JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner1.28467
Added to the Dr.Web virus database:
2012-10-22
Virus description added:
2012-10-22
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Yahoo Messenger' = '<SYSTEM32>\Jumoong4.avi.exe'
Creates the following files on removable media:
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\Jumoong4.avi.exe
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
blocks execution of the following system utilities:
Windows Task Manager (Taskmgr)
Registry Editor (RegEdit)
Creates and executes the following:
<SYSTEM32>\Jumoong4.avi.exe
C:\Jumoong4.avi.exe
<Drive name for removable media>:\Jumoong4.avi.exe
<SYSTEM32>\Jumoong4.avi.exe -p 5144 -e 124 -g
C:\Jumoong4.avi.exe -p 5968 -e 52 -g
C:\Jumoong4.avi.exe -p 5292 -e 100 -g
C:\Jumoong4.avi.exe -p 5312 -e 100 -g
C:\Jumoong4.avi.exe /R /T
C:\Jumoong4.avi.exe -Embedding
Terminates or attempts to terminate
the following system processes:
a large number of user processes.
Modifies settings of Windows Explorer:
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
<SYSTEM32>\Jumoong4.avi.exe
C:\autorun.inf
C:\Jumoong4.avi.exe
<SYSTEM32>\wbem\Performance\WmiApRpl_new.h
<SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
<SYSTEM32>\PerfStringBackup.TMP
Sets the 'hidden' attribute to the following files:
<SYSTEM32>\Jumoong4.avi.exe
C:\autorun.inf
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\Jumoong4.avi.exe
Deletes the following files:
Miscellaneous:
Searches for the following windows:
ClassName: '' WindowName: 'Search Results'
ClassName: '' WindowName: 'User Accounts'
ClassName: '' WindowName: 'System Restore'
ClassName: '' WindowName: 'My Computer'
ClassName: '' WindowName: 'Copying...'
ClassName: '' WindowName: 'Moving...'
ClassName: '' WindowName: 'System32'
ClassName: '' WindowName: 'WINDOWS'
ClassName: '' WindowName: 'Media'
ClassName: '' WindowName: 'Run'
ClassName: '' WindowName: 'Antivirus'
ClassName: '' WindowName: 'Anti viru'
ClassName: '' WindowName: 'Windows Task Manager'
ClassName: '' WindowName: 'Control Panel'
ClassName: '' WindowName: 'Registry Editor'
ClassName: '' WindowName: 'System Configuration Utility'
ClassName: '' WindowName: 'Folder Option'
ClassName: '' WindowName: 'Setup'
ClassName: '' WindowName: 'Kaspersky Anti-Virus 2009'
ClassName: '' WindowName: 'ESET NOD32 Antivirus Setup'
ClassName: '' WindowName: 'avast! Antivirus Setup'
ClassName: '' WindowName: 'Panda Global Protection 2009 Setup'
ClassName: 'Shell_TrayWnd' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK