Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets



Added to the Dr.Web virus database: 2020-06-17

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKCU>\software\microsoft\windows\currentversion\run] 'Server' = '%HOMEPATH%\Documents\Micro\Server.exe'
Creates or modifies the following files
  • %APPDATA%\microsoft\windows\start menu\programs\startup\2khk2zeakdnykfr8olqfkjavzowcp8.exe
Creates the following files on removable media
  • <Drive name for removable media>:\micro.exe
  • <Drive name for removable media>:\nwfieldnotes1966.docx.lnk
  • <Drive name for removable media>:\fi51.doc.lnk
  • <Drive name for removable media>:\hanni_umami_chapter.doc.lnk
  • <Drive name for removable media>:\ovp25012015.doc.lnk
  • <Drive name for removable media>:\508softwareandos.doc.lnk
  • <Drive name for removable media>:\contoso.cer.lnk
  • <Drive name for removable media>:\sdkfailsafeemulator.cer.lnk
  • <Drive name for removable media>:\testcertificate.cer.lnk
  • <Drive name for removable media>:\issi2013_template_for_posters.docx.lnk
  • <Drive name for removable media>:\contosoroot.cer.lnk
  • <Drive name for removable media>:\coffee.bmp.lnk
  • <Drive name for removable media>:\toolbar.bmp.lnk
  • <Drive name for removable media>:\dashborder_96.bmp.lnk
  • <Drive name for removable media>:\dashborder_192.bmp.lnk
  • <Drive name for removable media>:\split.avi.lnk
  • <Drive name for removable media>:\join.avi.lnk
  • <Drive name for removable media>:\delete.avi.lnk
  • <Drive name for removable media>:\correct.avi.lnk
  • <Drive name for removable media>:\default.bmp.lnk
  • <Drive name for removable media>:\sdszfo.docx.lnk
Modifies file system
Creates the following files
  • %HOMEPATH%\documents\micro\server.exe
  • %TEMP%\melt.tmp
Sets the 'hidden' attribute to the following files
  • <Drive name for removable media>:\micro.exe
Deletes the following files
  • %HOMEPATH%\documents\micro\server.exe
Network activity
Searches for the following windows
  • ClassName: 'Shell_traywnd' WindowName: ''
Creates and executes the following
  • '%HOMEPATH%\documents\micro\server.exe'

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040