FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.29655

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\cum ihthd33 ash .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\ikdyfwhy ddqayq xxx epyxwn hole ejn547rbxhd1 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\black tsomq34 nom72kl jxqgtp nrb42wq .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8ok6yf apv53deiq9fw .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\z9z7rwe h93bklf uncut (jenna).zip.exe
  • %ProgramFiles%\microsoft office\templates\bd1l5ir nom72kl .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\w6csjja14n1 uncut glans lzxyhb7k .mpeg.exe
  • %ProgramFiles%\windows journal\templates\7b6fhxi ddqayq uncut .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\bd1l5ir uncut girly .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm [milf] .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\wpjwijv gay 7vepaqjm 6tl9zg0uqa .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\0287zh w6csjja14n1 gay [bangbus] cock .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\bd1l5ir girls feet .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\xxx mzwpstr8n [milf] .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gay w6csjja14n1 big jxqgtp fw58kpr41ob1w .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm sperm nude uncut legs lzxyhb7k (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv 7nd83wovj apv53deiq9fw boots .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8ok6yf girls ol6p1tua (y8oxsqa).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\fac71w2 nude big hole sweet (gina,haj1oyikd).zip.exe
  • %ALLUSERSPROFILE%\templates\xakmpl horse apv53deiq9fw legs .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx h93bklf vjq39c1gwy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e gay [free] .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 tsomq34 wep6b08 nom72kl (36mho73).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx mnho9y54 uncut .avi.exe
  • %ALLUSERSPROFILE%\templates\horse epyxwn (dxocjwba,haj1oyikd).avi.exe
  • C:\users\default\appdata\local\temp\fac71w2 beast [milf] 8pfmdyy .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 wep6b08 [bangbus] feet (dehod0,36mho73).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\porn bd1l5ir hot (!) qq6w54yfhtqrbwcslg (sonja).mpg.exe
  • C:\users\default\templates\fac71w2 nude epyxwn ash girly .zip.exe
  • %TEMP%\xakmpl uncut .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\porn nom72kl legs .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\asian nom72kl horse vjq39c1gwy .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\bd1l5ir l9hwcs7vvnphd9 boobs zn3tvn .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\black lpcu5ai3 [milf] .mpeg.exe
  • %APPDATA%\microsoft\templates\8r3baiec nom72kl apv53deiq9fw b37oavmx289 (jade).mpg.exe
  • %APPDATA%\microsoft\windows\templates\beast [milf] .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\wpjwijv yzw1afy uncut boobs fishy .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z9z7rwe horse h93bklf epyxwn nmibe2 .rar.exe
  • %HOMEPATH%\templates\gay big eigt45 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\zc8giv9 mnho9y54 ihthd33 jxqgtp .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\0287zh h93bklf bq4kno 6tl9zg0uqa .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx tsomq34 [free] 779mipj (rdl1tfkz).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\4h1e2a346 lpcu5ai3 bq4kno 50+ .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt horse yzw1afy epyxwn lzxyhb7k .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\w6csjja14n1 hot (!) 779mipj .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\wpjwijv nude epyxwn (jenna).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z9z7rwe nude 7vepaqjm jxqgtp .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\viaz50 nude nom72kl apv53deiq9fw hole lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\jxaglwti horse mnho9y54 vjq39c1gwy jxqgtp sgoibhh .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ bq4kno .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\asian nom72kl bd1l5ir epyxwn jxqgtp .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\tsomq34 vjq39c1gwy boobs lzxyhb7k .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\xakmpl uncut .mpg.exe
  • %WINDIR%\assembly\temp\asian ddqayq horse [milf] sweet .mpg.exe
  • %WINDIR%\assembly\tmp\horse apv53deiq9fw ash .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\xakmpl [free] (36mho73,2hbt8wr).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e mzwpstr8n ihthd33 fw58kpr41ob1w .rar.exe
  • %WINDIR%\pla\templates\tsomq34 w6csjja14n1 uncut cock .zip.exe
  • %WINDIR%\security\templates\nude hot (!) 8pfmdyy .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\0287zh xakmpl ddqayq epyxwn feet (dehod0).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\zc8giv9 tsomq34 beast big qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\porn cum [bangbus] fishy (sonja,rdl1tfkz).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\4h1e2a346 bd1l5ir epyxwn (karin).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\w6csjja14n1 yzw1afy 7vepaqjm wifey (sonja,gina).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\xxx 8ok6yf [free] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\h93bklf 7vepaqjm legs lzxyhb7k .avi.exe
  • %WINDIR%\syswow64\fxstmp\wep6b08 nom72kl ihthd33 glans 8bgkvshe1 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\4h1e2a346 tsomq34 apv53deiq9fw boots .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\4h1e2a346 mzwpstr8n apv53deiq9fw zn3tvn .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\horse ihthd33 kfp2yqq (sonja,36mho73).avi.exe
  • %WINDIR%\syswow64\ime\shared\gay tsomq34 [bangbus] kfp2yqq .mpg.exe
  • %WINDIR%\temp\7nd83wovj bd1l5ir [bangbus] .mpeg.exe
  • %WINDIR%\winsxs\installtemp\gay porn 7vepaqjm 6tl9zg0uqa .mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\wpjwijv 7nd83wovj bq4kno (sonja).mpg.exe
  • %CommonProgramFiles%\microsoft shared\yzw1afy uncut hole ejn547rbxhd1 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\f07qtt porn mzwpstr8n nom72kl balls .zip.exe
  • %ProgramFiles%\dvd maker\shared\horse 7vepaqjm (sonja).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\zc8giv9 horse girls (jenna,sarah).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\eq7k2xcxt tsomq34 xakmpl epyxwn (sarah).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx cum nom72kl uncut 6tl9zg0uqa .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8r3baiec horse beast apv53deiq9fw (y8oxsqa).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay nom72kl kfp2yqq hotel .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt w6csjja14n1 yzw1afy l9hwcs7vvnphd9 (y8oxsqa).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\wpjwijv wep6b08 [milf] lady .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\wpjwijv nom72kl nom72kl .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black bd1l5ir epyxwn 50+ .rar.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm nude lpcu5ai3 bq4kno glans fw58kpr41ob1w .mpeg.exe
  • %ProgramFiles%\windows journal\templates\z1qxwcd yzw1afy porn apv53deiq9fw hole .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\beast uncut .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\tsomq34 [bangbus] gsva2xn (sonja,jade).mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\4h1e2a346 porn apv53deiq9fw (liz).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\wpjwijv nude bq4kno .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mnho9y54 horse hot (!) .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\fac71w2 8ok6yf 8ok6yf [free] .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\horse ddqayq big boobs .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe bd1l5ir l9hwcs7vvnphd9 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\upfgetx horse lpcu5ai3 big titts .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\lpcu5ai3 [milf] glans (sonja,liz).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8ok6yf nom72kl nom72kl zn3tvn (c4w8hqa,liz).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay hot (!) 8bgkvshe1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7nd83wovj cum bq4kno hole 50+ (36mho73).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black bd1l5ir gay girls hole 6tl9zg0uqa (sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\wpjwijv nom72kl bq4kno lady .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\tsomq34 sgu4m7oc lzxyhb7k (dehod0,cy4xpd).avi.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec horse xxx apv53deiq9fw jxqgtp sgoibhh .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave h93bklf mnho9y54 nom72kl hole .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt 8ok6yf [free] cock .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt cum xxx uncut .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 yzw1afy [milf] feet zn3tvn .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay vjq39c1gwy cock qq6w54yfhtqrbwcslg (c4w8hqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm wep6b08 mzwpstr8n apv53deiq9fw (g6u8n4r,sarah).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\ikdyfwhy ddqayq [bangbus] ejn547rbxhd1 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm uncut titts ejn547rbxhd1 .rar.exe
  • %ALLUSERSPROFILE%\templates\ l9hwcs7vvnphd9 zn3tvn .rar.exe
  • %ALLUSERSPROFILE%\templates\viaz50 mzwpstr8n porn epyxwn rv0y8n (cy4xpd).mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 [free] .avi.exe
  • C:\users\default\appdata\local\temp\upfgetx horse mnho9y54 epyxwn ol6p1tua .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\7nd83wovj tsomq34 sgu4m7oc 40+ .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec yzw1afy apv53deiq9fw (liz,cy4xpd).zip.exe
  • C:\users\default\templates\4h1e2a346 nom72kl xxx ihthd33 .mpg.exe
  • %TEMP%\0287zh lpcu5ai3 wep6b08 [bangbus] jxqgtp ejn547rbxhd1 .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\black yzw1afy h93bklf uncut qq6w54yfhtqrbwcslg (gina).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\ddqayq ihthd33 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm xakmpl gay big titts gsva2xn (2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e h93bklf gay bq4kno feet sm (liz).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\xxx horse vjq39c1gwy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 sgu4m7oc zn3tvn .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\beast porn nom72kl .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec h93bklf sperm [bangbus] hole 6tl9zg0uqa .zip.exe
  • %APPDATA%\microsoft\templates\h93bklf big .mpeg.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt w6csjja14n1 sgu4m7oc glans 8pfmdyy .rar.exe
  • %APPDATA%\microsoft\windows\templates\zc8giv9 nom72kl lpcu5ai3 sgu4m7oc sweet (dehod0,cy4xpd).zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 7vepaqjm cock .mpg.exe
  • C:\users\default\appdata\local\temp\gay hot (!) feet .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\eq7k2xcxt ddqayq uncut ash (jenna,jade).mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e w6csjja14n1 tsomq34 bq4kno hole (haj1oyikd,jade).avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\jxaglwti cum mzwpstr8n epyxwn hole boots (haj1oyikd).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gzn4ud7e w6csjja14n1 gay sgu4m7oc titts sm .zip.exe
  • %HOMEPATH%\templates\zc8giv9 gay 7nd83wovj 7vepaqjm sm (haj1oyikd).mpeg.exe
  • C:\users\default\templates\eq7k2xcxt ddqayq mnho9y54 big glans .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ddqayq gay 7vepaqjm .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f1i7cm 7nd83wovj big .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\lpcu5ai3 7nd83wovj hot (!) qx2j1b5 (y8oxsqa).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\jxaglwti xxx mnho9y54 7vepaqjm .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\0287zh xxx horse apv53deiq9fw titts 779mipj (g6u8n4r,jenna).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm horse yzw1afy [free] hole wifey .zip.exe
  • %TEMP%\gzn4ud7e cum xxx nom72kl hole rv0y8n .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\gzn4ud7e 8ok6yf horse vjq39c1gwy hole ae2sd7u4xh (jade).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\horse big hotel .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\gzn4ud7e bd1l5ir vjq39c1gwy hotel .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\gay uncut titts girly .avi.exe
  • %APPDATA%\microsoft\templates\black porn lpcu5ai3 bq4kno feet .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt ddqayq sgu4m7oc (2hbt8wr,y8oxsqa).mpg.exe
  • %APPDATA%\microsoft\windows\templates\fac71w2 porn lpcu5ai3 uncut titts 8bgkvshe1 (sarah).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 h93bklf yzw1afy [milf] js80j73 (dehod0,jade).mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\s2fkave ddqayq horse l9hwcs7vvnphd9 (g6u8n4r).mpeg.exe
  • %HOMEPATH%\templates\black bd1l5ir mnho9y54 hot (!) feet fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay [free] hole .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe cum lpcu5ai3 [bangbus] shoes .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ vjq39c1gwy glans .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe nude mzwpstr8n big ae2sd7u4xh .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt w6csjja14n1 beast big hole (hyo87il,sarah).mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx bd1l5ir sperm [milf] hole (sandy,liz).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe mnho9y54 xakmpl uncut (2hbt8wr,dxocjwba).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z1qxwcd 8ok6yf nom72kl big fishy .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\0287zh wep6b08 [milf] latex (sandy,y8oxsqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mzwpstr8n ihthd33 nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\eq7k2xcxt tsomq34 [milf] glans zmc8ujp (y8oxsqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\wpjwijv nom72kl lpcu5ai3 girls hole ejn547rbxhd1 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gzn4ud7e h93bklf tsomq34 7vepaqjm .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\upfgetx h93bklf yzw1afy 7vepaqjm hairy .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nude mzwpstr8n girls hole eigt45 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast epyxwn ol6p1tua .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\beast uncut eigt45 (dehod0,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\8r3baiec h93bklf beast uncut nmibe2 (hyo87il,cy4xpd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\nom72kl epyxwn feet (sandy,2hbt8wr).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\lpcu5ai3 nom72kl .zip.exe
  • %WINDIR%\assembly\temp\porn sgu4m7oc young .zip.exe
  • %WINDIR%\assembly\tmp\beast uncut ash .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gzn4ud7e nude mzwpstr8n [milf] .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\fac71w2 h93bklf yzw1afy hot (!) (sarah).mpg.exe
  • %WINDIR%\assembly\temp\gay 7vepaqjm zmc8ujp (rdl1tfkz,cy4xpd).rar.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt wep6b08 mnho9y54 nom72kl .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e mzwpstr8n apv53deiq9fw .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black sperm 8ok6yf girls .mpeg.exe
  • %WINDIR%\pla\templates\7b6fhxi horse bq4kno ash 8bgkvshe1 .rar.exe
  • %WINDIR%\security\templates\nude ddqayq 7vepaqjm (sonja,y8oxsqa).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\xxx [milf] .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\mnho9y54 hot (!) .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse hot (!) 8bgkvshe1 (karin,hyo87il).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\wpjwijv cum [bangbus] ash (36mho73,sandy).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\cum porn ihthd33 shoes .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\s2fkave h93bklf bd1l5ir uncut boobs (dehod0).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\viaz50 tsomq34 porn apv53deiq9fw .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm girls (jade).mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe bd1l5ir gay l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe 8ok6yf mnho9y54 uncut 779mipj .zip.exe
  • %WINDIR%\pla\templates\eq7k2xcxt w6csjja14n1 nom72kl girls feet .mpeg.exe
  • %WINDIR%\security\templates\yzw1afy uncut zmc8ujp .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\beast ihthd33 feet 40+ .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe horse mnho9y54 7vepaqjm (y8oxsqa).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 nom72kl feet sweet (liz).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e w6csjja14n1 gay l9hwcs7vvnphd9 6tl9zg0uqa .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e cum lpcu5ai3 l9hwcs7vvnphd9 shoes .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\upfgetx horse xxx l9hwcs7vvnphd9 feet .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\xxx uncut 779mipj .rar.exe
  • %WINDIR%\syswow64\fxstmp\0287zh gay w6csjja14n1 sgu4m7oc (y8oxsqa,karin).rar.exe
  • %WINDIR%\syswow64\ime\shared\asian xxx vjq39c1gwy kfp2yqq .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm bq4kno js80j73 .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\viaz50 xakmpl nude big kfp2yqq sgoibhh .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\black uncut eigt45 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e w6csjja14n1 l9hwcs7vvnphd9 mg9fvb2xk9 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\asian w6csjja14n1 beast hot (!) .avi.exe
  • %WINDIR%\temp\black 7nd83wovj porn ihthd33 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\mzwpstr8n [milf] titts rv0y8n (c4w8hqa).mpg.exe
  • %WINDIR%\syswow64\ime\shared\horse ihthd33 ol6p1tua .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 8ok6yf xxx nom72kl (2hbt8wr).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e w6csjja14n1 7vepaqjm (y8oxsqa).avi.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e porn nom72kl titts .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\horse hot (!) zmc8ujp (sonja,jade).zip.exe
  • %WINDIR%\temp\horse ihthd33 lady .rar.exe
  • %WINDIR%\winsxs\installtemp\h93bklf epyxwn zmc8ujp .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play