ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.28008

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\eq7k2xcxt nude yzw1afy big sweet .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\8r3baiec 8ok6yf gay bq4kno qx2j1b5 (hyo87il,liz).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\fac71w2 h93bklf horse nom72kl (sarah).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt horse mnho9y54 bq4kno cock wifey .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\yzw1afy apv53deiq9fw hole sweet .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\s2fkave h93bklf sgu4m7oc .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\yzw1afy ihthd33 feet hairy .mpg.exe
  • %ProgramFiles%\windows journal\templates\eq7k2xcxt xakmpl [bangbus] hole (gina,jade).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\s2fkave bd1l5ir tsomq34 [free] glans .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 wep6b08 mzwpstr8n uncut (karin).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\sperm uncut .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\fac71w2 ddqayq tsomq34 epyxwn cock boots (y8oxsqa).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\nom72kl 7vepaqjm feet ol6p1tua .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black 8ok6yf mzwpstr8n [milf] .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\upfgetx 7nd83wovj xxx [free] (y8oxsqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave h93bklf 7vepaqjm cock nmibe2 (c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec cum nom72kl hot (!) glans hairy (liz).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 uncut glans .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx 7nd83wovj yzw1afy uncut feet eigt45 (g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 [free] b37oavmx289 (haj1oyikd,sarah).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 bd1l5ir lpcu5ai3 apv53deiq9fw .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe bd1l5ir lpcu5ai3 [milf] titts .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 nude yzw1afy bq4kno ae2sd7u4xh .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec bd1l5ir uncut 6tl9zg0uqa .zip.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 girls hole js80j73 .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\horse bq4kno hole fw58kpr41ob1w .avi.exe
  • C:\users\default\appdata\local\temp\gay vjq39c1gwy 8bgkvshe1 (sandy,dxocjwba).mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\beast bq4kno hole .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xxx girls sm .avi.exe
  • C:\users\default\templates\beast uncut .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\eq7k2xcxt 7nd83wovj tsomq34 sgu4m7oc (c4w8hqa).mpeg.exe
  • %TEMP%\f1i7cm horse gay l9hwcs7vvnphd9 mg9fvb2xk9 .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\s2fkave cum lpcu5ai3 bq4kno b37oavmx289 (rdl1tfkz,y8oxsqa).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\nom72kl apv53deiq9fw hole ash .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt nude nom72kl hole balls .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\upfgetx ddqayq tsomq34 [milf] feet .avi.exe
  • %APPDATA%\microsoft\templates\f07qtt porn mzwpstr8n 7vepaqjm (dxocjwba).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\gay [milf] titts .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 7nd83wovj tsomq34 l9hwcs7vvnphd9 cock gh5b6gd7wrv .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\mzwpstr8n epyxwn qq6w54yfhtqrbwcslg .mpeg.exe
  • %HOMEPATH%\templates\fac71w2 xakmpl sgu4m7oc cock fw58kpr41ob1w (g6u8n4r).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black porn mnho9y54 nom72kl wifey .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black 8ok6yf horse vjq39c1gwy (jade).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e 8ok6yf nom72kl apv53deiq9fw (c4w8hqa).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 w6csjja14n1 xxx l9hwcs7vvnphd9 feet hairy .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\sperm uncut (sarah).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\jxaglwti xxx [free] gh5b6gd7wrv (dehod0,karin).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\mzwpstr8n big .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy girls glans .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\lpcu5ai3 nom72kl feet boots (g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ hot (!) feet .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\fac71w2 wep6b08 beast bq4kno hole ash .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm w6csjja14n1 horse vjq39c1gwy sgoibhh .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\yzw1afy uncut zn3tvn (sandy,2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\temp\s2fkave w6csjja14n1 lpcu5ai3 ihthd33 .avi.exe
  • %WINDIR%\assembly\tmp\f07qtt wep6b08 beast hot (!) js80j73 .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\tsomq34 7vepaqjm cock ae2sd7u4xh .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe 8ok6yf uncut ol6p1tua .avi.exe
  • %WINDIR%\pla\templates\sperm [milf] titts .zip.exe
  • %WINDIR%\security\templates\f07qtt wep6b08 beast ihthd33 (cy4xpd).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 porn vjq39c1gwy cock .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 girls qq6w54yfhtqrbwcslg (gina,jade).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e wep6b08 tsomq34 l9hwcs7vvnphd9 feet js80j73 (y8oxsqa).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\h93bklf yzw1afy girls gsva2xn .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\nom72kl big rv0y8n .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt xakmpl sperm nom72kl cock b37oavmx289 (dxocjwba).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse nom72kl .mpg.exe
  • %WINDIR%\syswow64\fxstmp\xxx bq4kno cock .zip.exe
  • %WINDIR%\syswow64\ime\shared\lpcu5ai3 nom72kl (c4w8hqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\s2fkave xakmpl xxx nom72kl qx2j1b5 (gina,dxocjwba).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave nude beast nom72kl hairy .zip.exe
  • %WINDIR%\syswow64\fxstmp\gay nom72kl zn3tvn .mpg.exe
  • %WINDIR%\syswow64\ime\shared\z9z7rwe ddqayq sperm [bangbus] hole gh5b6gd7wrv (dxocjwba).mpg.exe
  • %WINDIR%\temp\gzn4ud7e xakmpl ihthd33 hole ash .zip.exe
  • %WINDIR%\winsxs\installtemp\horse gay l9hwcs7vvnphd9 feet .rar.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\lpcu5ai3 ihthd33 (liz).mpeg.exe
  • %CommonProgramFiles%\microsoft shared\beast big .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\gay girls .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\wep6b08 8ok6yf [milf] hotel .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\xakmpl wep6b08 uncut kfp2yqq (karin,liz).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f07qtt xakmpl horse sgu4m7oc .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\lpcu5ai3 apv53deiq9fw hairy .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx xxx epyxwn (cy4xpd,c4w8hqa).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\horse vjq39c1gwy titts .zip.exe
  • %ProgramFiles%\microsoft office\templates\ 8ok6yf nom72kl 779mipj .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 cum beast uncut ol6p1tua .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gzn4ud7e w6csjja14n1 [milf] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 horse mnho9y54 [free] .avi.exe
  • %ProgramFiles%\windows journal\templates\tsomq34 sgu4m7oc glans (dxocjwba,sonja).avi.exe
  • %ProgramFiles%\windows journal\templates\upfgetx ddqayq sperm [bangbus] (liz).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm h93bklf gay epyxwn cock nrb42wq .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\fac71w2 wep6b08 ihthd33 6tl9zg0uqa .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\w6csjja14n1 vjq39c1gwy zn3tvn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ [bangbus] qq6w54yfhtqrbwcslg .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z9z7rwe wep6b08 nom72kl nom72kl glans .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\lpcu5ai3 bq4kno wifey .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\beast epyxwn ol6p1tua .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f1i7cm porn xxx [milf] feet .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f1i7cm wep6b08 gay [milf] 40+ (gina,g6u8n4r).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm wep6b08 xxx girls feet .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e yzw1afy horse apv53deiq9fw nrb42wq .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\fac71w2 7nd83wovj ddqayq vjq39c1gwy .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f1i7cm ddqayq horse [milf] glans sweet (liz).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z1qxwcd sperm nom72kl [bangbus] (jenna,gina).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse vjq39c1gwy glans (36mho73,c4w8hqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\yzw1afy mzwpstr8n 7vepaqjm (y8oxsqa,g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe w6csjja14n1 sperm girls young .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gay [milf] glans sm (cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\templates\gay [milf] eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx [milf] ae2sd7u4xh .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tsomq34 epyxwn .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 tsomq34 apv53deiq9fw boobs ash (sandy).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay hot (!) cock .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx ihthd33 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 xxx hot (!) jxqgtp 50+ (sarah,liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec beast 7vepaqjm young .mpg.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 cum sperm vjq39c1gwy .zip.exe
  • %ALLUSERSPROFILE%\templates\jxaglwti w6csjja14n1 uncut zn3tvn (36mho73,g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\asian 7nd83wovj mzwpstr8n [milf] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\asian h93bklf 7nd83wovj apv53deiq9fw zmc8ujp (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 yzw1afy tsomq34 sgu4m7oc boobs .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 8ok6yf yzw1afy ihthd33 cock .mpeg.exe
  • C:\users\default\appdata\local\temp\nom72kl apv53deiq9fw ash .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\sperm apv53deiq9fw feet (dehod0,karin).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\beast [milf] cock lzxyhb7k .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt tsomq34 w6csjja14n1 sgu4m7oc (hyo87il).mpeg.exe
  • C:\users\default\templates\f1i7cm ddqayq gay bq4kno (sarah).avi.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 uncut nrb42wq .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy mnho9y54 big glans sm (sonja).mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\8r3baiec xakmpl beast bq4kno 8bgkvshe1 .mpeg.exe
  • C:\users\default\appdata\local\temp\z1qxwcd horse apv53deiq9fw 6tl9zg0uqa .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\beast ihthd33 hole sm .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\sperm mzwpstr8n uncut sm .avi.exe
  • %TEMP%\tsomq34 sgu4m7oc cock (dehod0,sarah).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt bd1l5ir [bangbus] balls .avi.exe
  • C:\users\default\templates\4h1e2a346 wep6b08 8ok6yf big titts .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 [free] (jade).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f1i7cm cum yzw1afy l9hwcs7vvnphd9 hole mg9fvb2xk9 (jade).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\eq7k2xcxt h93bklf beast sgu4m7oc titts ol6p1tua (y8oxsqa).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\w6csjja14n1 xxx hot (!) .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse epyxwn .mpeg.exe
  • %TEMP%\upfgetx horse horse girls cock .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\wpjwijv nom72kl 7vepaqjm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\cum xxx uncut boobs nrb42wq .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\viaz50 w6csjja14n1 xxx [milf] hole (gina,36mho73).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\xxx 8ok6yf uncut (2hbt8wr,36mho73).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\tsomq34 7vepaqjm fw58kpr41ob1w .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\horse big cock .mpeg.exe
  • %APPDATA%\microsoft\templates\8ok6yf h93bklf [bangbus] .avi.exe
  • %HOMEPATH%\templates\8r3baiec horse yzw1afy hot (!) hole .rar.exe
  • %APPDATA%\microsoft\windows\templates\xxx ihthd33 6tl9zg0uqa .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\0287zh h93bklf uncut feet gsva2xn .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\nom72kl girls hole eigt45 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy epyxwn titts lzxyhb7k (liz).mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\cum mzwpstr8n [bangbus] 779mipj (dxocjwba,sarah).rar.exe
  • %HOMEPATH%\templates\yzw1afy sperm vjq39c1gwy jxqgtp gh5b6gd7wrv .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt bd1l5ir yzw1afy [free] .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 w6csjja14n1 horse 7vepaqjm 8bgkvshe1 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ [free] nrb42wq .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ 8ok6yf [milf] titts (dehod0).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave bd1l5ir epyxwn hole (sonja,c4w8hqa).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z1qxwcd nude uncut glans rv0y8n .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 hot (!) zmc8ujp .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mnho9y54 [bangbus] mg9fvb2xk9 .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\asian mnho9y54 xxx epyxwn (c4w8hqa).zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\beast bq4kno .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\s2fkave wep6b08 horse [free] gh5b6gd7wrv (sonja,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\jxaglwti cum [milf] (sonja,hyo87il).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\lpcu5ai3 7nd83wovj uncut gsva2xn (cy4xpd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm h93bklf sperm bq4kno titts .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx wep6b08 lpcu5ai3 vjq39c1gwy hairy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f07qtt sperm nom72kl fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\viaz50 lpcu5ai3 xakmpl l9hwcs7vvnphd9 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 [milf] (dxocjwba).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 horse apv53deiq9fw latex .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ girls balls .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\8r3baiec 7nd83wovj porn 7vepaqjm ejn547rbxhd1 (gina).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black 8ok6yf nom72kl nom72kl gh5b6gd7wrv (gina,liz).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm horse yzw1afy sgu4m7oc glans 779mipj .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse xakmpl [free] wifey (y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black cum gay [free] .avi.exe
  • %WINDIR%\assembly\temp\gzn4ud7e wep6b08 xxx bq4kno .rar.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt 8ok6yf mzwpstr8n bq4kno ejn547rbxhd1 .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\w6csjja14n1 h93bklf vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\temp\gzn4ud7e mzwpstr8n big .mpeg.exe
  • %WINDIR%\assembly\tmp\w6csjja14n1 tsomq34 ihthd33 gsva2xn (sonja,sarah).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt h93bklf sperm epyxwn 6tl9zg0uqa .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gay ihthd33 40+ .zip.exe
  • %WINDIR%\pla\templates\beast nom72kl boots .mpg.exe
  • %WINDIR%\security\templates\8r3baiec porn mnho9y54 7vepaqjm sm .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt porn mzwpstr8n uncut (c4w8hqa).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 big fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 yzw1afy epyxwn cock young .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave 8ok6yf horse [milf] .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\fac71w2 wep6b08 lpcu5ai3 uncut feet .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\black 8ok6yf mnho9y54 girls qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 sgu4m7oc cock sgoibhh .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt horse uncut feet .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\4h1e2a346 horse vjq39c1gwy hotel .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\s2fkave mzwpstr8n w6csjja14n1 [milf] (2hbt8wr).rar.exe
  • %WINDIR%\pla\templates\ddqayq yzw1afy vjq39c1gwy wifey .rar.exe
  • %WINDIR%\security\templates\eq7k2xcxt beast tsomq34 sgu4m7oc fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt cum horse 7vepaqjm lzxyhb7k (sonja).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z1qxwcd horse hot (!) 6tl9zg0uqa .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay lpcu5ai3 uncut gsva2xn .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy bd1l5ir girls glans eigt45 (hyo87il).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wpjwijv yzw1afy nude girls ae2sd7u4xh .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\ nom72kl 8bgkvshe1 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\s2fkave mnho9y54 beast vjq39c1gwy jxqgtp sm (jenna,sonja).zip.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl [free] cock .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\yzw1afy gay nom72kl fw58kpr41ob1w .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 mzwpstr8n 7vepaqjm .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt porn [bangbus] glans .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 bq4kno nrb42wq .rar.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt wep6b08 beast girls glans js80j73 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\mnho9y54 [free] .rar.exe
  • %WINDIR%\temp\fac71w2 bd1l5ir tsomq34 vjq39c1gwy gh5b6gd7wrv .rar.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec mnho9y54 mnho9y54 uncut jxqgtp (2hbt8wr).zip.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec tsomq34 [bangbus] sm .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\7b6fhxi porn 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave horse hot (!) zmc8ujp .zip.exe
  • %WINDIR%\syswow64\fxstmp\horse beast [bangbus] (36mho73).zip.exe
  • %WINDIR%\syswow64\ime\shared\wpjwijv lpcu5ai3 xakmpl [free] nrb42wq .avi.exe
  • %WINDIR%\temp\zc8giv9 bd1l5ir epyxwn (cy4xpd).mpeg.exe
  • %WINDIR%\winsxs\installtemp\f07qtt ddqayq gay apv53deiq9fw .mpg.exe
  • %WINDIR%\winsxs\installtemp\ 7nd83wovj [free] .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play