Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Win32.HLLW.Autoruner1.18725

Added to the Dr.Web virus database: 2012-07-07

Virus description added:

Technical Information

Malicious functions
Searches for registry branches where third party applications store passwords
  • [<HKCU>\Software\Paltalk]
Modifies file system
Creates the following files
  • %TEMP%\<File name>.exe
Deletes itself.
Network activity
TCP
HTTP GET requests
  • http://dl###.comli.com/index.php?ac#############################################
  • http://dl###.comli.com/index.php?ac#######################################################################
  • '00###bhost.com':443
  • UDP
    • DNS ASK dl###.comli.com
    • DNS ASK 00###bhost.com
    Miscellaneous
    Searches for the following windows
    • ClassName: 'MS_AutodialMonitor' WindowName: ''
    • ClassName: 'MS_WebCheckMonitor' WindowName: ''
    Creates and executes the following
    • '%TEMP%\<File name>.exe'

    The Russian developer of Dr.Web anti-viruses

    Doctor Web has been developing anti-virus software since 1992

    Dr.Web is trusted by users around the world in 200+ countries

    The company has delivered an anti-virus as a service since 2007

    24/7 tech support

    Dr.Web © Doctor Web
    2003 — 2020

    Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

    2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040