JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner1.2153
Added to the Dr.Web virus database:
2011-11-11
Virus description added:
2011-11-11
Technical Information
Malicious functions:
Creates and executes the following:
%PROGRAM_FILES%\vfЋwMѕЂ4\CleanSystem.exe (downloaded from the Internet)
Modifies file system :
Creates the following files:
%PROGRAM_FILES%\vfЋwMѕЂ4\niudll.jpg
%TEMP%\166625.bmp
%TEMP%\346468.bmp
%ALLUSERSPROFILE%\Start Menu\іМРт\ёЅјю\ЗеАнА¬»ш.lnk
%PROGRAM_FILES%\vfЋwMѕЂ4\updspapi.dll
%TEMP%\updspapi.rar
%TEMP%\136578.bmp
%TEMP%\136515.lz
<SYSTEM32>\minIB3.pic
%TEMP%\spuninst.jpg
%WINDIR%\vbcfg.ini
Deletes the following files:
%TEMP%\166625.bmp
%TEMP%\136515.lz
%TEMP%\136578.bmp
Network activity:
Connects to:
TCP:
HTTP GET requests:
wo##.vicp.hk/updspapi.rar
wo##.vicp.hk/spuninst.rar
UDP:
DNS ASK wo##.vicp.hk
'<Private IP address>':1036
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK