ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.28508

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\nom72kl [bangbus] hole balls (dxocjwba).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx horse sperm uncut hole fw58kpr41ob1w .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\ [milf] hole .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e 7nd83wovj beast vjq39c1gwy titts (haj1oyikd,c4w8hqa).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay 7vepaqjm ol6p1tua .avi.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe w6csjja14n1 tsomq34 l9hwcs7vvnphd9 glans wifey .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\tsomq34 l9hwcs7vvnphd9 titts hairy .avi.exe
  • %ProgramFiles%\windows journal\templates\z9z7rwe 8ok6yf xxx hot (!) hairy .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\gzn4ud7e 7nd83wovj sperm bq4kno qx2j1b5 (rdl1tfkz,cy4xpd).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\gay sgu4m7oc young (jenna,g6u8n4r).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7b6fhxi beast uncut titts girly .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt bd1l5ir 7vepaqjm zn3tvn .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ bq4kno (2hbt8wr).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f1i7cm 7nd83wovj big 40+ .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\yzw1afy 7vepaqjm 8bgkvshe1 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave xakmpl mzwpstr8n ihthd33 js80j73 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm w6csjja14n1 sperm girls hairy (gina,2hbt8wr).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e ddqayq xxx big 50+ .rar.exe
  • %ALLUSERSPROFILE%\templates\f07qtt w6csjja14n1 tsomq34 nom72kl ejn547rbxhd1 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\beast [free] zmc8ujp .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave wep6b08 xxx sgu4m7oc (g6u8n4r).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black ddqayq lpcu5ai3 epyxwn titts zmc8ujp (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mnho9y54 [milf] sweet .rar.exe
  • %ALLUSERSPROFILE%\templates\upfgetx 7nd83wovj gay ihthd33 lzxyhb7k .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 8ok6yf mnho9y54 epyxwn .rar.exe
  • C:\users\default\appdata\local\temp\horse uncut 8pfmdyy .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\eq7k2xcxt nude mnho9y54 nom72kl cock (sonja,g6u8n4r).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\tsomq34 big (liz).mpg.exe
  • C:\users\default\templates\fac71w2 w6csjja14n1 tsomq34 epyxwn zmc8ujp .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e cum yzw1afy apv53deiq9fw .zip.exe
  • %TEMP%\nom72kl bq4kno hole .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\black bd1l5ir gay girls qq6w54yfhtqrbwcslg .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\beast sgu4m7oc cock .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\upfgetx h93bklf yzw1afy ihthd33 .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\mzwpstr8n hot (!) zn3tvn (dehod0,y8oxsqa).zip.exe
  • %APPDATA%\microsoft\templates\s2fkave wep6b08 mnho9y54 epyxwn 779mipj .rar.exe
  • %APPDATA%\microsoft\windows\templates\ uncut feet .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\s2fkave 8ok6yf mnho9y54 big fw58kpr41ob1w .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\eq7k2xcxt cum mzwpstr8n ihthd33 .mpg.exe
  • %HOMEPATH%\templates\fac71w2 nude xxx ihthd33 zmc8ujp .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe cum gay nom72kl ae2sd7u4xh .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe cum tsomq34 bq4kno titts ol6p1tua .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\nom72kl nom72kl (jade).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black bd1l5ir sperm apv53deiq9fw .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\horse [bangbus] (cy4xpd).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xxx [milf] glans zn3tvn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx w6csjja14n1 horse vjq39c1gwy nmibe2 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xxx [free] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black 7nd83wovj yzw1afy hot (!) titts 779mipj .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mzwpstr8n girls hole fishy (cy4xpd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\fac71w2 bd1l5ir lpcu5ai3 sgu4m7oc hotel .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\eq7k2xcxt xakmpl mnho9y54 bq4kno lzxyhb7k .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nom72kl [milf] .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt cum [milf] .rar.exe
  • %WINDIR%\assembly\temp\8r3baiec xakmpl xxx vjq39c1gwy lady .zip.exe
  • %WINDIR%\assembly\tmp\xxx l9hwcs7vvnphd9 nrb42wq .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\sperm big ae2sd7u4xh .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f07qtt w6csjja14n1 gay girls titts fishy .rar.exe
  • %WINDIR%\pla\templates\eq7k2xcxt w6csjja14n1 sperm ihthd33 js80j73 .avi.exe
  • %WINDIR%\security\templates\f1i7cm nude yzw1afy nom72kl .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy uncut cock .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt cum mzwpstr8n apv53deiq9fw gh5b6gd7wrv .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mzwpstr8n ihthd33 titts (36mho73,y8oxsqa).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\tsomq34 vjq39c1gwy feet (rdl1tfkz,2hbt8wr).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\yzw1afy big hole .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mzwpstr8n uncut fw58kpr41ob1w (36mho73,y8oxsqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm hot (!) 8pfmdyy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt w6csjja14n1 nom72kl apv53deiq9fw (cy4xpd).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti mzwpstr8n big titts .avi.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave 7nd83wovj nom72kl big lzxyhb7k .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\black 7nd83wovj tsomq34 apv53deiq9fw glans qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay l9hwcs7vvnphd9 nrb42wq (36mho73,g6u8n4r).rar.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx ddqayq mzwpstr8n nom72kl feet zmc8ujp .mpg.exe
  • %WINDIR%\temp\eq7k2xcxt porn yzw1afy [bangbus] .mpeg.exe
  • %WINDIR%\winsxs\installtemp\8ok6yf beast nom72kl cock .mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\7b6fhxi mzwpstr8n ihthd33 mg9fvb2xk9 .mpg.exe
  • %CommonProgramFiles%\microsoft shared\fac71w2 bd1l5ir nom72kl [free] gh5b6gd7wrv .rar.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e xakmpl [free] qx2j1b5 (sonja,dxocjwba).rar.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx porn xxx [milf] cock .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\asian gay horse sgu4m7oc hole (liz,jade).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx horse yzw1afy nom72kl cock mg9fvb2xk9 .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave wep6b08 sperm 7vepaqjm boots .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ bq4kno titts latex .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mnho9y54 8ok6yf uncut jxqgtp balls .mpg.exe
  • %ProgramFiles%\microsoft office\templates\eq7k2xcxt h93bklf tsomq34 l9hwcs7vvnphd9 sm .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black 7nd83wovj sperm [bangbus] ae2sd7u4xh .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\horse uncut feet js80j73 .rar.exe
  • %ProgramFiles%\windows journal\templates\beast vjq39c1gwy lzxyhb7k (sonja,c4w8hqa).mpg.exe
  • %ProgramFiles%\microsoft office\templates\nom72kl yzw1afy apv53deiq9fw 8pfmdyy .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\upfgetx yzw1afy sgu4m7oc cock .zip.exe
  • %ProgramFiles%\windows journal\templates\porn wep6b08 apv53deiq9fw .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\sperm ihthd33 (c4w8hqa).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\4h1e2a346 beast sgu4m7oc 779mipj .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\mzwpstr8n l9hwcs7vvnphd9 (y8oxsqa,karin).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\8r3baiec ddqayq mnho9y54 epyxwn .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\w6csjja14n1 big .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\fac71w2 bd1l5ir lpcu5ai3 apv53deiq9fw .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\black porn apv53deiq9fw 8pfmdyy (c4w8hqa,sonja).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ uncut hole qx2j1b5 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\8r3baiec yzw1afy porn [free] ash latex (sarah).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt h93bklf yzw1afy epyxwn .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ikdyfwhy sperm w6csjja14n1 vjq39c1gwy (karin,sarah).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm nude nom72kl 7vepaqjm feet wifey (2hbt8wr).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse 7vepaqjm jxqgtp .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse [bangbus] ol6p1tua .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe ddqayq tsomq34 [milf] fishy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay apv53deiq9fw ae2sd7u4xh .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm 8ok6yf nom72kl bq4kno glans (jenna,g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e w6csjja14n1 big feet zn3tvn (sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm [bangbus] feet hairy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt porn yzw1afy epyxwn ol6p1tua .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec w6csjja14n1 [free] titts 8pfmdyy (gina,g6u8n4r).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\ikdyfwhy xakmpl uncut .mpg.exe
  • %ALLUSERSPROFILE%\templates\horse girls ol6p1tua (jenna,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 cum mzwpstr8n girls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx xxx apv53deiq9fw balls .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse ihthd33 fishy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy girls cock (2hbt8wr,g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt ddqayq tsomq34 sgu4m7oc ol6p1tua .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 tsomq34 sgu4m7oc (cy4xpd,dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm ddqayq epyxwn .rar.exe
  • %ALLUSERSPROFILE%\templates\black wep6b08 tsomq34 [free] (2hbt8wr).avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e nude beast nom72kl .zip.exe
  • C:\users\default\appdata\local\temp\yzw1afy big hole lady (y8oxsqa).avi.exe
  • %ALLUSERSPROFILE%\templates\viaz50 lpcu5ai3 [free] ejn547rbxhd1 .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe h93bklf mnho9y54 bq4kno qq6w54yfhtqrbwcslg (dehod0,sarah).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\wpjwijv nom72kl yzw1afy uncut zmc8ujp .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\horse apv53deiq9fw glans ejn547rbxhd1 .mpg.exe
  • C:\users\default\appdata\local\temp\zc8giv9 tsomq34 gay vjq39c1gwy mg9fvb2xk9 .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\nom72kl epyxwn jxqgtp .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\bd1l5ir sgu4m7oc legs fishy .rar.exe
  • C:\users\default\templates\mnho9y54 vjq39c1gwy hole .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 horse sgu4m7oc titts eigt45 (jade).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\cum big .zip.exe
  • %TEMP%\wpjwijv h93bklf uncut .rar.exe
  • %TEMP%\mnho9y54 vjq39c1gwy cock gsva2xn (y8oxsqa).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\zc8giv9 mzwpstr8n l9hwcs7vvnphd9 balls .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\gay bq4kno sm .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 epyxwn sm .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\7b6fhxi porn [bangbus] feet hotel (rdl1tfkz,hyo87il).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\beast gay [free] kfp2yqq .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\8r3baiec porn [milf] cock wifey .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\8r3baiec cum beast l9hwcs7vvnphd9 6tl9zg0uqa (dehod0,jade).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\7b6fhxi yzw1afy nom72kl lzxyhb7k (gina).avi.exe
  • %APPDATA%\microsoft\templates\asian mnho9y54 beast apv53deiq9fw jxqgtp .rar.exe
  • %APPDATA%\microsoft\templates\fac71w2 8ok6yf nom72kl l9hwcs7vvnphd9 gsva2xn .rar.exe
  • %APPDATA%\microsoft\windows\templates\horse vjq39c1gwy 8pfmdyy (36mho73,2hbt8wr).zip.exe
  • %APPDATA%\microsoft\windows\templates\w6csjja14n1 ddqayq big sgoibhh .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z1qxwcd xxx bq4kno mg9fvb2xk9 .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\gzn4ud7e bd1l5ir tsomq34 uncut hole .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\horse nom72kl boots .avi.exe
  • %HOMEPATH%\templates\black tsomq34 mnho9y54 nom72kl cock (gina,karin).avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\black h93bklf lpcu5ai3 nom72kl rv0y8n .rar.exe
  • %HOMEPATH%\templates\nom72kl sgu4m7oc titts .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay horse big ejn547rbxhd1 (liz,jade).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black wep6b08 tsomq34 big sweet .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe porn horse sgu4m7oc fishy .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave beast horse uncut .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black bd1l5ir hot (!) titts .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt xakmpl beast big hole zn3tvn (jade).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy [milf] jxqgtp js80j73 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy uncut gsva2xn .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\yzw1afy xxx ihthd33 zn3tvn .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\yzw1afy girls titts sweet (2hbt8wr).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\horse [milf] fishy .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\lpcu5ai3 [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt horse mnho9y54 ihthd33 (liz).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z1qxwcd w6csjja14n1 cum l9hwcs7vvnphd9 mg9fvb2xk9 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\zc8giv9 w6csjja14n1 porn [milf] legs qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\s2fkave xakmpl [bangbus] glans (hyo87il,g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\gzn4ud7e nude xxx bq4kno (g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\cum epyxwn zn3tvn .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\black w6csjja14n1 xxx uncut gh5b6gd7wrv (haj1oyikd,2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\7b6fhxi gay bq4kno .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xakmpl apv53deiq9fw nmibe2 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\viaz50 porn big boots .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\8r3baiec 8ok6yf tsomq34 nom72kl (jade).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black horse mzwpstr8n [milf] titts nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm w6csjja14n1 gay hot (!) .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\s2fkave nude sgu4m7oc nrb42wq (sandy).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z1qxwcd porn [milf] .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe 7nd83wovj gay uncut ash .mpeg.exe
  • %WINDIR%\assembly\temp\tsomq34 lpcu5ai3 uncut jxqgtp latex .mpeg.exe
  • %WINDIR%\assembly\temp\lpcu5ai3 l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\assembly\tmp\viaz50 bd1l5ir uncut .mpg.exe
  • %WINDIR%\assembly\tmp\lpcu5ai3 ihthd33 hole .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e gay sgu4m7oc kfp2yqq 8pfmdyy (dxocjwba,sandy).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm ddqayq beast [bangbus] (dxocjwba).zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy vjq39c1gwy hole zn3tvn .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mnho9y54 vjq39c1gwy 40+ .zip.exe
  • %WINDIR%\pla\templates\mzwpstr8n [milf] hole .rar.exe
  • %WINDIR%\pla\templates\s2fkave ddqayq mzwpstr8n [milf] glans 6tl9zg0uqa .zip.exe
  • %WINDIR%\security\templates\f1i7cm 7nd83wovj xxx uncut cock .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy l9hwcs7vvnphd9 cock .rar.exe
  • %WINDIR%\security\templates\black porn 8ok6yf epyxwn qx2j1b5 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt nude sperm bq4kno qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n gay nom72kl shoes .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mnho9y54 big (sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\7b6fhxi 7nd83wovj l9hwcs7vvnphd9 hotel .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\sperm cum uncut wifey (c4w8hqa,sarah).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\bd1l5ir lpcu5ai3 big 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\xxx hot (!) titts zmc8ujp .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\viaz50 wep6b08 7vepaqjm 50+ (y8oxsqa,sandy).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black horse nom72kl bq4kno shoes .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f07qtt porn uncut hole .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe h93bklf gay [bangbus] 40+ .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec 7nd83wovj xxx 7vepaqjm fishy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\4h1e2a346 mnho9y54 big zmc8ujp .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e cum sperm [bangbus] fw58kpr41ob1w .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nude sgu4m7oc .mpg.exe
  • %WINDIR%\syswow64\fxstmp\zc8giv9 beast [free] sgoibhh .mpg.exe
  • %WINDIR%\syswow64\ime\shared\wep6b08 mnho9y54 nom72kl (cy4xpd).mpg.exe
  • %WINDIR%\syswow64\fxstmp\wpjwijv lpcu5ai3 [free] .mpg.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl [bangbus] hole (jenna,2hbt8wr).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec porn tsomq34 uncut legs .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd tsomq34 vjq39c1gwy gsva2xn (cy4xpd,haj1oyikd).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\beast [bangbus] cock .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 mnho9y54 7vepaqjm ejn547rbxhd1 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\0287zh bd1l5ir mnho9y54 vjq39c1gwy (karin).rar.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec bd1l5ir tsomq34 sgu4m7oc legs .zip.exe
  • %WINDIR%\syswow64\fxstmp\gay ihthd33 .rar.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec 7nd83wovj tsomq34 uncut .mpeg.exe
  • %WINDIR%\temp\z9z7rwe cum gay l9hwcs7vvnphd9 (dxocjwba).zip.exe
  • %WINDIR%\temp\gzn4ud7e tsomq34 h93bklf apv53deiq9fw ash (c4w8hqa).zip.exe
  • %WINDIR%\winsxs\installtemp\wep6b08 sperm uncut glans hotel .avi.exe
  • %WINDIR%\winsxs\installtemp\8ok6yf xxx [bangbus] ejn547rbxhd1 .mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play