Для коректної роботи нашого сайта необхідно включити підтримку JavaScript у Вашому браузері.
Win32.HLLW.Autoruner3.2382
Добавлен в вирусную базу Dr.Web:
2020-06-15
Описание добавлено:
2020-06-17
Technical Information
To ensure autorun and distribution
Creates the following files on removable media
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\lagu baru.exe
Malicious functions
To complicate detection of its presence in the operating system,
modifies the following system settings:
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoTrayContextMenu' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSetTaskbar' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '00000004'
Modifies file system
Creates the following files
%TEMP%\~ddd.bat
C:\far2\pluginsdk\headers.c\headers.c.exe
C:\far2\plugins\ftp\lib\lib.exe
C:\far2\plugins\tmppanel\tmppanel.exe
C:\far2\plugins\proclist\proclist.exe
C:\far2\plugins\network\network.exe
C:\far2\plugins\macroview\macroview.exe
C:\far2\plugins\autowrap\autowrap.exe
C:\far2\plugins\hlfviewer\hlfviewer.exe
C:\far2\plugins\filecase\filecase.exe
C:\far2\plugins\farcmds\farcmds.exe
C:\far2\plugins\emenu\emenu.exe
C:\far2\plugins\editcase\editcase.exe
C:\far2\plugins\drawline\drawline.exe
C:\far2\plugins\compare\compare.exe
C:\far2\plugins\ftp\ftp.exe
C:\far2\plugins\brackets\brackets.exe
C:\far2\pluginsdk\headers.pas\headers.pas.exe
C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\{90140000-0043-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.es.exe
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.en.exe
C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\{90140000-0117-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\{90140000-0115-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\{90140000-00ba-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\{90140000-00a1-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\{90140000-0011-0000-1000-0000000ff1ce}-c.exe
C:\msocache\all users\all users.exe
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\{90140000-002c-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\{90140000-001b-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\{90140000-001a-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\{90140000-0019-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\{90140000-0018-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\{90140000-0016-0409-1000-0000000ff1ce}-c.exe
C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\{90140000-0044-0409-1000-0000000ff1ce}-c.exe
C:\far2\plugins\arclite\arclite.exe
C:\far2\plugins\align\align.exe
C:\far2\encyclopedia\tap\tap.exe
%ProgramFiles(x86)%\program files (x86).exe
%ProgramFiles%\program files.exe
C:\perflogs\perflogs.exe
C:\far2\far2.exe
%ALLUSERSPROFILE%\desktop\lagu baru.exe
<Current directory>\tsjwxo.exe
%ALLUSERSPROFILE%\desktop\this is my life.exe
D:\lagu baru.exe
C:\lagu baru.exe
D:\autorun.inf
C:\autorun.inf
<Current directory>\autorun.inf
%LOCALAPPDATA%\internet download manager 519.rar
%ALLUSERSPROFILE%\desktop\my name is on site.exe
%HOMEPATH%s.exe
C:\totalcmd\totalcmd.exe
%WINDIR%\windows.exe
C:\far2\documentation\rus\rus.exe
C:\far2\addons\setup\setup.exe
C:\far2\documentation\eng\eng.exe
C:\far2\addons\xlat\russian\russian.exe
C:\far2\addons\colors\default_highlighting\default_highlighting.exe
C:\far2\addons\colors\custom_highlighting\custom_highlighting.exe
C:\far2\addons\xlat\xlat.exe
C:\far2\addons\shell\shell.exe
C:\far2\addons\macros\macros.exe
C:\far2\addons\addons.exe
C:\far2\addons\colors\colors.exe
C:\far2\pluginsdk\pluginsdk.exe
C:\far2\plugins\plugins.exe
C:\far2\fexcept\fexcept.exe
C:\far2\encyclopedia\encyclopedia.exe
C:\far2\documentation\documentation.exe
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.fr.exe
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\1033.exe
Sets the 'hidden' attribute to the following files
Miscellaneous
Creates and executes the following
'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~DDD.bat "<Full path to file>"' (with hidden window)
Executes the following
'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~DDD.bat "<Full path to file>"
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispCPL /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoTrayContextMenu /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetTaskbar /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t reg_dword /d 1 /f
'%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t reg_dword /d 4 /f
Завантажте Dr.Web для Android
Безкоштовно на 3 місяці
Всі компоненти захисту
Подовження демо в AppGallery/Google Pay
Подальший перегляд даного сайта означає, що Ви погоджуєтесь на використання нами cookie-файлів та інших технологій збору статистичних відомостей про відвідувачів. Докладніше
OK