JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner2.24015
Added to the Dr.Web virus database:
2016-05-16
Virus description added:
2016-05-16
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':41801
'sl###.##fehousenumber.com':41801
Miscellaneous:
Searches for the following windows:
ClassName: 'Quukb. Wcojofib' WindowName: 'Wjrw Wwkq. Bjeyja'
ClassName: 'Cyfsyx, Ymiihv C' WindowName: 'Ptxnwkyr, Ftqwb'
ClassName: 'Ymiihv C' WindowName: 'Ptxnwkyr, Ftqwb, Cyfsyx'
ClassName: 'Rrsmg P' WindowName: 'Ocat, Axoxtg Qtgvco, Lhijwifvp'
ClassName: 'Coeiqpbwv Tyt, Mql' WindowName: 'Mumqx. Bojpnhhk'
ClassName: 'Mql' WindowName: 'Mumqx. Bojpnhhk, Coeiqpbwv Tyt'
ClassName: 'Lhijwifvp, Rrsmg P' WindowName: 'Ocat, Axoxtg Qtgvco'
ClassName: 'Lxekoqi Pnhupby' WindowName: 'Yotbya Jryn Kna, G'
ClassName: 'Ddualbpm Ayteuhvq' WindowName: 'Rjojlwkq Qbdqkw N'
ClassName: 'Sqsf Gqihh Tsssh' WindowName: 'Jmedeshv Hrujceh Ea'
ClassName: 'Ik' WindowName: 'Rrgjntgv, Utjkat, Jnudan, Jrbftx'
ClassName: 'Ryssdnc Du, Hahvgh' WindowName: 'Huotkgj Xsbc. Ksla'
ClassName: 'Hahvgh' WindowName: 'Huotkgj Xsbc. Ksla, Ryssdnc Du'
ClassName: 'Jnudan, Jrbftx, Ik' WindowName: 'Rrgjntgv, Utjkat'
ClassName: 'Wfxw Ebeyc Owddqq' WindowName: 'Gyquyo Joscpsese'
ClassName: 'Puovr Ad' WindowName: 'Scwwm Yynsfyt Fldgk, Ocrbp'
ClassName: 'Yepoggl Pah, Qfh' WindowName: 'Kxcfkv Pbdcopvx J'
ClassName: 'Qfh' WindowName: 'Kxcfkv Pbdcopvx J, Yepoggl Pah'
ClassName: 'Ocrbp, Puovr Ad' WindowName: 'Scwwm Yynsfyt Fldgk'
ClassName: 'Hahxwn Cutvm, Ydgs' WindowName: 'Urps, Hgwm Dnxte'
ClassName: 'Ydgs' WindowName: 'Urps, Hgwm Dnxte, Hahxwn Cutvm'
ClassName: 'Wlvkw Bvby. Pmq' WindowName: 'Cnwjy Htrq Yhug'
ClassName: 'Nerpl Xgdlpbpo M' WindowName: 'Xgjvlxabs Eiu. Jbh'
ClassName: 'Igxak Fhymnpr, Tcin' WindowName: 'Dbibl, Qysp Mctnv'
ClassName: 'Tcin' WindowName: 'Dbibl, Qysp Mctnv, Igxak Fhymnpr'
ClassName: 'Cixnd. Reoqktt Nn' WindowName: 'Hroybn, Tcouife'
ClassName: 'Olbddspnk Xipihps' WindowName: 'Olkadx Vdjs Ju, Kgm'
ClassName: 'Swu. Xticgcj Cx, C' WindowName: 'Ilpxkwqmr Lbspgo Om'
ClassName: 'C' WindowName: 'Ilpxkwqmr Lbspgo Om, Swu. Xticgcj Cx'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK