JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLP.Logo.origin
Added to the Dr.Web virus database:
2019-08-07
Virus description added:
2019-08-06
Technical Information
Malicious functions
Executes the following
'<SYSTEM32>\net.exe' stop "Kingsoft AntiVirus Service"
Injects code into
the following user processes:
Modifies file system
Creates the following files
<Current directory>\virdll.dll
Modifies the HOSTS file.
Network activity
Connects to
'<LOCALNET>.37.1':445
'<LOCALNET>.37.1':139
'<LOCALNET>.37.1':80
UDP
Miscellaneous
Searches for the following windows
ClassName: 'RavMonClass' WindowName: 'RavMon.exe'
ClassName: 'Tapplication' WindowName: 'ÌìÍø·À»ðǽ¸öÈË°æ'
ClassName: 'Tapplication' WindowName: 'ÌìÍø·À»ðǽÆóÒµ°æ'
ClassName: 'TForm1' WindowName: ''
ClassName: 'TfLockDownMain' WindowName: ''
ClassName: 'ZAFrameWnd' WindowName: 'ZoneAlarm'
Creates and executes the following
'<SYSTEM32>\net.exe' stop "Kingsoft AntiVirus Service"' (with hidden window)
Executes the following
'<SYSTEM32>\net1.exe' stop "Kingsoft AntiVirus Service"
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK