn nude l9hwcs7vvnphd9 titts .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm ddqayq nom72kl l9hwcs7vvnphd9 hairy .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt mzwpstr8n lpcu5ai3 vjq39c1gwy ae2sd7u4xh (2hbt8wr,sarah).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\sperm big zmc8ujp (jenna,2hbt8wr).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx yzw1afy 8ok6yf ihthd33 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm bd1l5ir tsomq34 uncut legs (gina).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave cum sperm [free] hole shoes .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0287zh gay apv53deiq9fw cock eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm apv53deiq9fw (y8oxsqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx gay h93bklf big 779mipj .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave horse nom72kl ihthd33 feet 40+ .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm wep6b08 mzwpstr8n bq4kno .mpeg.exe
  • %ALLUSERSPROFILE%\templates\ girls eigt45 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt horse lpcu5ai3 [free] feet girly .mpeg.exe
  • %ALLUSERSPROFILE%\templates\7nd83wovj [bangbus] legs gh5b6gd7wrv .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy [free] glans ejn547rbxhd1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt xakmpl beast sgu4m7oc glans 779mipj (g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave h93bklf sperm [free] girly .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 h93bklf ihthd33 hole fw58kpr41ob1w .rar.exe
  • %ALLUSERSPROFILE%\templates\beast epyxwn glans girly .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec ddqayq tsomq34 epyxwn wifey .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt 8ok6yf sgu4m7oc 779mipj .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\lpcu5ai3 sgu4m7oc .mpg.exe
  • C:\users\default\appdata\local\temp\gay girls gh5b6gd7wrv (hyo87il,jade).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\black horse mnho9y54 big glans .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\ddqayq bq4kno hole .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f07qtt porn mnho9y54 7vepaqjm hole ae2sd7u4xh .avi.exe
  • C:\users\default\templates\s2fkave cum mzwpstr8n apv53deiq9fw b37oavmx289 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\upfgetx sperm uncut 6tl9zg0uqa .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e yzw1afy sgu4m7oc boobs rv0y8n .avi.exe
  • C:\users\default\appdata\local\temp\bd1l5ir l9hwcs7vvnphd9 boobs ejn547rbxhd1 .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\asian horse uncut glans zn3tvn .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm 8ok6yf lpcu5ai3 [milf] zn3tvn .mpg.exe
  • %TEMP%\horse 7vepaqjm fishy .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\ddqayq nude epyxwn .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\8r3baiec nude tsomq34 [milf] lady .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\mnho9y54 [free] ol6p1tua .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\gay [bangbus] gsva2xn .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\tsomq34 l9hwcs7vvnphd9 (y8oxsqa).zip.exe
  • C:\users\default\templates\bd1l5ir nom72kl shoes (cy4xpd,karin).mpeg.exe
  • %APPDATA%\microsoft\templates\sperm apv53deiq9fw 779mipj (sonja,2hbt8wr).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\gzn4ud7e 7nd83wovj xxx 7vepaqjm feet .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\tsomq34 nom72kl kfp2yqq boots .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\lpcu5ai3 epyxwn feet latex .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e horse gay 7vepaqjm (sarah).zip.exe
  • %TEMP%\mnho9y54 h93bklf [bangbus] sm .mpeg.exe
  • %HOMEPATH%\templates\eq7k2xcxt xakmpl yzw1afy sgu4m7oc (jade).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\0287zh sperm hot (!) nmibe2 .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\0287zh wep6b08 xxx [milf] balls (karin,cy4xpd).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black wep6b08 apv53deiq9fw nrb42wq .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec horse yzw1afy [milf] glans lzxyhb7k (karin).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave wep6b08 tsomq34 girls fw58kpr41ob1w .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\f1i7cm 7nd83wovj apv53deiq9fw feet (36mho73).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\4h1e2a346 mzwpstr8n hot (!) legs qx2j1b5 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\wep6b08 vjq39c1gwy 779mipj .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl [milf] 50+ (gina,g6u8n4r).mpg.exe
  • %APPDATA%\microsoft\templates\0287zh 8ok6yf 7vepaqjm (haj1oyikd,karin).zip.exe
  • %APPDATA%\microsoft\windows\templates\ikdyfwhy yzw1afy uncut fishy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe h93bklf tsomq34 [milf] titts b37oavmx289 (liz).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f1i7cm horse sperm 7vepaqjm lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe 7nd83wovj xxx vjq39c1gwy young .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\s2fkave xakmpl lpcu5ai3 vjq39c1gwy feet .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xxx vjq39c1gwy (jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\eq7k2xcxt 7nd83wovj tsomq34 ihthd33 hole (sonja,g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm bd1l5ir tsomq34 uncut (g6u8n4r).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\s2fkave horse tsomq34 l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\assembly\temp\horse sgu4m7oc hole 50+ .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\nude [bangbus] cock .avi.exe
  • %HOMEPATH%\templates\f07qtt yzw1afy 7vepaqjm hole .zip.exe
  • %WINDIR%\assembly\tmp\fac71w2 8ok6yf horse vjq39c1gwy .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ lpcu5ai3 [milf] ash sm (dehod0).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z1qxwcd horse apv53deiq9fw zmc8ujp .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n l9hwcs7vvnphd9 gh5b6gd7wrv .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z1qxwcd tsomq34 mnho9y54 girls hairy .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\xakmpl beast hot (!) wifey (cy4xpd,36mho73).mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z1qxwcd sperm mnho9y54 big rv0y8n .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black h93bklf nom72kl [free] (sarah).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\beast apv53deiq9fw .mpg.exe
  • %WINDIR%\pla\templates\xxx girls glans latex .mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play