JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner.24346
Added to the Dr.Web virus database:
2010-06-30
Virus description added:
2014-09-29
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogs.lnk
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
Creates and executes the following:
'%CommonProgramFiles%\System\explorer.exe'
Modifies file system :
Creates the following files:
C:\dxstdb.bmp
C:\bbdwga.gif
C:\RECYCLER\winlogon.exe
C:\evhtin.jpg
%CommonProgramFiles%\System\explorer.exe
%CommonProgramFiles%\lnvudc.dll
C:\eentvb.txt
Sets the 'hidden' attribute to the following files:
%CommonProgramFiles%\System\explorer.exe
%CommonProgramFiles%\lnvudc.dll
Moves the following files:
from C:\dxstdb.bmp to %ALLUSERSPROFILE%\Desktop\МФ±¦№єОпA.url
from C:\bbdwga.gif to %ALLUSERSPROFILE%\Desktop\Гв·СµзУ°C.url
from C:\eentvb.txt to %ALLUSERSPROFILE%\Desktop\Intennet Exploner.lnk
from C:\evhtin.jpg to %ALLUSERSPROFILE%\Desktop\ёД±дДгµДТ»Йъ.url
Miscellaneous:
Searches for the following windows:
ClassName: 'Maxthon2_Frame' WindowName: ''
ClassName: '360se_Frame' WindowName: ''
ClassName: 'IEFrame' WindowName: ''
ClassName: '_____TTFrameWnd__101__' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK