Trojan.KillProc.32764

Technical Information

Malicious functions:

Executes the following:

'<SYSTEM32>\sc.exe' stop "WSearch"
'<SYSTEM32>\sc.exe' stop "defragsvc"
'<SYSTEM32>\sc.exe' stop "CscService"
'<SYSTEM32>\sc.exe' stop "SysMain"
'<SYSTEM32>\find.exe' " 5."
'<SYSTEM32>\ping.exe' 127.0.0.1 -n 4
'%WINDIR%\explorer.exe'
'<SYSTEM32>\ping.exe' 127.0.0.1 -n 2
'<SYSTEM32>\reg.exe' query "HKU\S-1-5-19\Environment"
'<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" /t REG_DWORD /d "0" /f
'<SYSTEM32>\cmd.exe' /c ""%TEMP%\Jump.cmd" "
'<SYSTEM32>\mode.com' con cols=60 lines=5
'<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f
'<SYSTEM32>\taskkill.exe' /f /im explorer.exe /t
'<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" /t REG_DWORD /d "0" /f
'<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f

Terminates or attempts to terminate

the following system processes:

%WINDIR%\Explorer.EXE
<SYSTEM32>\ctfmon.exe

Modifies file system :

Creates the following files:

%TEMP%\_My_\Links\__Windows\run 실행.lnk
%TEMP%\_My_\Links\__Windows\schedtasks 작업 스케줄러.lnk
%TEMP%\_My_\Links\__Windows\screensaver 화면 보호기.lnk
%TEMP%\_My_\Links\__Windows\Resource Monitor 리소스 모니터.lnk
%TEMP%\_My_\Links\__Windows\Recovery 복구.lnk
%TEMP%\_My_\Links\__Windows\regedit 레지편집기.lnk
%TEMP%\_My_\Links\__Windows\Remote Desktop Connection.lnk
%TEMP%\_My_\Links\__Windows\secpol.msc 로컬보안정책.lnk
%TEMP%\_My_\Links\__Windows\Start Menu Programs.lnk
%TEMP%\_My_\Links\__Windows\Steps Recorder 단계 녹화.lnk
%TEMP%\_My_\Links\__Windows\Sticky Notes 스티커 메모.lnk
%TEMP%\_My_\Links\__Windows\Sound Recorder 녹음기.lnk
%TEMP%\_My_\Links\__Windows\SendTo 보내기.lnk
%TEMP%\_My_\Links\__Windows\services.msc 서비스.lnk
%TEMP%\_My_\Links\__Windows\Snipping Tool 화면 캡처도구.lnk
%TEMP%\_My_\Links\__Windows\Print Management.lnk
%TEMP%\_My_\Links\__Windows\MobilityCenter 모바일 센터.lnk
%TEMP%\_My_\Links\__Windows\Mouse 마우스 속성.lnk
%TEMP%\_My_\Links\__Windows\msconfig 시스템구성.lnk
%TEMP%\_My_\Links\__Windows\Memory Diagnostics Tool.lnk
%TEMP%\_My_\Links\__Windows\lusrmgr 로컬 사용자 및 그룹.lnk
%TEMP%\_My_\Links\__Windows\Magnify 돋보기.lnk
%TEMP%\_My_\Links\__Windows\Math Input Panel 수식 입력기.lnk
%TEMP%\_My_\Links\__Windows\ncpa.cpl 네트워크 연결.lnk
%TEMP%\_My_\Links\__Windows\Performance Monitor 성능 모니터.lnk
%TEMP%\_My_\Links\__Windows\powercfg.cpl ,1 전원옵션 고급설정.lnk
%TEMP%\_My_\Links\__Windows\powercfg.cpl 전원 옵션.lnk
%TEMP%\_My_\Links\__Windows\Paint 그림판.lnk
%TEMP%\_My_\Links\__Windows\Netplwiz 사용자 계정 편집.lnk
%TEMP%\_My_\Links\__Windows\ODBC Data Sources.lnk
%TEMP%\_My_\Links\__Windows\osk.exe 화상키보드.lnk
%TEMP%\_My_\Links\__Windows\SyncCenter 동기화 센터.lnk
%TEMP%\_My_\Links\__Windows\네트워크 및 공유 센터.lnk
%TEMP%\_My_\Links\__Windows\디스크 정리.lnk
%TEMP%\_My_\Links\__Windows\사용자 환경 전송.lnk
%TEMP%\_My_\Links\__Windows\내 컴퓨터에 표시.lnk
%TEMP%\_My_\Links\__Windows\Wordpad 워드폐드.lnk
%TEMP%\_My_\Links\__Windows\XPS Viewer.lnk
%TEMP%\_My_\Links\__Windows\기본 프로그램 - 연결.lnk
%TEMP%\_My_\Links\__Windows\색인옵션.lnk
%TEMP%\_My_\Links\__Windows\태블릿 PC 설정.lnk
%TEMP%\_My_\Links\__Windows\하드웨어 안전제거.lnk
%TEMP%\_My_\Links\__Windows\휴지통.lnk
%TEMP%\_My_\Links\__Windows\장치 및 프린터.lnk
%TEMP%\_My_\Links\__Windows\시작 프로그램.lnk
%TEMP%\_My_\Links\__Windows\시작매뉴 프로그램.lnk
%TEMP%\_My_\Links\__Windows\언어 변경.lnk
%TEMP%\_My_\Links\__Windows\Windows Update 확인.lnk
%TEMP%\_My_\Links\__Windows\timedate.cpl 날짜 및 시간.lnk
%TEMP%\_My_\Links\__Windows\userpasswords 사용자 계정 변경.lnk
%TEMP%\_My_\Links\__Windows\Utilman 접근성 센터.lnk
%TEMP%\_My_\Links\__Windows\Task Scheduler 작업 스케줄러.lnk
%TEMP%\_My_\Links\__Windows\sysdm.cpl 시스템 속성.lnk
%TEMP%\_My_\Links\__Windows\System Information 시스템 정보.lnk
%TEMP%\_My_\Links\__Windows\Task Manager 작업 관리자.lnk
%TEMP%\_My_\Links\__Windows\verifier 드라이브 확인 프로그램 관리자.lnk
%TEMP%\_My_\Links\__Windows\Windows Journal 필기장.lnk
%TEMP%\_My_\Links\__Windows\Windows Media Player.lnk
%TEMP%\_My_\Links\__Windows\Windows PowerShell ISE.lnk
%TEMP%\_My_\Links\__Windows\Windows Firewall with Advanced Security.lnk
%TEMP%\_My_\Links\__Windows\Window Switcher 화면 변경.lnk
%TEMP%\_My_\Links\__Windows\Windows Defender.lnk
%TEMP%\_My_\Links\__Windows\Windows Fax and Scan 팩스 스캔.lnk
%TEMP%\_My_\Links\__Windows\iSCSI Initiator.lnk
%TEMP%\_My_\Videos\desktop.ini
%TEMP%\_My_\Searches\desktop.ini
%TEMP%\_My_\Links\desktop.ini
%TEMP%\_My_\Pictures\desktop.ini
%TEMP%\_My_\Favorites\desktop.ini
%TEMP%\_My_\Contacts\desktop.ini
%TEMP%\_My_\Music\desktop.ini
%TEMP%\_My_\ico.ico
%TEMP%\_My_\Links\__Windows\%ProgramFiles%.lnk
%TEMP%\_My_\Links\__Windows\%Public%.lnk
%TEMP%\_My_\Links\__Windows\%SystemDrive%.lnk
%TEMP%\_My_\Links\__Windows\%AppData%MS-Win.lnk
%TEMP%\_My_\Links\(Windows).library-ms
%TEMP%\_My_\Public\Libraries\RecordedTV.library-ms
%TEMP%\_My_\Links\__Windows\%AppData%.lnk
%TEMP%\_My_\Documents\desktop.ini
%TEMP%\_My_\desktop.ini
%TEMP%\_My_\Public\Desktop\desktop.ini
%TEMP%\_My_\Public\Downloads\desktop.ini
%TEMP%\_My_\Public\desktop.ini
%TEMP%\Jump.cmd
%TEMP%\C_to_D.cmd
%TEMP%\_My_\Links\__Windows\desktop.ini
%TEMP%\_My_\Public\Libraries\desktop.ini
%TEMP%\_My_\Public\Music\desktop.ini
%TEMP%\_My_\Public\Pictures\desktop.ini
%TEMP%\_My_\Public\Videos\desktop.ini
%TEMP%\_My_\Saved Games\desktop.ini
%TEMP%\_My_\Public\Documents\desktop.ini
%TEMP%\_My_\Desktop\desktop.ini
%TEMP%\_My_\Downloads\desktop.ini
%TEMP%\_My_\Links\__Windows\%Temp%.lnk
%TEMP%\_My_\Links\__Windows\Disk Cleanup 디스크 정리.lnk
%TEMP%\_My_\Links\__Windows\diskmgmt 디스크 관리.lnk
%TEMP%\_My_\Links\__Windows\Event Viewer 이벤트 뷰어.lnk
%TEMP%\_My_\Links\__Windows\dfrgui 조각모음.lnk
%TEMP%\_My_\Links\__Windows\Default Programs 기본 프로그램 - 연결.lnk
%TEMP%\_My_\Links\__Windows\Default Programs 기본 프로그램.lnk
%TEMP%\_My_\Links\__Windows\devmgmt 장치관리자.lnk
%TEMP%\_My_\Links\__Windows\Firewall.cpl 방화벽.lnk
%TEMP%\_My_\Links\__Windows\hdwwiz.cpl 장치관리자.lnk
%TEMP%\_My_\Links\__Windows\inetcpl.cpl 인터넷 옵션.lnk
%TEMP%\_My_\Links\__Windows\intl.cpl 국가 및 언어.lnk
%TEMP%\_My_\Links\__Windows\gpedit 로컬그룹정책편집기.lnk
%TEMP%\_My_\Links\__Windows\folders 폴더 옵션.lnk
%TEMP%\_My_\Links\__Windows\Fonts 폰트.lnk
%TEMP%\_My_\Links\__Windows\fsmgmt 공유폴더 정보.lnk
%TEMP%\_My_\Links\__Windows\Control Panel 제어판.lnk
%TEMP%\_My_\Links\__Windows\_admintools 관리 도구.lnk
%TEMP%\_My_\Links\__Windows\_Start Menu Programs.lnk
%TEMP%\_My_\Links\__Windows\appwiz.cpl 프로그램 제거 또는 변경.lnk
%TEMP%\_My_\Links\(Windows).lnk
%TEMP%\_My_\Links\__Windows\%UserProfile%.lnk
%TEMP%\_My_\Links\__Windows\%WinDir%.lnk
%TEMP%\_My_\Links\__Windows\(God Mode).lnk
%TEMP%\_My_\Links\__Windows\Calculator 계산기.lnk
%TEMP%\_My_\Links\__Windows\Component Services 구성요소.lnk
%TEMP%\_My_\Links\__Windows\Computer Management 컴퓨터 관리.lnk
%TEMP%\_My_\Links\__Windows\Control Panel 모든 제어판 항목.lnk
%TEMP%\_My_\Links\__Windows\ColorManagement 색 관리.lnk
%TEMP%\_My_\Links\__Windows\Character Map 문자표.lnk
%TEMP%\_My_\Links\__Windows\chkdsk 체크 디스크.lnk
%TEMP%\_My_\Links\__Windows\cmd 명령 프롬프트.lnk

Sets the 'hidden' attribute to the following files:

%TEMP%\_My_\Favorites\desktop.ini
%TEMP%\_My_\Contacts\desktop.ini
%TEMP%\_My_\Documents\desktop.ini
%TEMP%\_My_\Public\Pictures\desktop.ini
%TEMP%\_My_\Public\Videos\desktop.ini
%TEMP%\_My_\Music\desktop.ini
%TEMP%\_My_\Links\desktop.ini
%TEMP%\_My_\ico.ico
%TEMP%\_My_\Searches\desktop.ini
%TEMP%\_My_\Pictures\desktop.ini
%TEMP%\_My_\Videos\desktop.ini
%TEMP%\_My_\Public\Desktop\desktop.ini
%TEMP%\_My_\Public\Downloads\desktop.ini
%TEMP%\_My_\desktop.ini
%TEMP%\_My_\Links\__Windows\desktop.ini
%TEMP%\_My_\Public\desktop.ini
%TEMP%\_My_\Public\Libraries\desktop.ini
%TEMP%\_My_\Saved Games\desktop.ini
%TEMP%\_My_\Public\Music\desktop.ini
%TEMP%\_My_\Downloads\desktop.ini
%TEMP%\_My_\Public\Documents\desktop.ini
%TEMP%\_My_\Desktop\desktop.ini

Deletes the following files:

%TEMP%\_My_\Links\__Windows\userpasswords 사용자 계정 변경.lnk
%TEMP%\_My_\Links\__Windows\Utilman 접근성 센터.lnk
%TEMP%\_My_\Links\__Windows\verifier 드라이브 확인 프로그램 관리자.lnk
%TEMP%\_My_\Links\__Windows\timedate.cpl 날짜 및 시간.lnk
%TEMP%\_My_\Links\__Windows\System Information 시스템 정보.lnk
%TEMP%\_My_\Links\__Windows\Task Manager 작업 관리자.lnk
%TEMP%\_My_\Links\__Windows\Task Scheduler 작업 스케줄러.lnk
%TEMP%\_My_\Links\__Windows\Window Switcher 화면 변경.lnk
%TEMP%\_My_\Links\__Windows\Windows Media Player.lnk
%TEMP%\_My_\Links\__Windows\Windows PowerShell ISE.lnk
%TEMP%\_My_\Links\__Windows\Windows Update 확인.lnk
%TEMP%\_My_\Links\__Windows\Windows Journal 필기장.lnk
%TEMP%\_My_\Links\__Windows\Windows Defender.lnk
%TEMP%\_My_\Links\__Windows\Windows Fax and Scan 팩스 스캔.lnk
%TEMP%\_My_\Links\__Windows\Windows Firewall with Advanced Security.lnk
%TEMP%\_My_\Links\__Windows\sysdm.cpl 시스템 속성.lnk
%TEMP%\_My_\Links\__Windows\schedtasks 작업 스케줄러.lnk
%TEMP%\_My_\Links\__Windows\screensaver 화면 보호기.lnk
%TEMP%\_My_\Links\__Windows\secpol.msc 로컬보안정책.lnk
%TEMP%\_My_\Links\__Windows\run 실행.lnk
%TEMP%\_My_\Links\__Windows\regedit 레지편집기.lnk
%TEMP%\_My_\Links\__Windows\Remote Desktop Connection.lnk
%TEMP%\_My_\Links\__Windows\Resource Monitor 리소스 모니터.lnk
%TEMP%\_My_\Links\__Windows\SendTo 보내기.lnk
%TEMP%\_My_\Links\__Windows\Steps Recorder 단계 녹화.lnk
%TEMP%\_My_\Links\__Windows\Sticky Notes 스티커 메모.lnk
%TEMP%\_My_\Links\__Windows\SyncCenter 동기화 센터.lnk
%TEMP%\_My_\Links\__Windows\Start Menu Programs.lnk
%TEMP%\_My_\Links\__Windows\services.msc 서비스.lnk
%TEMP%\_My_\Links\__Windows\Snipping Tool 화면 캡처도구.lnk
%TEMP%\_My_\Links\__Windows\Sound Recorder 녹음기.lnk
%TEMP%\_My_\Links\__Windows\Wordpad 워드폐드.lnk
%TEMP%\_My_\Public\Documents\desktop.ini
%TEMP%\_My_\Public\Downloads\desktop.ini
%TEMP%\_My_\Public\Libraries\desktop.ini
%TEMP%\_My_\Public\desktop.ini
%TEMP%\_My_\Music\desktop.ini
%TEMP%\_My_\Pictures\desktop.ini
%TEMP%\_My_\Public\Desktop\desktop.ini
%TEMP%\_My_\Public\Libraries\RecordedTV.library-ms
%TEMP%\_My_\Searches\desktop.ini
%TEMP%\_My_\Videos\desktop.ini
%TEMP%\C_to_D.cmd
%TEMP%\_My_\Saved Games\desktop.ini
%TEMP%\_My_\Public\Music\desktop.ini
%TEMP%\_My_\Public\Pictures\desktop.ini
%TEMP%\_My_\Public\Videos\desktop.ini
%TEMP%\_My_\Links\__Windows\휴지통.lnk
%TEMP%\_My_\Links\__Windows\내 컴퓨터에 표시.lnk
%TEMP%\_My_\Links\__Windows\네트워크 및 공유 센터.lnk
%TEMP%\_My_\Links\__Windows\디스크 정리.lnk
%TEMP%\_My_\Links\__Windows\기본 프로그램 - 연결.lnk
%TEMP%\_My_\Links\__Windows\XPS Viewer.lnk
%TEMP%\_My_\Links\__Windows\_admintools 관리 도구.lnk
%TEMP%\_My_\Links\__Windows\_Start Menu Programs.lnk
%TEMP%\_My_\Links\__Windows\사용자 환경 전송.lnk
%TEMP%\_My_\Links\__Windows\장치 및 프린터.lnk
%TEMP%\_My_\Links\__Windows\태블릿 PC 설정.lnk
%TEMP%\_My_\Links\__Windows\하드웨어 안전제거.lnk
%TEMP%\_My_\Links\__Windows\언어 변경.lnk
%TEMP%\_My_\Links\__Windows\색인옵션.lnk
%TEMP%\_My_\Links\__Windows\시작 프로그램.lnk
%TEMP%\_My_\Links\__Windows\시작매뉴 프로그램.lnk
%TEMP%\_My_\Links\__Windows\Recovery 복구.lnk
%TEMP%\_My_\Links\__Windows\appwiz.cpl 프로그램 제거 또는 변경.lnk
%TEMP%\_My_\Links\__Windows\Calculator 계산기.lnk
%TEMP%\_My_\Links\__Windows\Character Map 문자표.lnk
%TEMP%\_My_\Links\__Windows\(God Mode).lnk
%TEMP%\_My_\Links\__Windows\%Temp%.lnk
%TEMP%\_My_\Links\__Windows\%UserProfile%.lnk
%TEMP%\_My_\Links\__Windows\%WinDir%.lnk
%TEMP%\_My_\Links\__Windows\chkdsk 체크 디스크.lnk
%TEMP%\_My_\Links\__Windows\Control Panel 모든 제어판 항목.lnk
%TEMP%\_My_\Links\__Windows\Control Panel 제어판.lnk
%TEMP%\_My_\Links\__Windows\Default Programs 기본 프로그램 - 연결.lnk
%TEMP%\_My_\Links\__Windows\Computer Management 컴퓨터 관리.lnk
%TEMP%\_My_\Links\__Windows\cmd 명령 프롬프트.lnk
%TEMP%\_My_\Links\__Windows\ColorManagement 색 관리.lnk
%TEMP%\_My_\Links\__Windows\Component Services 구성요소.lnk
%TEMP%\_My_\Links\__Windows\%SystemDrive%.lnk
%TEMP%\_My_\Documents\desktop.ini
%TEMP%\_My_\Downloads\desktop.ini
%TEMP%\_My_\Favorites\desktop.ini
%TEMP%\_My_\desktop.ini
%TEMP%\Jump.cmd
%TEMP%\_My_\Contacts\desktop.ini
%TEMP%\_My_\Desktop\desktop.ini
%TEMP%\_My_\ico.ico
%TEMP%\_My_\Links\__Windows\%AppData%MS-Win.lnk
%TEMP%\_My_\Links\__Windows\%ProgramFiles%.lnk
%TEMP%\_My_\Links\__Windows\%Public%.lnk
%TEMP%\_My_\Links\__Windows\%AppData%.lnk
%TEMP%\_My_\Links\(Windows).library-ms
%TEMP%\_My_\Links\(Windows).lnk
%TEMP%\_My_\Links\desktop.ini
%TEMP%\_My_\Links\__Windows\Default Programs 기본 프로그램.lnk
%TEMP%\_My_\Links\__Windows\Mouse 마우스 속성.lnk
%TEMP%\_My_\Links\__Windows\msconfig 시스템구성.lnk
%TEMP%\_My_\Links\__Windows\ncpa.cpl 네트워크 연결.lnk
%TEMP%\_My_\Links\__Windows\MobilityCenter 모바일 센터.lnk
%TEMP%\_My_\Links\__Windows\Magnify 돋보기.lnk
%TEMP%\_My_\Links\__Windows\Math Input Panel 수식 입력기.lnk
%TEMP%\_My_\Links\__Windows\Memory Diagnostics Tool.lnk
%TEMP%\_My_\Links\__Windows\Netplwiz 사용자 계정 편집.lnk
%TEMP%\_My_\Links\__Windows\powercfg.cpl ,1 전원옵션 고급설정.lnk
%TEMP%\_My_\Links\__Windows\powercfg.cpl 전원 옵션.lnk
%TEMP%\_My_\Links\__Windows\Print Management.lnk
%TEMP%\_My_\Links\__Windows\Performance Monitor 성능 모니터.lnk
%TEMP%\_My_\Links\__Windows\ODBC Data Sources.lnk
%TEMP%\_My_\Links\__Windows\osk.exe 화상키보드.lnk
%TEMP%\_My_\Links\__Windows\Paint 그림판.lnk
%TEMP%\_My_\Links\__Windows\lusrmgr 로컬 사용자 및 그룹.lnk
%TEMP%\_My_\Links\__Windows\diskmgmt 디스크 관리.lnk
%TEMP%\_My_\Links\__Windows\Event Viewer 이벤트 뷰어.lnk
%TEMP%\_My_\Links\__Windows\Firewall.cpl 방화벽.lnk
%TEMP%\_My_\Links\__Windows\Disk Cleanup 디스크 정리.lnk
%TEMP%\_My_\Links\__Windows\desktop.ini
%TEMP%\_My_\Links\__Windows\devmgmt 장치관리자.lnk
%TEMP%\_My_\Links\__Windows\dfrgui 조각모음.lnk
%TEMP%\_My_\Links\__Windows\folders 폴더 옵션.lnk
%TEMP%\_My_\Links\__Windows\inetcpl.cpl 인터넷 옵션.lnk
%TEMP%\_My_\Links\__Windows\intl.cpl 국가 및 언어.lnk
%TEMP%\_My_\Links\__Windows\iSCSI Initiator.lnk
%TEMP%\_My_\Links\__Windows\hdwwiz.cpl 장치관리자.lnk
%TEMP%\_My_\Links\__Windows\Fonts 폰트.lnk
%TEMP%\_My_\Links\__Windows\fsmgmt 공유폴더 정보.lnk
%TEMP%\_My_\Links\__Windows\gpedit 로컬그룹정책편집기.lnk

Miscellaneous:

Searches for the following windows:

ClassName: 'SysListView32' WindowName: ''
ClassName: 'BaseBar' WindowName: 'ChanApp'
ClassName: 'CSCHiddenWindow' WindowName: ''
ClassName: 'SystemTray_Main' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'EDIT' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''
ClassName: '' WindowName: ''

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial