Trojan.KillProc.22910

Техническая информация

Вредоносные функции:

Запускает на исполнение:

<SYSTEM32>\attrib.exe <SYSTEM32>\rsmyipm.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\rsmyipm.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\myad.nls +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\uqwhnn.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\myad.nls -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\mwiszyys32_071132.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc32.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\mwiszyys32_071132.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kav.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kav.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\uqwhnn.exe -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.tmp" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.dat" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\c073c -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\c073c +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\system\soundmno.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\system\soundmno.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\txhmou.exe +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.tmp" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\txhmou.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\forget.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\remember.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\forget.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\1.inf -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\1.inf +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\cmdbcs.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\cmdbcs.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\cmdbcs.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\remember.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\cmdbcs.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\1013.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc071129.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc071129.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc071129.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc32.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\mycc071129.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\osvth.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\1013.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\osvth.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\0svth.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\0svth.exe +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\cpush\cpush.tmp" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\fe8dc651.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\hookhelp.sys -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\fe8dc651.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\bho.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\bho.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhkaz.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhkaz.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\hotunist.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\hookhelp.sys +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\hotunist.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\vista.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwggst.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwggst.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\autorun.inf +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\Wn_Sys8x.Tao" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\autorun.inf -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\vista.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\vista.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\vista.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxjst.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxjst.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\svchost.~tmp -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\svchost.~tmp +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\ctfmon.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmscax.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\ctfmon.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\systom32 +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\cpush\cpush.tmp" -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\systom32 -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\69EBD -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\69EBD +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmscax.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxjis.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\n1196478151k.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxjis.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxsjis.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxsjis.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\snowfall.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\snowfall.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\q376gekjl4.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\n1196478151k.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\q376gekjl4.dll -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravmsmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravjzmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravgjmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\SyInfo.tmp" -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\SyInfo.tmp" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\system.dt2" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\SyInfo.bps" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\system.dt2" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\onlo0r.bak" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\0svbh.exe -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\onlo0r.bak" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\onlo0r.dll" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\onlo0r.dll" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\SyInfo.bps" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravztmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravzxmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.cfg" -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\uusee109397.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\uusee109397.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\yeSetup.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\wan4.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\yeSetup.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\acdsee321.dll +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\dodolook375.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\acdsee321.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\hhcasazoamqvk.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\hhcasazoamqvk.dll +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\wan4.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\system\SvTime.dll +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\my_70387.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\system\SvTime.dll -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\system\cmdbcs.dll -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\system\cmdbcs.dll +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\tempaq -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\tempaq +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\my_70339.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\my_70387.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\my_70339.exe -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpwm.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravdhmon.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.cfg" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\microsoft shared\msinfo\atmqq.dll" -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\microsoft shared\msinfo\atmqq.dll" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\microsoft shared\msinfo\atmqq2.dll" +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\dodolook375.exe +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\microsoft shared\msinfo\atmqq2.dll" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.dat" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.cfg" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.dat" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.exe" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\avpqj.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\Wn_Sys8x.Tao" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kawdcaz.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kawdcaz.exe +s +h +r
<SYSTEM32>\attrib.exe c:\mslogin32.inf +s +h +r
<SYSTEM32>\attrib.exe c:\mslogin32.sys +s +h +r
<SYSTEM32>\attrib.exe c:\mslogin32.inf -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.exe" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmseax.exe -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\netmeeting\ravcqmon.exe" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kawdcaz.dat -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kawdcaz.dat +s +h +r
<SYSTEM32>\attrib.exe c:\mslogin32.sys -s -h -r
<SYSTEM32>\attrib.exe c:\Privilege.dat +s +h +r
<SYSTEM32>\attrib.exe c:\winsys.sys -s -h -r
<SYSTEM32>\attrib.exe c:\Privilege.dat -s -h -r
<SYSTEM32>\attrib.exe c:\winsys.exe -s -h -r
<SYSTEM32>\attrib.exe c:\winsys.exe +s +h +r
<SYSTEM32>\attrib.exe c:\mslogin32.exe -s -h -r
<SYSTEM32>\attrib.exe c:\mslogin32.exe +s +h +r
<SYSTEM32>\attrib.exe c:\winsys.inf +s +h +r
<SYSTEM32>\attrib.exe c:\winsys.sys +s +h +r
<SYSTEM32>\attrib.exe c:\winsys.inf -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwghmn.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwghmn.dll +s +h +r
<SYSTEM32>\spoolsv.exe
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmsczx.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmsczx.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\gjcscyc.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\gjtmayc.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\gjcscyc.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxlmn.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxlmn.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxsjma.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxjmn.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\avzxjmn.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwggmn.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmseax.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\avwggmn.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxjma.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxsjma.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxjma.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhkzy.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhkzy.dll +s +h +r
<SYSTEM32>\taskkill.exe /f /im dllhost.exe
<SYSTEM32>\taskkill.exe /f /im crsss.exe
<SYSTEM32>\taskkill.exe /f /im winform.exe
<SYSTEM32>\taskkill.exe /f /im txhmou.exe
<SYSTEM32>\taskkill.exe /f /im snow.exe
<SYSTEM32>\taskkill.exe /f /im soundmno.exe
<SYSTEM32>\taskkill.exe /f /im 61957A08.exe
<SYSTEM32>\taskkill.exe /f /im internat.exe
<SYSTEM32>\taskkill.exe /f /im 54fe265b.exe
<SYSTEM32>\taskkill.exe /f /im soundman.exe
<SYSTEM32>\taskkill.exe /f /im systom.exe
<SYSTEM32>\taskkill.exe /f /im spoolsv.exe
<SYSTEM32>\taskkill.exe /f /im kawdcaz.exe
<SYSTEM32>\taskkill.exe /f /im motou.exe
<SYSTEM32>\taskkill.exe /f /im userint.exe
<SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\a00039.bat" <Полный путь к вирусу>"
<SYSTEM32>\taskkill.exe /f /im userinit.exe
<SYSTEM32>\taskkill.exe /f /im win.exe
<SYSTEM32>\taskkill.exe /f /im wsmseax.exe
<SYSTEM32>\taskkill.exe /f /im mslogin32.exe
<SYSTEM32>\taskkill.exe /f /im ravcqmon.exe
<SYSTEM32>\taskkill.exe /f /im winsys.exe
<SYSTEM32>\taskkill.exe /f /im avpsrv.exe
<SYSTEM32>\taskkill.exe /f /im d.exe
<SYSTEM32>\taskkill.exe /f /im yzheyj.exe
<SYSTEM32>\taskkill.exe /f /im gjj.exe
<SYSTEM32>\taskkill.exe /f /im biovzq.exe
<SYSTEM32>\taskkill.exe /f /im gsgonu.exe
<SYSTEM32>\taskkill.exe /f /im nvdispdrv.exe
<SYSTEM32>\taskkill.exe /f /im lokwaj.exe
<SYSTEM32>\taskkill.exe /f /im mppds.exe
<SYSTEM32>\taskkill.exe /f /im gkwvqa.exe
<SYSTEM32>\taskkill.exe /f /im 1.exe
<SYSTEM32>\taskkill.exe /f /im ociyah.exe
<SYSTEM32>\taskkill.exe /f /im tjznaq.exe
<SYSTEM32>\taskkill.exe /f /im upxdnd.exe
<SYSTEM32>\taskkill.exe /f /im conime.exe
<SYSTEM32>\taskkill.exe /f /im winow.exe
<SYSTEM32>\taskkill.exe /f /im rav00b2.exe
<SYSTEM32>\taskkill.exe /f /im ravdhmon.exe
<SYSTEM32>\taskkill.exe /f /im rav009b.exe
<SYSTEM32>\taskkill.exe /f /im vmhqre.exe
<SYSTEM32>\taskkill.exe /f /im msimms32.exe
<SYSTEM32>\attrib.exe %WINDIR%\127-103-31-74 -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\127-103-31-74 +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\7f99e1b6 +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\an006.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\7f99e1b6 -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc071001.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc071001.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc071001.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc32.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc32.dll +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\an006.exe -s -h -r
<SYSTEM32>\attrib.exe <DRIVERS>\acpidisk.sys +s +h +r
<SYSTEM32>\attrib.exe <DRIVERS>\udtygsjr.sys -s -h -r
<SYSTEM32>\attrib.exe <DRIVERS>\acpidisk.sys -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\svchost.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\69ebd\svchost.exe +s +h +r
<SYSTEM32>\attrib.exe %WINDIR%\6071.exe -s -h -r
<SYSTEM32>\attrib.exe %WINDIR%\6071.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\sccore.dll +s +h +r
<SYSTEM32>\attrib.exe <DRIVERS>\udtygsjr.sys +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\sccore.dll -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\win.exe" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\fjOs0r.dll" -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\win.exe" -s -h -r
<SYSTEM32>\attrib.exe <DRIVERS>\lnj4poyvy.sys -s -h -r
<SYSTEM32>\attrib.exe <DRIVERS>\lnj4poyvy.sys +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\Sy_Win7k.Jmp" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\Sy_Win7k.Jmp" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\m1.exe" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\fjOs0r.dll" +s +h +r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\m1.exe" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\e22c1.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\9CCB2366.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\9CCB2366.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wincom.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\zsmscc071001.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wincom.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\8151ED59.DLL +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\e22c1.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\8151ED59.DLL -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\21B27CC0.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\21B27CC0.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\d4cf28a9.exe +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\rsmyjpm.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\swjqbzc.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\rsmyjpm.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\ratbppi.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\ratbppi.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmsezx.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\wsmsezx.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\swrcfzc.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\swjqbzc.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\swrcfzc.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\rarjepi.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhlzy.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kaqhlzy.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kapjezy.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\gjtmayc.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\kapjezy.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\raqjjpi.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\rarjepi.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\raqjjpi.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxkma.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\kvdxkma.dll +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.bkk" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.bkk" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.exe" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.dll" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.exe" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\8e21.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\d4cf28a9.exe -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\8e21.dll -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\cpush\cpush.dll" -s -h -r
<SYSTEM32>\attrib.exe "%CommonProgramFiles%\cpush\cpush.dll" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.dll" -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\winform.dll +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\msprint32d.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\winform.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\wszjdzx.dll -s -h -r
<SYSTEM32>\attrib.exe <SYSTEM32>\wszjdzx.dll +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.bak" -s -h -r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\NewTemp.bak" +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\wn_sys8x.sys" +s +h +r
<SYSTEM32>\attrib.exe <SYSTEM32>\msprint32d.dll +s +h +r
<SYSTEM32>\attrib.exe "%PROGRAM_FILES%\internet explorer\plugins\wn_sys8x.sys" -s -h -r

Завершает или пытается завершить

следующие системные процессы:

<SYSTEM32>\spoolsv.exe

Изменения в файловой системе:

Создает следующие файлы:

%WINDIR%\systom32
<SYSTEM32>\c073c
%WINDIR%\Temp\a00039.bat
<SYSTEM32>\69EBD

Присваивает атрибут 'скрытый' для следующих файлов:

%WINDIR%\systom32
<SYSTEM32>\c073c
%WINDIR%\Temp\a00039.bat
<SYSTEM32>\69EBD

Другое:

Ищет следующие окна:

ClassName: '' WindowName: ''

Технології

Терміни

Навчання

Міфи

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней