Substitutes the following executable system files:
<SYSTEM32>\cmd.exe with <SYSTEM32>\cmd.exe.new
<SYSTEM32>\dllcache\rundll32.exe with <SYSTEM32>\dllcache\rundll32.exe.new
<SYSTEM32>\rundll32.exe with <SYSTEM32>\rundll32.exe.new
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:ipsec'
To complicate detection of its presence in the operating system,
blocks the following features:
User Account Control (UAC)
Executes the following:
<SYSTEM32>\telnet.exe
<SYSTEM32>\notepad.exe
Injects code into
the following system processes:
<SYSTEM32>\notepad.exe
a large number of user processes.
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more