JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner2.23971
Added to the Dr.Web virus database:
2016-05-14
Virus description added:
2016-05-14
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':41801
'sl###.##fehousenumber.com':41801
Miscellaneous:
Searches for the following windows:
ClassName: 'Jkbkro Samkksxg Y' WindowName: 'Jserhg Dqqgcl Udi'
ClassName: 'Nvni. Muhqua Sqtfj' WindowName: 'Bhweqgc Wwoapx Kyry'
ClassName: 'Ndenqqj. Qpcyd. J' WindowName: 'Ksdnvms Qlcr Ybhxgh'
ClassName: 'Voyyepavyn' WindowName: 'Enrlwhxy Ppur Stdf, Xeaox'
ClassName: 'Xeaox, Voyyepavyn' WindowName: 'Enrlwhxy Ppur Stdf'
ClassName: 'Ywdaph Ogj' WindowName: 'Ykrxtea Roeac, U, Gmvvmp'
ClassName: 'Yocpvm L' WindowName: 'Bbckj Ducvku Ah, Ydmnwtu'
ClassName: 'Ydmnwtu, Yocpvm L' WindowName: 'Bbckj Ducvku Ah'
ClassName: 'Wdck Lditf. Udpsr' WindowName: 'Cnjkvkbcr Wuydd'
ClassName: 'Gmvvmp, Ywdaph Ogj' WindowName: 'Ykrxtea Roeac, U'
ClassName: 'Dtn. Jblaoxj Hgp' WindowName: 'Xosu Idwcl, Glbdj X'
ClassName: 'Rprlo Fgklbs Op' WindowName: 'Gecrwm Skh, Cyyy'
ClassName: 'La' WindowName: 'Qjfnng Atdw Rctd, Rbvgov Xapq'
ClassName: 'Wojsmi Mg. Cxxxfj' WindowName: 'Qvlki Vrvs, Lyukwn'
ClassName: 'Xgspx Fteqhg Qqrlkn' WindowName: 'Tecb, Dyfkml Ojyo C'
ClassName: 'Hhapno Lfysynxs Rd' WindowName: 'Xxygaxk Lcbxu Iv'
ClassName: 'Rbvgov Xapq, La' WindowName: 'Qjfnng Atdw Rctd'
ClassName: 'Hqnyfwrw Fhovx Ugt' WindowName: 'Pyfqsow Jlhcti. Xym'
ClassName: 'Glbeqxnvqw Hkfqkv E' WindowName: 'Jpcc Ymgnj Gjwcqb'
ClassName: 'Uvhvqxrj Xs, Xwxvx' WindowName: 'Koofdwsv Dewbqupa F'
ClassName: 'Epsx. Dnwr. Rbitc' WindowName: 'Ccdoosar, Rbrqw, Dv'
ClassName: 'Xwxvx' WindowName: 'Koofdwsv Dewbqupa F, Uvhvqxrj Xs'
ClassName: 'Ffptn, Qoext. Bam' WindowName: 'Jxfdxl, Nmrlyc. C'
ClassName: 'Fpyo Ytwqaup Cnkg' WindowName: 'Enst. Vtfgp Acfgmbt'
ClassName: 'Qoext. Bam' WindowName: 'Jxfdxl, Nmrlyc. C, Ffptn'
ClassName: 'Iaf. Nwujr Gkgyy' WindowName: 'Jjpvs, Ekggfpy Cbd'
ClassName: 'Jfnxyolan Uvpa. Bgv' WindowName: 'Sop, Pyumn. Kat. Ns'
ClassName: 'Ghsugi' WindowName: 'Aonxg Lxkyh Pxiit, Kiawpyfxlhh'
ClassName: 'Dxkxopnt Obvw. Fah' WindowName: 'Auarck. Rtdifb Lh'
ClassName: 'Wgpgxwcx. Wuprup. A' WindowName: 'Otolsafvi Kgcm Pby'
ClassName: 'Pyxd Gnbkm Kr. Eat' WindowName: 'Cuxtfueq Kylbvk'
ClassName: 'Kiawpyfxlhh, Ghsugi' WindowName: 'Aonxg Lxkyh Pxiit'
ClassName: 'Yrgjk. Euxodmdk Wed' WindowName: 'Rttbcqlgegj Rfhqjjs'
ClassName: 'Yojaupc Wytl Vdbta' WindowName: 'Llpsq, Ineo, Wjk'
ClassName: 'Uepjpkk. Kwksxq Ngq' WindowName: 'Yfsm Mjfmal, Gm'
ClassName: 'Gtuad Nqce Lk. Stmk' WindowName: 'Koqtjp Topt Mgqw'
ClassName: 'Klssqsv' WindowName: 'Wcqiy, Rmbbe Gm, Lqashs'
ClassName: 'Lqashs, Klssqsv' WindowName: 'Wcqiy, Rmbbe Gm'
ClassName: 'Aowtfjlp' WindowName: 'Xhonato Bcim. Fo, Qukrsfk'
ClassName: 'Ujmlaf Sbhihw. H' WindowName: 'Lijgdsmay Akoel. O'
ClassName: 'Mvwcxj Srer. Tmoqs' WindowName: 'Lonpc, Oblipghbg'
ClassName: 'Qpftpx. Xlukrem' WindowName: 'Ipka Qydcq Xexy'
ClassName: 'Qukrsfk, Aowtfjlp' WindowName: 'Xhonato Bcim. Fo'
ClassName: 'Tukqi. Yfdxl. Erb' WindowName: 'Mmmt. Exethalgb'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK