ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.KillProc2.29491

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\horse 7vepaqjm cock hotel .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\fac71w2 xakmpl tsomq34 [bangbus] hole sm (sarah).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f1i7cm ddqayq yzw1afy [bangbus] hairy .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt horse lpcu5ai3 l9hwcs7vvnphd9 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt 7nd83wovj xxx ihthd33 cock ae2sd7u4xh (dxocjwba).mpg.exe
  • %ProgramFiles%\microsoft office\templates\f07qtt ddqayq horse epyxwn titts qq6w54yfhtqrbwcslg (dxocjwba).avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\beast girls boots (gina,y8oxsqa).zip.exe
  • %ProgramFiles%\windows journal\templates\nom72kl [bangbus] feet young (liz).mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\xxx uncut .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave cum nom72kl [free] cock .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f1i7cm h93bklf beast 7vepaqjm .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\z9z7rwe xakmpl gay uncut qx2j1b5 .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\yzw1afy uncut glans 779mipj .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx bd1l5ir xxx bq4kno titts 50+ .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\sperm apv53deiq9fw .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ apv53deiq9fw (y8oxsqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm h93bklf uncut titts sweet (sarah).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx ddqayq beast hot (!) hole boots .zip.exe
  • %ALLUSERSPROFILE%\templates\z1qxwcd nom72kl [free] glans .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt horse xxx uncut titts ol6p1tua (dxocjwba).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe wep6b08 gay [free] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt wep6b08 beast epyxwn hotel (gina,cy4xpd).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe 7nd83wovj xxx uncut hole .mpeg.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec cum yzw1afy big titts .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\xxx big 8pfmdyy (hyo87il,sarah).rar.exe
  • C:\users\default\appdata\local\temp\gay epyxwn titts qq6w54yfhtqrbwcslg (jade).mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\mnho9y54 hot (!) feet mg9fvb2xk9 .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\mzwpstr8n epyxwn b37oavmx289 .mpg.exe
  • %TEMP%\viaz50 yzw1afy uncut sm .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\ girls 8pfmdyy .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\xxx girls titts qx2j1b5 .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\gzn4ud7e bd1l5ir mzwpstr8n apv53deiq9fw gsva2xn .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\mzwpstr8n uncut (jade).zip.exe
  • %APPDATA%\microsoft\templates\f1i7cm xakmpl epyxwn 8bgkvshe1 .rar.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec h93bklf mnho9y54 epyxwn .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\xxx uncut .rar.exe
  • %HOMEPATH%\templates\upfgetx porn lpcu5ai3 [milf] titts latex .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt 8ok6yf mnho9y54 ihthd33 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e horse yzw1afy nom72kl .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\beast sgu4m7oc (cy4xpd).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\xxx 7vepaqjm .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\yzw1afy [milf] (karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm 8ok6yf lpcu5ai3 apv53deiq9fw titts (dehod0,2hbt8wr).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xxx big titts latex (2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 nude horse vjq39c1gwy glans .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\fac71w2 wep6b08 mzwpstr8n big titts 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt w6csjja14n1 mzwpstr8n bq4kno (liz).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\tsomq34 7vepaqjm glans balls (jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\xxx hot (!) (cy4xpd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt horse gay uncut .mpeg.exe
  • %WINDIR%\assembly\temp\nom72kl [milf] js80j73 (sonja,liz).avi.exe
  • %WINDIR%\assembly\tmp\yzw1afy hot (!) ae2sd7u4xh .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm w6csjja14n1 mzwpstr8n apv53deiq9fw titts .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\upfgetx w6csjja14n1 nom72kl vjq39c1gwy .rar.exe
  • %WINDIR%\pla\templates\s2fkave horse sperm 7vepaqjm cock .avi.exe
  • %WINDIR%\security\templates\upfgetx xakmpl nom72kl uncut (sarah).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\ apv53deiq9fw latex .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\nom72kl bq4kno 779mipj (36mho73,cy4xpd).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse l9hwcs7vvnphd9 glans .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm h93bklf mzwpstr8n girls glans hairy (2hbt8wr).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\sperm nom72kl feet sweet .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f07qtt ddqayq tsomq34 l9hwcs7vvnphd9 hairy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 big (jade).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx porn gay nom72kl glans hotel (sarah).mpg.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx 7nd83wovj tsomq34 ihthd33 hairy .mpg.exe
  • %WINDIR%\syswow64\ime\shared\yzw1afy nom72kl 8bgkvshe1 .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 cum tsomq34 vjq39c1gwy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 epyxwn (g6u8n4r).zip.exe
  • %WINDIR%\syswow64\fxstmp\beast hot (!) glans gh5b6gd7wrv (g6u8n4r).zip.exe
  • %WINDIR%\syswow64\ime\shared\yzw1afy [bangbus] balls (sandy,dxocjwba).avi.exe
  • %WINDIR%\temp\tsomq34 [milf] feet nmibe2 (2hbt8wr).mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play