ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.29599

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\zc8giv9 lpcu5ai3 nude sgu4m7oc jxqgtp 8pfmdyy .rar.exe
  • %ProgramFiles%\dvd maker\shared\black h93bklf ddqayq uncut 6tl9zg0uqa .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\8r3baiec 7nd83wovj w6csjja14n1 apv53deiq9fw boots .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black ddqayq ihthd33 glans sweet (jenna,jade).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\jxaglwti yzw1afy tsomq34 [bangbus] sweet .zip.exe
  • %ProgramFiles%\microsoft office\templates\7b6fhxi mzwpstr8n yzw1afy sgu4m7oc ejn547rbxhd1 (gina,sandy).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z1qxwcd 8ok6yf yzw1afy [bangbus] ash .mpg.exe
  • %ProgramFiles%\windows journal\templates\upfgetx xakmpl w6csjja14n1 7vepaqjm .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\4h1e2a346 w6csjja14n1 nom72kl nmibe2 .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 xxx yzw1afy uncut lady .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\8r3baiec mzwpstr8n ihthd33 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\jxaglwti 7nd83wovj [free] legs wifey .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\xxx sgu4m7oc (sonja).rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ddqayq girls glans qx2j1b5 (cy4xpd,liz).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\mzwpstr8n xakmpl epyxwn lady .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx porn epyxwn ash .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm xakmpl w6csjja14n1 big .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt lpcu5ai3 vjq39c1gwy latex .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\horse apv53deiq9fw 779mipj (dehod0,haj1oyikd).rar.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec 8ok6yf tsomq34 nom72kl glans (sonja).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\cum horse big legs .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 tsomq34 nom72kl hot (!) (dehod0,sonja).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm 7nd83wovj lpcu5ai3 [free] wifey .mpg.exe
  • %ALLUSERSPROFILE%\templates\ bq4kno 40+ .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\h93bklf wep6b08 l9hwcs7vvnphd9 ejn547rbxhd1 .mpg.exe
  • C:\users\default\appdata\local\temp\lpcu5ai3 hot (!) nrb42wq .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\8ok6yf vjq39c1gwy ae2sd7u4xh .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nude mnho9y54 big .avi.exe
  • C:\users\default\templates\eq7k2xcxt nude horse 7vepaqjm cock 779mipj .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\s2fkave tsomq34 [milf] zn3tvn .avi.exe
  • %TEMP%\f1i7cm ddqayq l9hwcs7vvnphd9 ash .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\z9z7rwe gay horse girls mg9fvb2xk9 .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\ uncut 50+ .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\8r3baiec tsomq34 apv53deiq9fw sweet .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\jxaglwti nom72kl lpcu5ai3 uncut 8pfmdyy (gina,dehod0).rar.exe
  • %APPDATA%\microsoft\templates\z9z7rwe horse cum bq4kno jxqgtp .mpg.exe
  • %APPDATA%\microsoft\windows\templates\wpjwijv mzwpstr8n xakmpl bq4kno cock sweet .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\eq7k2xcxt horse lpcu5ai3 sgu4m7oc js80j73 .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\s2fkave tsomq34 horse bq4kno nmibe2 .mpeg.exe
  • %HOMEPATH%\templates\zc8giv9 mnho9y54 w6csjja14n1 girls js80j73 .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\tsomq34 apv53deiq9fw 779mipj .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\jxaglwti xxx nude bq4kno feet zmc8ujp (sandy,gina).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\yzw1afy [free] .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f07qtt wep6b08 apv53deiq9fw 50+ (sandy).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\upfgetx horse sgu4m7oc balls .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\asian bd1l5ir horse hot (!) (sarah,sonja).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\jxaglwti tsomq34 tsomq34 [milf] hole .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec wep6b08 [bangbus] ash 50+ .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\jxaglwti bd1l5ir uncut nrb42wq (g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe xxx girls b37oavmx289 (cy4xpd).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\cum l9hwcs7vvnphd9 boobs js80j73 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\jxaglwti bd1l5ir wep6b08 bq4kno sgoibhh .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse mnho9y54 big cock (y8oxsqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt tsomq34 l9hwcs7vvnphd9 shoes .mpeg.exe
  • %WINDIR%\assembly\temp\fac71w2 w6csjja14n1 [milf] (2hbt8wr,karin).rar.exe
  • %WINDIR%\assembly\tmp\ddqayq big .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\7b6fhxi mzwpstr8n [free] nrb42wq .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\upfgetx 7nd83wovj w6csjja14n1 [milf] shoes (c4w8hqa).zip.exe
  • %WINDIR%\pla\templates\ikdyfwhy ddqayq tsomq34 l9hwcs7vvnphd9 titts .rar.exe
  • %WINDIR%\security\templates\upfgetx 7nd83wovj mzwpstr8n epyxwn (jade,rdl1tfkz).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8ok6yf xxx sgu4m7oc .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\wpjwijv porn [bangbus] legs ae2sd7u4xh .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\7nd83wovj apv53deiq9fw .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 sperm h93bklf bq4kno ash .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\0287zh 7nd83wovj bq4kno balls (sonja,haj1oyikd).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e xakmpl [free] cock .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yzw1afy nude uncut .mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play