Um eine korrekte Funktionsweise unserer Website zu gewährleisten, müssen Sie die Unterstützung für JavaScript in Ihrem Browser aktivieren.
Win32.HLLM.Reset.460
Added to the Dr.Web virus database:
2014-07-19
Virus description added:
2014-07-21
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,<LS_APPDATA>\jwaroevi\rarexsdb.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RarExsdb' = '<LS_APPDATA>\jwaroevi\rarexsdb.exe'
Creates or modifies the following files:
%HOMEPATH%\Start Menu\Programs\Startup\rarexsdb.exe
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
To complicate detection of its presence in the operating system,
blocks the following features:
User Account Control (UAC)
Windows Security Center
Creates and executes the following:
Executes the following:
Injects code into
the following system processes:
Modifies file system :
Creates the following files:
%ALLUSERSPROFILE%\Application Data\ybfcuwpc.log
<LS_APPDATA>\lawhwilb.log
<LS_APPDATA>\jwaroevi\rarexsdb.exe
%TEMP%\byjjjqlf.exe
%TEMP%\ifqydaby.exe
Sets the 'hidden' attribute to the following files:
%HOMEPATH%\Start Menu\Programs\Startup\rarexsdb.exe
Network activity:
Connects to:
'it####xjghvvxa.com':443
'kn#####cwtlvgrdyhd.com':443
'jh###lufoh.com':443
'hu###fjq.com':443
'tq###ylf.com':443
'vr####rdrjoff.com':443
'an#####wcbnjopdd.com':443
'74.##5.232.51':80
UDP:
DNS ASK xr#####awtlmulghjj.com
DNS ASK yc####vxdnlsa.com
DNS ASK jm####wtcjev.com
DNS ASK rr####fucjjylju.com
DNS ASK fg####gcdomle.com
DNS ASK re####njqssbrnf.com
DNS ASK ea####aobohxb.com
DNS ASK xb###sli.com
DNS ASK jy####gwfhyns.com
DNS ASK ib#####ochoyjidm.com
DNS ASK vw####josuovul.com
DNS ASK lv####bdtfapwev.com
DNS ASK ri####otkuysyfh.com
DNS ASK af###gddfi.com
DNS ASK wn#####nwiugtvwyo.com
DNS ASK im###kaudq.com
DNS ASK tb#####iecloxihf.com
DNS ASK xo###bqb.com
DNS ASK dh###whoj.com
DNS ASK ov#####jcnvwwooiamj.com
DNS ASK uc#####ryboqwbmlxke.com
DNS ASK qp###bstn.com
DNS ASK ha#####qjkkaejwi.com
DNS ASK nw#####auuwsyuppii.com
DNS ASK if###anec.com
DNS ASK gw###jueqme.com
DNS ASK bing.com
DNS ASK ok###clblpl.com
DNS ASK to###nnhm.com
DNS ASK nf####vxyssyda.com
DNS ASK ll###gbqhv.com
DNS ASK sc####lmfbgf.com
DNS ASK em###yirx.com
DNS ASK yo###axsana.com
DNS ASK ex###gyv.com
DNS ASK sh#####teeocltymxe.com
DNS ASK qd#####uhwabhwik.com
DNS ASK fs#####ychumrgrmhwo.com
DNS ASK ec#####vvoydawmfni.com
DNS ASK vb####wyurqem.com
DNS ASK hg####eedieibxy.com
DNS ASK pp###aohb.com
DNS ASK je###rgatod.com
DNS ASK kh###mpmare.com
DNS ASK ri###ysk.com
DNS ASK an###qyfy.com
DNS ASK ck####lutybvcxv.com
DNS ASK google.com
DNS ASK an#####wcbnjopdd.com
DNS ASK vr####rdrjoff.com
DNS ASK tq###ylf.com
DNS ASK kn#####cwtlvgrdyhd.com
DNS ASK jh###lufoh.com
DNS ASK nv###fua.com
DNS ASK it####xjghvvxa.com
DNS ASK hu###fjq.com
DNS ASK vf####ablskkqrx.com
DNS ASK uv#####fbeyvebqeb.com
DNS ASK jm#####ktxvegsxid.com
DNS ASK hj###duyebf.com
DNS ASK eb###yrs.com
DNS ASK my###puoh.com
DNS ASK qt#####tfgmkxqjrik.com
DNS ASK wx#####eacmrtdam.com
DNS ASK vf####sgsfsodw.com
DNS ASK sb#####tiavvtrkrn.com
DNS ASK qy###vjwh.com
DNS ASK wl###wlygck.com
DNS ASK eg####frdsefc.com
DNS ASK fy####uksgjfxy.com
DNS ASK lc###ndroo.com
DNS ASK eu####bkwahxxjn.com
DNS ASK ty#####ijdcxtdxd.com
DNS ASK ac#####dvnmhthwnlxv.com
DNS ASK qv#####pofqsxdnr.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: '(null)'
Laden Sie Dr.Web für Android herunter
Kostenlos für 3 Monate
Alle Schutzkomponenten
Verlängerung der Testversion über AppGallery/Google Pay
Wenn Sie diese Webseite weiter benutzen, bedeutet dies, dass Sie mit der Verarbeitung von Cookies sowie dem Einsatz anderer Technologien zur Sammlung von statistischen Nutzerdaten einverstanden sind. Mehr dazu
OK