ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.25452

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\ddqayq tsomq34 sgu4m7oc 50+ .mpg.exe
  • %ProgramFiles%\dvd maker\shared\nom72kl sperm bq4kno boobs ae2sd7u4xh (cy4xpd,karin).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\black bd1l5ir uncut .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nude 8ok6yf l9hwcs7vvnphd9 girly .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec uncut .rar.exe
  • %ProgramFiles%\microsoft office\templates\lpcu5ai3 horse uncut jxqgtp 8pfmdyy .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 wep6b08 w6csjja14n1 nom72kl .rar.exe
  • %ProgramFiles%\windows journal\templates\8r3baiec ddqayq ihthd33 hotel .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\7nd83wovj mzwpstr8n uncut girly .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\jxaglwti wep6b08 sperm uncut ash .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\zc8giv9 beast xakmpl uncut .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 horse sgu4m7oc ejn547rbxhd1 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tsomq34 w6csjja14n1 girls .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\bd1l5ir porn epyxwn (36mho73).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\wep6b08 uncut ash .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\0287zh yzw1afy l9hwcs7vvnphd9 legs gsva2xn .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt mzwpstr8n sgu4m7oc boots .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nom72kl ddqayq [milf] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt lpcu5ai3 [bangbus] kfp2yqq fw58kpr41ob1w .avi.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy apv53deiq9fw ash 8pfmdyy .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e bd1l5ir wep6b08 girls .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\4h1e2a346 cum apv53deiq9fw legs .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\nude [free] balls .avi.exe
  • %ALLUSERSPROFILE%\templates\asian ddqayq [free] .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx horse ihthd33 mg9fvb2xk9 .avi.exe
  • C:\users\default\appdata\local\temp\8r3baiec mzwpstr8n 8ok6yf nom72kl lzxyhb7k .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\f07qtt 7nd83wovj mnho9y54 [bangbus] fw58kpr41ob1w .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec 8ok6yf 8ok6yf big latex (jade,36mho73).avi.exe
  • C:\users\default\templates\w6csjja14n1 lpcu5ai3 [bangbus] .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\7nd83wovj hot (!) ae2sd7u4xh .zip.exe
  • %TEMP%\7nd83wovj nom72kl (c4w8hqa,jade).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt nom72kl sperm [milf] gsva2xn .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\fac71w2 nude uncut kfp2yqq lzxyhb7k .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\xxx big .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\w6csjja14n1 uncut ash ejn547rbxhd1 .zip.exe
  • %APPDATA%\microsoft\templates\z1qxwcd nude porn big (sonja).rar.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec horse girls .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\yzw1afy hot (!) jxqgtp (sandy,liz).zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\tsomq34 nom72kl 7vepaqjm .rar.exe
  • %HOMEPATH%\templates\0287zh mnho9y54 porn apv53deiq9fw sweet .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe wep6b08 sperm vjq39c1gwy glans .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\zc8giv9 tsomq34 bq4kno js80j73 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\w6csjja14n1 girls nrb42wq .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\bd1l5ir beast l9hwcs7vvnphd9 nmibe2 (haj1oyikd,karin).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\wep6b08 nude big hole gsva2xn (gina,2hbt8wr).avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xxx [bangbus] lady (haj1oyikd,hyo87il).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black mzwpstr8n uncut lzxyhb7k .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\ cum uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec porn [bangbus] glans zn3tvn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt 7nd83wovj w6csjja14n1 big (cy4xpd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black wep6b08 8ok6yf apv53deiq9fw hole fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\cum apv53deiq9fw cock .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse ddqayq vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black gay horse ihthd33 .mpg.exe
  • %WINDIR%\assembly\temp\xxx hot (!) cock qx2j1b5 (haj1oyikd,sandy).mpeg.exe
  • %WINDIR%\assembly\tmp\mnho9y54 xxx sgu4m7oc ash .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt horse sperm vjq39c1gwy (jenna,sonja).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 horse uncut 40+ .mpeg.exe
  • %WINDIR%\pla\templates\ddqayq bq4kno cock fw58kpr41ob1w .mpg.exe
  • %WINDIR%\security\templates\8r3baiec mnho9y54 tsomq34 uncut sm .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd horse 8ok6yf [free] titts lady .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\h93bklf [milf] legs lzxyhb7k (2hbt8wr,36mho73).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse h93bklf apv53deiq9fw (sarah).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\xakmpl beast ihthd33 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse apv53deiq9fw young .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7b6fhxi beast bd1l5ir uncut legs b37oavmx289 (y8oxsqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\4h1e2a346 w6csjja14n1 h93bklf uncut nmibe2 .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave sperm bq4kno 779mipj .avi.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt 8ok6yf epyxwn .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\asian ddqayq bd1l5ir l9hwcs7vvnphd9 (hyo87il).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\beast uncut sm (cy4xpd,jade).avi.exe
  • %WINDIR%\syswow64\fxstmp\zc8giv9 yzw1afy h93bklf [bangbus] eigt45 .avi.exe
  • %WINDIR%\syswow64\ime\shared\cum porn hot (!) qx2j1b5 (jade).mpeg.exe
  • %WINDIR%\winsxs\installtemp\7nd83wovj big latex .zip.exe
  • <Current directory>\sqjaed7r1vnw
  • %ProgramFiles%\dvd maker\shared\xakmpl girls (karin).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\horse hot (!) ejn547rbxhd1 (y8oxsqa,sandy).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\eq7k2xcxt xakmpl 7nd83wovj apv53deiq9fw kfp2yqq boots (gina,g6u8n4r).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ hot (!) glans gsva2xn .zip.exe
  • %ProgramFiles%\microsoft office\templates\nom72kl bq4kno feet mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\sperm bd1l5ir uncut 50+ .avi.exe
  • %ProgramFiles%\windows journal\templates\xxx l9hwcs7vvnphd9 .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\jxaglwti cum epyxwn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt 7nd83wovj lpcu5ai3 big 6tl9zg0uqa .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\jxaglwti w6csjja14n1 [milf] (dehod0).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\w6csjja14n1 mnho9y54 vjq39c1gwy boobs girly .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gay girls young (liz).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\fac71w2 ddqayq uncut (jenna,2hbt8wr).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse nom72kl glans .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 mzwpstr8n [milf] 779mipj (dehod0).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe porn lpcu5ai3 [bangbus] .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\cum nom72kl legs ol6p1tua .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave horse big .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\4h1e2a346 lpcu5ai3 lpcu5ai3 epyxwn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast bq4kno girly .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\bd1l5ir big nmibe2 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e ddqayq big lady .zip.exe
  • %ALLUSERSPROFILE%\templates\f07qtt horse ihthd33 hole (sarah,36mho73).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\jxaglwti mzwpstr8n horse vjq39c1gwy .rar.exe
  • C:\users\default\appdata\local\temp\8r3baiec horse h93bklf bq4kno .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx bd1l5ir w6csjja14n1 l9hwcs7vvnphd9 .rar.exe
  • C:\users\default\templates\beast 7vepaqjm latex .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\mzwpstr8n 7vepaqjm zmc8ujp .zip.exe
  • %TEMP%\f07qtt mzwpstr8n sgu4m7oc .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\nude ddqayq [free] 40+ .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\z9z7rwe horse girls nmibe2 (36mho73,dehod0).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\nude nom72kl jxqgtp lady .rar.exe
  • %APPDATA%\microsoft\templates\f07qtt porn apv53deiq9fw .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\asian wep6b08 epyxwn cock young .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\z9z7rwe 8ok6yf nom72kl cock 50+ .mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\black tsomq34 apv53deiq9fw ol6p1tua .rar.exe
  • %HOMEPATH%\templates\z9z7rwe ddqayq mzwpstr8n uncut feet shoes .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z1qxwcd gay porn hot (!) legs lady (sonja,gina).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy uncut kfp2yqq nmibe2 .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n w6csjja14n1 [bangbus] balls .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\porn nom72kl l9hwcs7vvnphd9 gsva2xn .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8ok6yf sperm uncut lzxyhb7k .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt nude nom72kl qx2j1b5 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm mnho9y54 uncut js80j73 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\0287zh yzw1afy sgu4m7oc nmibe2 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zc8giv9 horse sperm bq4kno hole 40+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e 7vepaqjm (g6u8n4r).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\z9z7rwe wep6b08 epyxwn kfp2yqq 779mipj .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh gay l9hwcs7vvnphd9 ash b37oavmx289 (sandy).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z9z7rwe 8ok6yf lpcu5ai3 nom72kl sgoibhh .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe gay sgu4m7oc .rar.exe
  • %WINDIR%\assembly\temp\ikdyfwhy lpcu5ai3 gay girls kfp2yqq .mpeg.exe
  • %WINDIR%\assembly\tmp\xakmpl hot (!) .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\bd1l5ir apv53deiq9fw titts zn3tvn (sonja,gina).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mnho9y54 vjq39c1gwy 40+ (sandy,sonja).avi.exe
  • %WINDIR%\pla\templates\f1i7cm 7nd83wovj vjq39c1gwy feet .mpeg.exe
  • %WINDIR%\security\templates\ddqayq big .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e ddqayq ddqayq vjq39c1gwy feet (jenna).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\asian ddqayq l9hwcs7vvnphd9 ejn547rbxhd1 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\h93bklf xakmpl uncut .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\w6csjja14n1 cum girls sgoibhh .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\asian ddqayq ddqayq nom72kl .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\upfgetx tsomq34 girls latex .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt beast 7vepaqjm kfp2yqq ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\z9z7rwe hot (!) 8bgkvshe1 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\horse porn 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\upfgetx tsomq34 cum big kfp2yqq .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\wpjwijv w6csjja14n1 [bangbus] .avi.exe
  • %WINDIR%\syswow64\fxstmp\8ok6yf bq4kno mg9fvb2xk9 (sonja).rar.exe
  • %WINDIR%\syswow64\ime\shared\7b6fhxi horse yzw1afy [free] boobs rv0y8n .zip.exe
  • %WINDIR%\temp\s2fkave xakmpl cum [free] nrb42wq .mpg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play