ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Win32.HLLW.Autoruner1.52425

Added to the Dr.Web virus database: 2013-07-29

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows 7 activator.exe' = '<Full path to virus>'
Creates or modifies the following files:
  • %HOMEPATH%\Start Menu\Programs\Startup\svchost .exe
Creates the following files on removable media:
  • <Drive name for removable media>:\Xilisoft Apple TV Video Converter v5 1 26 1030 Inc.exe
  • <Drive name for removable media>:\Xilisoft AVI MPEG Converter v5 1 26 1030 Keyg.exe
  • <Drive name for removable media>:\Xilisoft AVI MPEG Joiner v1 0 34 1012 Keygen.exe
  • <Drive name for removable media>:\Xilisoft 3GP Video Converter v5 1 26 1231 Key.exe
  • <Drive name for removable media>:\LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe
  • <Drive name for removable media>:\DiceRoller2 0.exe
  • <Drive name for removable media>:\SEXY WHORE VIDEOS.exe
  • <Drive name for removable media>:\EXCLUSIVE BARRACK OBAMA PORN LEAK.exe
  • <Drive name for removable media>:\MY PICTURES.exe
  • <Drive name for removable media>:\MY MUSIC.exe
  • <Drive name for removable media>:\Xilisoft CD Ripper v1 0 47 0904 Keygen.exe
  • <Drive name for removable media>:\BIBLE.exe
  • <Drive name for removable media>:\Xilisoft Blu Ray Ripper v5 2 4 0108 Keygen.exe
  • <Drive name for removable media>:\Xilisoft Burn Pro v1 0 64 0112 Keygen.exe
  • <Drive name for removable media>:\MS Office 2007 Activation KeyGen.exe
  • <Drive name for removable media>:\Babylon 8 - Instant translation tool.exe
  • <Drive name for removable media>:\Recover Keys v3 0 3 7-MAZE.exe
  • <Drive name for removable media>:\Uniture Memory Booster v6 1 0 5158-MESMERiZE.exe
  • <Drive name for removable media>:\cute dogs screensaver.exe
  • <Drive name for removable media>:\Microsoft Windows Home Server 2010 Build 7360.exe
  • <Drive name for removable media>:\3delite MP3 Stream Editor v3 4 4 1980 WinALL.exe
  • <Drive name for removable media>:\Error Repair Professional 4 1 3 AT4RE DM999.exe
  • <Drive name for removable media>:\Adobe Photoshop CS4 Extended + Keygen + Activation.exe
  • <Drive name for removable media>:\Setup OneCare for Windows 7.exe
  • <Drive name for removable media>:\YouTube Downloader all Access.exe
  • <Drive name for removable media>:\LimeWire Pro.exe
  • <Drive name for removable media>:\MY GAMES.exe
  • <Drive name for removable media>:\WinRAR-3 91 Full + Keymaker.exe
  • <Drive name for removable media>:\Sony Vegas Pro 9.0 Full.exe
  • <Drive name for removable media>:\Microsoft Office 2010 Enterprise Corporate Edition.exe
  • <Drive name for removable media>:\Microsoft Office Accounting Professional 2009.exe
  • <Drive name for removable media>:\Miscrosoft Office Ultimate 2007.exe
  • <Drive name for removable media>:\facebook for dummies.exe
  • <Drive name for removable media>:\Microsoft AutoCollage 2008.exe
  • <Drive name for removable media>:\1 MY PROJECTS.exe
  • <Drive name for removable media>:\FUCKING HOT VIDEOS.exe
  • <Drive name for removable media>:\America's got talent.exe
  • <Drive name for removable media>:\Windows 7 activator.exe
  • <Drive name for removable media>:\MS Office 2007 Activation KeyGen.exe.exe
  • <Drive name for removable media>:\autorun.inf
  • <Drive name for removable media>:\ultimate porn .exe
  • <Drive name for removable media>:\avast setup.exe
  • <Drive name for removable media>:\Microsoft Virus Remover-setup.exe
  • <Drive name for removable media>:\FACEBOOK HACKER.exe
  • <Drive name for removable media>:\1 MY MUSIC.exe
  • <Drive name for removable media>:\Diskeeper 2010 Pro Premier v14 0 900.exe
  • <Drive name for removable media>:\Website X5 Designer v7.7 WYSIWYG Website Creator.exe
  • <Drive name for removable media>:\Windows 7 Toolkit v1.8 activations+full suite.exe
  • <Drive name for removable media>:\BEST MUSIC VIDEOS OF 2013.exe
  • <Drive name for removable media>:\EASY FACEBOOK HACKER.exe
  • <Drive name for removable media>:\HOW TO HACK TWITTER.exe
  • <Drive name for removable media>:\BEST MUSIC VIDEOS OF 2014.exe
  • <Drive name for removable media>:\Ultimate porno.exe
  • <Drive name for removable media>:\Sexy whores naked.exe
  • <Drive name for removable media>:\Loaris Trojan Remover 1.2.0 Patch.exe
  • <Drive name for removable media>:\DesktopCalendar.exe
  • <Drive name for removable media>:\Microsoft Office Professional Plus x32 x64 2010.exe
  • <Drive name for removable media>:\Adobe Photoshop CS4 KeyGen.exe
  • <Drive name for removable media>:\My sister naked.exe
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\rqwxz53263.exe' = '%TEMP%\rqwxz53263.exe:*:Enabled:enable'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:enable'
Creates and executes the following:
  • '%TEMP%\rqwxz53263.exe'
Executes the following:
  • '<SYSTEM32>\netsh.exe' firewall set allowedprogram "%TEMP%\rqwxz53263.exe" enable
  • '<SYSTEM32>\netsh.exe' firewall set allowedprogram "<Full path to virus>" enable
Modifies file system :
Creates the following files:
  • %HOMEPATH%\Start Menu\Ultimate Porn Downloader.exe
  • <Current directory>\Microsoft Virus Remover-setup.exe
  • %TEMP%\rqwxz53263.exe
Sets the 'hidden' attribute to the following files:
  • <Drive name for removable media>:\Xilisoft Apple TV Video Converter v5 1 26 1030 Inc.exe
  • <Drive name for removable media>:\Xilisoft AVI MPEG Converter v5 1 26 1030 Keyg.exe
  • <Drive name for removable media>:\Xilisoft AVI MPEG Joiner v1 0 34 1012 Keygen.exe
  • <Drive name for removable media>:\Xilisoft 3GP Video Converter v5 1 26 1231 Key.exe
  • <Drive name for removable media>:\LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe
  • <Drive name for removable media>:\DiceRoller2 0.exe
  • <Drive name for removable media>:\SEXY WHORE VIDEOS.exe
  • <Drive name for removable media>:\EXCLUSIVE BARRACK OBAMA PORN LEAK.exe
  • <Drive name for removable media>:\MY PICTURES.exe
  • <Drive name for removable media>:\MY MUSIC.exe
  • <Drive name for removable media>:\Xilisoft CD Ripper v1 0 47 0904 Keygen.exe
  • <Drive name for removable media>:\BIBLE.exe
  • <Drive name for removable media>:\Xilisoft Blu Ray Ripper v5 2 4 0108 Keygen.exe
  • <Drive name for removable media>:\Xilisoft Burn Pro v1 0 64 0112 Keygen.exe
  • <Drive name for removable media>:\MS Office 2007 Activation KeyGen.exe
  • <Drive name for removable media>:\Babylon 8 - Instant translation tool.exe
  • <Drive name for removable media>:\Recover Keys v3 0 3 7-MAZE.exe
  • <Drive name for removable media>:\Uniture Memory Booster v6 1 0 5158-MESMERiZE.exe
  • <Drive name for removable media>:\cute dogs screensaver.exe
  • <Drive name for removable media>:\Microsoft Windows Home Server 2010 Build 7360.exe
  • <Drive name for removable media>:\3delite MP3 Stream Editor v3 4 4 1980 WinALL.exe
  • <Drive name for removable media>:\Error Repair Professional 4 1 3 AT4RE DM999.exe
  • <Drive name for removable media>:\Adobe Photoshop CS4 Extended + Keygen + Activation.exe
  • <Drive name for removable media>:\Setup OneCare for Windows 7.exe
  • <Drive name for removable media>:\YouTube Downloader all Access.exe
  • <Drive name for removable media>:\LimeWire Pro.exe
  • <Drive name for removable media>:\MY GAMES.exe
  • <Drive name for removable media>:\WinRAR-3 91 Full + Keymaker.exe
  • <Drive name for removable media>:\Sony Vegas Pro 9.0 Full.exe
  • <Drive name for removable media>:\Microsoft AutoCollage 2008.exe
  • <Drive name for removable media>:\Microsoft Office Accounting Professional 2009.exe
  • <Drive name for removable media>:\Miscrosoft Office Ultimate 2007.exe
  • <Drive name for removable media>:\America's got talent.exe
  • <Drive name for removable media>:\1 MY MUSIC.exe
  • <Drive name for removable media>:\1 MY PROJECTS.exe
  • <Drive name for removable media>:\FUCKING HOT VIDEOS.exe
  • <Drive name for removable media>:\ultimate porn .exe
  • <Drive name for removable media>:\Windows 7 activator.exe
  • <Drive name for removable media>:\MS Office 2007 Activation KeyGen.exe.exe
  • <Drive name for removable media>:\FACEBOOK HACKER.exe
  • <Drive name for removable media>:\facebook for dummies.exe
  • <Drive name for removable media>:\avast setup.exe
  • <Drive name for removable media>:\Microsoft Virus Remover-setup.exe
  • <Drive name for removable media>:\Loaris Trojan Remover 1.2.0 Patch.exe
  • <Drive name for removable media>:\BEST MUSIC VIDEOS OF 2013.exe
  • <Drive name for removable media>:\Diskeeper 2010 Pro Premier v14 0 900.exe
  • <Drive name for removable media>:\Website X5 Designer v7.7 WYSIWYG Website Creator.exe
  • <Drive name for removable media>:\BEST MUSIC VIDEOS OF 2014.exe
  • <Drive name for removable media>:\Microsoft Office 2010 Enterprise Corporate Edition.exe
  • <Drive name for removable media>:\EASY FACEBOOK HACKER.exe
  • <Drive name for removable media>:\HOW TO HACK TWITTER.exe
  • <Drive name for removable media>:\DesktopCalendar.exe
  • <Drive name for removable media>:\Ultimate porno.exe
  • <Drive name for removable media>:\Sexy whores naked.exe
  • <Drive name for removable media>:\My sister naked.exe
  • <Drive name for removable media>:\Windows 7 Toolkit v1.8 activations+full suite.exe
  • <Drive name for removable media>:\Microsoft Office Professional Plus x32 x64 2010.exe
  • <Drive name for removable media>:\Adobe Photoshop CS4 KeyGen.exe
Network activity:
Connects to:
  • 'localhost':6667