ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.29876

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\z9z7rwe 7nd83wovj mnho9y54 big glans .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\beast epyxwn nrb42wq .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xxx uncut cock .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx bd1l5ir sperm 7vepaqjm .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\tsomq34 big hotel .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\xxx ihthd33 boots .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm 7nd83wovj gay sgu4m7oc .mpg.exe
  • %ProgramFiles%\windows journal\templates\s2fkave cum nom72kl l9hwcs7vvnphd9 (sarah).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\s2fkave wep6b08 mnho9y54 epyxwn glans .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\horse bq4kno hole gh5b6gd7wrv .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f1i7cm bd1l5ir beast apv53deiq9fw (liz).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\tsomq34 apv53deiq9fw gsva2xn .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f1i7cm horse gay girls titts b37oavmx289 .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\8r3baiec h93bklf [milf] 8bgkvshe1 .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gzn4ud7e h93bklf mnho9y54 hot (!) .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black w6csjja14n1 gay uncut titts (sandy,2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt ddqayq lpcu5ai3 apv53deiq9fw glans qx2j1b5 (karin).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave ddqayq xxx apv53deiq9fw feet .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe bd1l5ir mnho9y54 uncut hotel .zip.exe
  • %ALLUSERSPROFILE%\templates\black xakmpl lpcu5ai3 7vepaqjm cock nrb42wq (2hbt8wr).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe ddqayq tsomq34 7vepaqjm nmibe2 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe nude mzwpstr8n [free] mg9fvb2xk9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n [milf] (liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave horse xxx 7vepaqjm (g6u8n4r).mpg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm nude beast 7vepaqjm .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e w6csjja14n1 lpcu5ai3 epyxwn glans qq6w54yfhtqrbwcslg (jade).rar.exe
  • C:\users\default\appdata\local\temp\mzwpstr8n [free] feet fw58kpr41ob1w (y8oxsqa).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 w6csjja14n1 nom72kl [free] zn3tvn (rdl1tfkz,jade).mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f1i7cm wep6b08 mzwpstr8n l9hwcs7vvnphd9 js80j73 (hyo87il,g6u8n4r).mpeg.exe
  • C:\users\default\templates\f1i7cm 8ok6yf lpcu5ai3 hot (!) b37oavmx289 .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\upfgetx porn xxx apv53deiq9fw 50+ .mpg.exe
  • %TEMP%\mnho9y54 7vepaqjm glans .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\horse bq4kno young .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\upfgetx cum mzwpstr8n uncut hole .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\mzwpstr8n hot (!) feet .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\eq7k2xcxt h93bklf mnho9y54 [free] feet wifey .zip.exe
  • %APPDATA%\microsoft\templates\z9z7rwe 8ok6yf nom72kl epyxwn .avi.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe 8ok6yf uncut feet 8bgkvshe1 (dxocjwba).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\8r3baiec 8ok6yf mnho9y54 nom72kl feet .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e h93bklf epyxwn 50+ .mpeg.exe
  • %HOMEPATH%\templates\8r3baiec nude yzw1afy l9hwcs7vvnphd9 cock (36mho73,y8oxsqa).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\upfgetx 7nd83wovj yzw1afy hot (!) hole gsva2xn .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 nom72kl 779mipj .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\tsomq34 epyxwn feet nrb42wq .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 uncut cock lady .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt ddqayq lpcu5ai3 apv53deiq9fw hole fw58kpr41ob1w (cy4xpd).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\gzn4ud7e porn tsomq34 l9hwcs7vvnphd9 ae2sd7u4xh (jenna,cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\lpcu5ai3 l9hwcs7vvnphd9 hotel .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 apv53deiq9fw (c4w8hqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec h93bklf nom72kl bq4kno .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 ihthd33 cock sweet (g6u8n4r).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt porn beast uncut ash .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gzn4ud7e xakmpl beast vjq39c1gwy cock gh5b6gd7wrv .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm hot (!) titts .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gzn4ud7e h93bklf gay ihthd33 (dxocjwba).avi.exe
  • %WINDIR%\assembly\temp\nom72kl 7vepaqjm ol6p1tua .avi.exe
  • %WINDIR%\assembly\tmp\black bd1l5ir gay big 779mipj (rdl1tfkz,liz).avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\upfgetx w6csjja14n1 mnho9y54 [bangbus] hole ol6p1tua .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mzwpstr8n vjq39c1gwy qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\pla\templates\horse bq4kno feet 50+ .mpg.exe
  • %WINDIR%\security\templates\z9z7rwe wep6b08 beast [free] titts girly .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt wep6b08 tsomq34 nom72kl titts (36mho73,cy4xpd).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f1i7cm nude horse girls gsva2xn .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\fac71w2 wep6b08 horse 7vepaqjm .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\ apv53deiq9fw hole .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\mnho9y54 girls b37oavmx289 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\yzw1afy girls glans zmc8ujp (2hbt8wr).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm h93bklf tsomq34 sgu4m7oc hotel (hyo87il,jade).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yzw1afy nom72kl sgoibhh .rar.exe
  • %WINDIR%\syswow64\fxstmp\fac71w2 nude mnho9y54 nom72kl nmibe2 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\black bd1l5ir 7vepaqjm .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\gay girls feet 6tl9zg0uqa (g6u8n4r).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm w6csjja14n1 yzw1afy [milf] .rar.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt porn mnho9y54 girls 8pfmdyy .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\z9z7rwe porn gay 7vepaqjm ejn547rbxhd1 (rdl1tfkz,c4w8hqa).mpeg.exe
  • %WINDIR%\temp\tsomq34 epyxwn hotel .mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\0287zh ddqayq bd1l5ir epyxwn (jenna).zip.exe
  • %ProgramFiles%\dvd maker\shared\bd1l5ir tsomq34 nom72kl b37oavmx289 (karin).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\horse mnho9y54 bq4kno 40+ .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wpjwijv nom72kl gay sgu4m7oc legs .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\s2fkave porn bq4kno .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\7nd83wovj yzw1afy [milf] ol6p1tua (sonja,dxocjwba).rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ikdyfwhy tsomq34 vjq39c1gwy 8pfmdyy (sonja,sonja).mpeg.exe
  • %ProgramFiles%\windows journal\templates\8r3baiec w6csjja14n1 epyxwn balls .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\horse yzw1afy apv53deiq9fw boobs mg9fvb2xk9 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 xakmpl porn [free] ash .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\sperm lpcu5ai3 [bangbus] ash .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ikdyfwhy sperm wep6b08 [bangbus] .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\xxx beast big b37oavmx289 (sonja,dxocjwba).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\mnho9y54 tsomq34 sgu4m7oc (dehod0).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave xxx ddqayq apv53deiq9fw zmc8ujp .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv lpcu5ai3 big nrb42wq .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\sperm sperm l9hwcs7vvnphd9 779mipj .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\fac71w2 mzwpstr8n apv53deiq9fw 6tl9zg0uqa (hyo87il,jenna).mpeg.exe
  • %ALLUSERSPROFILE%\templates\viaz50 w6csjja14n1 h93bklf apv53deiq9fw .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\7nd83wovj uncut wifey .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd tsomq34 nom72kl hole .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\porn ihthd33 b37oavmx289 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\jxaglwti tsomq34 l9hwcs7vvnphd9 legs .zip.exe
  • %ALLUSERSPROFILE%\templates\nom72kl yzw1afy 7vepaqjm ash .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e wep6b08 w6csjja14n1 [bangbus] ol6p1tua .zip.exe
  • C:\users\default\appdata\local\temp\bd1l5ir horse ihthd33 fw58kpr41ob1w .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\nom72kl gay epyxwn rv0y8n .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\viaz50 xxx sgu4m7oc .rar.exe
  • C:\users\default\templates\8r3baiec w6csjja14n1 gay l9hwcs7vvnphd9 legs zn3tvn .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\xakmpl [bangbus] qq6w54yfhtqrbwcslg .mpeg.exe
  • %TEMP%\tsomq34 uncut sgoibhh .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\4h1e2a346 lpcu5ai3 [free] hole ejn547rbxhd1 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\asian horse uncut (liz,gina).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\7nd83wovj ihthd33 (sandy).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\eq7k2xcxt 7nd83wovj hot (!) lzxyhb7k .mpg.exe
  • %APPDATA%\microsoft\templates\f1i7cm mzwpstr8n [bangbus] kfp2yqq .rar.exe
  • %APPDATA%\microsoft\windows\templates\f1i7cm bd1l5ir w6csjja14n1 girls ash .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\black horse vjq39c1gwy .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\tsomq34 yzw1afy girls glans .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\jxaglwti mzwpstr8n ddqayq [bangbus] ol6p1tua (2hbt8wr,y8oxsqa).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\viaz50 beast horse apv53deiq9fw .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8r3baiec ddqayq uncut kfp2yqq mg9fvb2xk9 .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\wpjwijv big legs 8pfmdyy .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\viaz50 bd1l5ir horse l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mnho9y54 lpcu5ai3 hot (!) hairy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\h93bklf [bangbus] latex (2hbt8wr,karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\horse ddqayq girls wifey (liz,y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z1qxwcd beast sgu4m7oc lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 bq4kno .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse hot (!) boobs 779mipj (liz,jade).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z9z7rwe mzwpstr8n uncut .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f07qtt 7nd83wovj hot (!) fishy (hyo87il,jenna).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\7nd83wovj horse 7vepaqjm .mpg.exe
  • %WINDIR%\assembly\temp\ddqayq uncut sm .avi.exe
  • %WINDIR%\assembly\tmp\8ok6yf epyxwn 779mipj (jade).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\s2fkave cum [milf] boobs (dehod0,2hbt8wr).rar.exe
  • %WINDIR%\pla\templates\s2fkave 8ok6yf [bangbus] cock zn3tvn (dehod0,sonja).mpeg.exe
  • %WINDIR%\security\templates\zc8giv9 cum uncut hole eigt45 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 8ok6yf nude girls 8pfmdyy (sonja).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\4h1e2a346 sperm xakmpl uncut sweet .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\upfgetx cum apv53deiq9fw cock boots .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 h93bklf gay [bangbus] boobs (hyo87il,haj1oyikd).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\0287zh mnho9y54 girls (gina,g6u8n4r).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\cum girls (jenna).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 porn uncut .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay sgu4m7oc .mpg.exe
  • %WINDIR%\syswow64\fxstmp\wpjwijv horse cum 7vepaqjm nmibe2 (liz).mpg.exe
  • %WINDIR%\syswow64\ime\shared\0287zh ihthd33 jxqgtp .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\horse nom72kl hot (!) .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl wep6b08 epyxwn (2hbt8wr).avi.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt horse sperm hot (!) titts .mpg.exe
  • %WINDIR%\syswow64\ime\shared\xakmpl big b37oavmx289 .rar.exe
  • %WINDIR%\temp\8r3baiec ddqayq mzwpstr8n [milf] hole (y8oxsqa,hyo87il).mpeg.exe
  • %WINDIR%\winsxs\installtemp\yzw1afy nom72kl 7vepaqjm shoes (c4w8hqa,c4w8hqa).mpeg.exe
  • %CommonProgramFiles%\microsoft shared\f1i7cm bd1l5ir mzwpstr8n l9hwcs7vvnphd9 nmibe2 .avi.exe
  • %CommonProgramFiles%\microsoft shared\fac71w2 ddqayq nom72kl feet qx2j1b5 (sarah).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\beast big 40+ .zip.exe
  • %ProgramFiles%\dvd maker\shared\8r3baiec cum gay girls cock ash .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx porn lpcu5ai3 sgu4m7oc lady (36mho73,dxocjwba).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xxx [bangbus] .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e nude xxx 7vepaqjm glans .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black porn lpcu5ai3 uncut glans .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx porn xxx [bangbus] qx2j1b5 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\beast apv53deiq9fw cock sm .rar.exe
  • %ProgramFiles%\microsoft office\templates\black ddqayq beast [milf] feet .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm 8ok6yf xxx uncut young .zip.exe
  • %ProgramFiles%\windows journal\templates\lpcu5ai3 uncut b37oavmx289 .rar.exe
  • %ProgramFiles%\microsoft office\templates\lpcu5ai3 epyxwn hotel .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm w6csjja14n1 horse l9hwcs7vvnphd9 glans .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx 7nd83wovj nom72kl [free] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\s2fkave cum mnho9y54 sgu4m7oc titts .mpg.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy epyxwn sweet (sandy,g6u8n4r).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f07qtt nude yzw1afy nom72kl glans (jenna,y8oxsqa).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\black cum yzw1afy hot (!) hole sweet .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt porn beast nom72kl 50+ .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl [milf] titts js80j73 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black xakmpl ihthd33 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\horse l9hwcs7vvnphd9 glans nmibe2 (dxocjwba).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\xxx vjq39c1gwy (jade).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\8r3baiec nude mzwpstr8n big eigt45 .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\beast nom72kl cock (36mho73,g6u8n4r).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 vjq39c1gwy titts .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 xakmpl gay hot (!) titts lady .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx 7nd83wovj uncut 779mipj .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e porn mnho9y54 bq4kno cock .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec nude gay 7vepaqjm fw58kpr41ob1w .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\yzw1afy apv53deiq9fw glans boots .rar.exe
  • %ALLUSERSPROFILE%\templates\xxx sgu4m7oc feet b37oavmx289 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e porn mzwpstr8n nom72kl cock mg9fvb2xk9 .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt xakmpl gay uncut feet balls .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\beast l9hwcs7vvnphd9 wifey .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave 7nd83wovj beast vjq39c1gwy 40+ .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e xakmpl lpcu5ai3 epyxwn hole zmc8ujp .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 cum l9hwcs7vvnphd9 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt 8ok6yf tsomq34 uncut ash .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm 8ok6yf horse epyxwn glans gh5b6gd7wrv .mpeg.exe
  • %ALLUSERSPROFILE%\templates\upfgetx horse horse [milf] (y8oxsqa).mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\horse vjq39c1gwy young (sonja,karin).rar.exe
  • C:\users\default\appdata\local\temp\yzw1afy apv53deiq9fw (liz).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\black wep6b08 xxx nom72kl glans qq6w54yfhtqrbwcslg (2hbt8wr).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\sperm epyxwn cock .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe porn yzw1afy 7vepaqjm .rar.exe
  • C:\users\default\templates\s2fkave 7nd83wovj gay epyxwn glans rv0y8n .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\lpcu5ai3 bq4kno glans balls .rar.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe cum tsomq34 big (liz).mpg.exe
  • %TEMP%\mnho9y54 apv53deiq9fw girly .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\horse [milf] sgoibhh .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\8r3baiec nude tsomq34 uncut lzxyhb7k .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx nude lpcu5ai3 [milf] (liz).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\gzn4ud7e wep6b08 mnho9y54 [milf] hole fw58kpr41ob1w (cy4xpd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ [bangbus] (liz).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\eq7k2xcxt h93bklf sperm [bangbus] cock .avi.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 [free] hole b37oavmx289 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave cum gay bq4kno cock gh5b6gd7wrv .mpg.exe
  • %APPDATA%\microsoft\windows\templates\gay [bangbus] young .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm 7nd83wovj [bangbus] glans .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\lpcu5ai3 [milf] .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt xakmpl mnho9y54 sgu4m7oc titts .avi.exe
  • %HOMEPATH%\templates\mnho9y54 [bangbus] (y8oxsqa).mpeg.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec w6csjja14n1 gay girls eigt45 .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 epyxwn cock ol6p1tua (g6u8n4r).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gzn4ud7e porn yzw1afy epyxwn 8bgkvshe1 .zip.exe
  • C:\users\default\appdata\local\temp\mzwpstr8n bq4kno hole gsva2xn .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\lpcu5ai3 nom72kl mg9fvb2xk9 .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\f07qtt wep6b08 tsomq34 big feet ae2sd7u4xh (dxocjwba).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gzn4ud7e 8ok6yf tsomq34 epyxwn glans .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\yzw1afy l9hwcs7vvnphd9 hole (haj1oyikd,2hbt8wr).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e wep6b08 nom72kl apv53deiq9fw cock b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f1i7cm 7nd83wovj mnho9y54 big young (haj1oyikd,g6u8n4r).mpeg.exe
  • C:\users\default\templates\gay [bangbus] 8pfmdyy .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ ihthd33 .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gay nom72kl cock .zip.exe
  • %TEMP%\black porn lpcu5ai3 7vepaqjm cock lady (liz).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy sgu4m7oc cock ol6p1tua (sarah).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\s2fkave 8ok6yf yzw1afy hot (!) .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\yzw1afy l9hwcs7vvnphd9 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\yzw1afy sgu4m7oc balls .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian beast sgu4m7oc ol6p1tua .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx h93bklf gay sgu4m7oc hole young .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gay apv53deiq9fw titts (sandy,jade).mpeg.exe
  • %APPDATA%\microsoft\templates\f07qtt w6csjja14n1 tsomq34 uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 big titts ae2sd7u4xh .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gzn4ud7e nude mnho9y54 epyxwn hotel .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\black ddqayq mzwpstr8n big hotel .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\eq7k2xcxt cum horse bq4kno glans .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\mzwpstr8n uncut nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\xxx girls shoes .mpg.exe
  • %HOMEPATH%\templates\eq7k2xcxt 8ok6yf yzw1afy uncut cock (haj1oyikd,2hbt8wr).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec xakmpl beast girls ol6p1tua .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n uncut cock .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\lpcu5ai3 uncut (dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy [free] nrb42wq .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec nude beast apv53deiq9fw latex .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\upfgetx nude gay uncut glans .mpeg.exe
  • %WINDIR%\assembly\temp\upfgetx w6csjja14n1 xxx bq4kno sm (sonja,liz).mpeg.exe
  • %WINDIR%\assembly\tmp\gzn4ud7e cum nom72kl nom72kl feet .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx 7nd83wovj lpcu5ai3 7vepaqjm .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\beast [milf] cock lady .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\sperm big cock .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 h93bklf sperm nom72kl (g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm girls feet balls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\mzwpstr8n girls titts sgoibhh .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\eq7k2xcxt horse horse nom72kl (karin).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z9z7rwe cum [free] latex .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave bd1l5ir gay girls nmibe2 .zip.exe
  • %WINDIR%\assembly\temp\black wep6b08 mnho9y54 apv53deiq9fw zn3tvn .zip.exe
  • %WINDIR%\assembly\tmp\gzn4ud7e nude xxx nom72kl mg9fvb2xk9 .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\upfgetx horse sperm big .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\8r3baiec xakmpl gay [milf] titts gsva2xn .mpg.exe
  • %WINDIR%\pla\templates\lpcu5ai3 bq4kno balls (rdl1tfkz,g6u8n4r).rar.exe
  • %WINDIR%\security\templates\fac71w2 w6csjja14n1 ihthd33 (g6u8n4r).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 7vepaqjm cock .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\beast ihthd33 js80j73 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm bd1l5ir horse vjq39c1gwy glans fishy (c4w8hqa).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 h93bklf gay big zn3tvn .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\s2fkave xakmpl tsomq34 hot (!) feet sweet (sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\fac71w2 wep6b08 gay sgu4m7oc cock ae2sd7u4xh .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 [milf] titts (jenna,karin).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt wep6b08 beast [bangbus] hole shoes .avi.exe
  • %WINDIR%\syswow64\fxstmp\zc8giv9 yzw1afy big fw58kpr41ob1w (sonja,dxocjwba).mpg.exe
  • %WINDIR%\syswow64\ime\shared\z9z7rwe ddqayq tsomq34 bq4kno 6tl9zg0uqa .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 ihthd33 titts fishy (cy4xpd).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm porn sperm 7vepaqjm mg9fvb2xk9 .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\mzwpstr8n sgu4m7oc feet mg9fvb2xk9 (liz).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\s2fkave 7nd83wovj lpcu5ai3 epyxwn balls .rar.exe
  • %WINDIR%\syswow64\ime\shared\mzwpstr8n vjq39c1gwy .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe horse xxx l9hwcs7vvnphd9 hole boots .mpeg.exe
  • %WINDIR%\pla\templates\xxx l9hwcs7vvnphd9 ae2sd7u4xh .rar.exe
  • %WINDIR%\temp\8r3baiec h93bklf mzwpstr8n epyxwn hotel .rar.exe
  • %WINDIR%\security\templates\mzwpstr8n [free] mg9fvb2xk9 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\horse uncut (g6u8n4r).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e ddqayq gay girls zn3tvn .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\black ddqayq mnho9y54 girls lady (36mho73,g6u8n4r).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx cum gay [milf] (2hbt8wr).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\tsomq34 7vepaqjm glans .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mnho9y54 [milf] zn3tvn .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\mnho9y54 epyxwn .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave cum gay [bangbus] lady .mpg.exe
  • %WINDIR%\syswow64\fxstmp\7nd83wovj xxx [milf] glans sweet (dxocjwba).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm xakmpl gay uncut hole (sandy,karin).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec porn beast apv53deiq9fw .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 nude ihthd33 fw58kpr41ob1w .mpg.exe
  • %WINDIR%\syswow64\fxstmp\tsomq34 ihthd33 8bgkvshe1 .rar.exe
  • %WINDIR%\syswow64\ime\shared\lpcu5ai3 bq4kno glans shoes (c4w8hqa).mpeg.exe
  • %WINDIR%\temp\upfgetx h93bklf horse ihthd33 hole (sonja,cy4xpd).mpeg.exe
  • %WINDIR%\winsxs\installtemp\8r3baiec porn lpcu5ai3 uncut glans .mpg.exe
  • %WINDIR%\winsxs\installtemp\gay nom72kl young .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play