ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.28037

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\z9z7rwe ddqayq mzwpstr8n [free] nmibe2 .zip.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e h93bklf gay ihthd33 titts .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xxx big hole fishy (jade).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe 7nd83wovj mnho9y54 uncut feet latex .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\black h93bklf sperm ihthd33 (cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\templates\yzw1afy bq4kno glans zmc8ujp (jade).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe xakmpl yzw1afy apv53deiq9fw girly (sonja,liz).mpg.exe
  • %ProgramFiles%\windows journal\templates\eq7k2xcxt horse tsomq34 big glans .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\beast vjq39c1gwy feet shoes .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\eq7k2xcxt nude nom72kl epyxwn 8bgkvshe1 (sonja,y8oxsqa).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black nude tsomq34 bq4kno .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl [milf] cock (36mho73,c4w8hqa).rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e 7nd83wovj yzw1afy uncut .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gay bq4kno .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z9z7rwe xakmpl lpcu5ai3 uncut hole .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse l9hwcs7vvnphd9 glans zn3tvn (liz).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe xakmpl sperm vjq39c1gwy glans latex (karin).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx h93bklf 7vepaqjm fw58kpr41ob1w (hyo87il,c4w8hqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe porn horse uncut hole young (dxocjwba).rar.exe
  • %ALLUSERSPROFILE%\templates\black h93bklf mnho9y54 uncut cock qq6w54yfhtqrbwcslg (y8oxsqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 xakmpl xxx girls hole (dehod0,sarah).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm wep6b08 gay uncut gh5b6gd7wrv .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 8ok6yf lpcu5ai3 sgu4m7oc titts (dehod0,liz).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx h93bklf [milf] .avi.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm h93bklf nom72kl nom72kl .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\horse ihthd33 8pfmdyy .mpeg.exe
  • C:\users\default\appdata\local\temp\z9z7rwe horse nom72kl 7vepaqjm cock young .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\yzw1afy uncut glans (haj1oyikd,jade).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f1i7cm cum horse l9hwcs7vvnphd9 .rar.exe
  • C:\users\default\templates\eq7k2xcxt wep6b08 tsomq34 [milf] shoes .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black bd1l5ir xxx [milf] cock .mpg.exe
  • %TEMP%\gay uncut hole .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\black 7nd83wovj yzw1afy bq4kno (jade).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\horse 7vepaqjm cock hotel (sarah).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\eq7k2xcxt porn beast [milf] (sarah).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black xakmpl gay girls .avi.exe
  • %APPDATA%\microsoft\templates\z9z7rwe nude yzw1afy ihthd33 hole 50+ (c4w8hqa).zip.exe
  • %APPDATA%\microsoft\windows\templates\f07qtt 7nd83wovj beast epyxwn fishy .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f07qtt horse beast ihthd33 .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\horse bq4kno titts .zip.exe
  • %HOMEPATH%\templates\upfgetx h93bklf mnho9y54 hot (!) b37oavmx289 .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black w6csjja14n1 xxx ihthd33 (dxocjwba).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe 7nd83wovj epyxwn b37oavmx289 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8r3baiec nude lpcu5ai3 sgu4m7oc glans (36mho73,c4w8hqa).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 big fishy .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\fac71w2 w6csjja14n1 sperm uncut qx2j1b5 .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\beast big .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gzn4ud7e xakmpl xxx apv53deiq9fw .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\s2fkave 8ok6yf beast l9hwcs7vvnphd9 cock 779mipj (dxocjwba).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec wep6b08 horse uncut .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt wep6b08 horse uncut titts .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f1i7cm porn yzw1afy girls glans 6tl9zg0uqa .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mnho9y54 hot (!) titts wifey .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\black 8ok6yf tsomq34 epyxwn fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm porn mzwpstr8n girls wifey .mpeg.exe
  • %WINDIR%\assembly\temp\gay bq4kno feet .rar.exe
  • %WINDIR%\assembly\tmp\f07qtt 8ok6yf sperm epyxwn .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gay apv53deiq9fw .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\fac71w2 bd1l5ir horse hot (!) .avi.exe
  • %WINDIR%\pla\templates\black bd1l5ir l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\security\templates\gzn4ud7e cum sperm uncut hole .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\ epyxwn feet hairy .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\mzwpstr8n ihthd33 (2hbt8wr).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\tsomq34 vjq39c1gwy cock .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave wep6b08 beast [bangbus] boots .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\mzwpstr8n ihthd33 ol6p1tua .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e ddqayq gay vjq39c1gwy qx2j1b5 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 girls (cy4xpd).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\beast [milf] cock (gina,sarah).zip.exe
  • %WINDIR%\syswow64\fxstmp\nom72kl 7vepaqjm cock 6tl9zg0uqa (karin).rar.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave cum nom72kl sgu4m7oc titts (rdl1tfkz,c4w8hqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm 7nd83wovj nom72kl vjq39c1gwy cock .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx 7nd83wovj mnho9y54 l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\black bd1l5ir tsomq34 7vepaqjm feet js80j73 (y8oxsqa).avi.exe
  • %WINDIR%\syswow64\ime\shared\black ddqayq sperm 7vepaqjm cock .avi.exe
  • %WINDIR%\temp\tsomq34 girls hole nrb42wq .mpeg.exe
  • %WINDIR%\winsxs\installtemp\gzn4ud7e bd1l5ir mzwpstr8n bq4kno hole sgoibhh (g6u8n4r).rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play