FOR USERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Win32.HLLM.Silva.5

Added to the Dr.Web virus database: 2013-05-09

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe <SYSTEM32>\cmdll32.exe'
Creates or modifies the following files:
  • %HOMEPATH%\Start Menu\Programs\Startup\shortcut to startup_local.lnk_
Modifies file system :
Creates the following files:
  • %HOMEPATH%\Favorites\radio station guide.url_
  • %HOMEPATH%\My Documents\My Music\sample music.lnk_
  • %HOMEPATH%\My Documents\My Pictures\sample pictures.lnk_
  • %HOMEPATH%\Favorites\Links\windows media.url_
  • %HOMEPATH%\Favorites\Links\windows.url_
  • %HOMEPATH%\Favorites\msn.com.url_
  • %HOMEPATH%\Start Menu\far.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\utility manager.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\address book.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\command prompt.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\magnifier.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\narrator.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\on-screen keyboard.lnk_
  • %HOMEPATH%\Favorites\Links\windows marketplace.url_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\solitaire.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\spider solitaire.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\msn.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet spades.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\minesweeper.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\pinball.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\windows messenger.lnk_
  • %ALLUSERSPROFILE%\Start Menu\windows update.lnk_
  • %HOMEPATH%\Favorites\Links\customize links.url_
  • %HOMEPATH%\Favorites\Links\free hotmail.url_
  • %ALLUSERSPROFILE%\Start Menu\Programs\windows movie maker.lnk_
  • %ALLUSERSPROFILE%\Start Menu\set program access and defaults.lnk_
  • %ALLUSERSPROFILE%\Start Menu\windows catalog.lnk_
  • C:\Far2\Addons\Colors\Custom Highlighting\nc5pal2.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\rodion_doroshkevich.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\vaxcolors.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\descript.ion_
  • C:\Far2\Addons\Colors\Custom Highlighting\dn_like.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\import_colors.bat_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_fonarev.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_gernichenko.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_sadovoj.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\descript.ion_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_july.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_myodov.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_admin_essp_ru.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\colors_from_sadovoj.reg_
  • %HOMEPATH%\Start Menu\Programs\Accessories\synchronize.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\tour windows xp.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\windows explorer.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\windows media player.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\notepad.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\program compatibility wizard.lnk_
  • %HOMEPATH%\Start Menu\Programs\internet explorer.lnk_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_fonarev.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_july.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_myodov.reg_
  • %HOMEPATH%\Start Menu\Programs\outlook express.lnk_
  • %HOMEPATH%\Start Menu\Programs\remote assistance.lnk_
  • %HOMEPATH%\Start Menu\Programs\windows media player.lnk_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst9.wpl_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\accessibility wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\calculator.lnk_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst6.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst7.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst8.wpl_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\hyperterminal.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\remote desktop connection.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\wireless network setup wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\sound recorder.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\network connections.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\network setup wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\new connection wizard.lnk_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst5.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst1.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst10.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst11.wpl_
  • <SYSTEM32>\cmdll32.exe
  • <SYSTEM32>\Test Pic.com
  • <SYSTEM32>\Test Pic.zip
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst12.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst2.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst3.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst4.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst13.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst14.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst15.wpl_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\microsoft .net framework 1.1 configuration.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\microsoft .net framework 1.1 wizards.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\performance.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\data sources (odbc).lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\event viewer.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\local security policy.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\services.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet checkers.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet hearts.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet reversi.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\freecell.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\hearts.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet backgammon.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\computer management.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\character map.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\disk cleanup.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\disk defragmenter.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\volume control.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\paint.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\backup.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\files and settings transfer wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\system restore.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\wordpad.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\component services.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\scheduled tasks.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\security center.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\system information.lnk_
Deletes the following files:
  • %HOMEPATH%\My Documents\My Music\sample music.lnk_
  • %HOMEPATH%\My Documents\My Pictures\sample pictures.lnk_
  • %HOMEPATH%\Start Menu\far.lnk_
  • %HOMEPATH%\Favorites\Links\windows.url_
  • %HOMEPATH%\Favorites\msn.com.url_
  • %HOMEPATH%\Favorites\radio station guide.url_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\magnifier.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\address book.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\command prompt.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\windows media player.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\narrator.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\on-screen keyboard.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\utility manager.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\msn.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\windows messenger.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\windows movie maker.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\pinball.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\solitaire.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\spider solitaire.lnk_
  • %ALLUSERSPROFILE%\Start Menu\set program access and defaults.lnk_
  • %HOMEPATH%\Favorites\Links\free hotmail.url_
  • %HOMEPATH%\Favorites\Links\windows marketplace.url_
  • %HOMEPATH%\Favorites\Links\windows media.url_
  • %ALLUSERSPROFILE%\Start Menu\windows catalog.lnk_
  • %ALLUSERSPROFILE%\Start Menu\windows update.lnk_
  • %HOMEPATH%\Favorites\Links\customize links.url_
  • %HOMEPATH%\Start Menu\Programs\Accessories\notepad.lnk_
  • C:\Far2\Addons\Colors\Custom Highlighting\nc5pal2.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\rodion_doroshkevich.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\vaxcolors.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\descript.ion_
  • C:\Far2\Addons\Colors\Custom Highlighting\dn_like.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\import_colors.bat_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_fonarev.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_gernichenko.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_sadovoj.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\descript.ion_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_july.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\black_from_myodov.reg_
  • C:\Far2\Addons\Colors\Default Highlighting\colors_from_admin_essp_ru.reg_
  • %HOMEPATH%\Start Menu\Programs\Accessories\windows explorer.lnk_
  • %HOMEPATH%\Start Menu\Programs\internet explorer.lnk_
  • %HOMEPATH%\Start Menu\Programs\outlook express.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\program compatibility wizard.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\synchronize.lnk_
  • %HOMEPATH%\Start Menu\Programs\Accessories\tour windows xp.lnk_
  • %HOMEPATH%\Start Menu\Programs\remote assistance.lnk_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_july.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_myodov.reg_
  • C:\Far2\Addons\Colors\Custom Highlighting\colors_from_sadovoj.reg_
  • %HOMEPATH%\Start Menu\Programs\Startup\shortcut to startup_local.lnk_
  • %HOMEPATH%\Start Menu\Programs\windows media player.lnk_
  • C:\Far2\Addons\Colors\Custom Highlighting\black_from_fonarev.reg_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\minesweeper.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\accessibility wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\calculator.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\hyperterminal.lnk_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst7.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst8.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst9.wpl_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\network connections.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\wireless network setup wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\sound recorder.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\volume control.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\network setup wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\new connection wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\remote desktop connection.lnk_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst11.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst12.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst13.wpl_
  • <SYSTEM32>\Test Pic.com
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst1.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst10.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst14.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst4.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst5.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst6.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst15.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst2.wpl_
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\plylst3.wpl_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\paint.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\microsoft .net framework 1.1 wizards.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\performance.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\services.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\event viewer.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\local security policy.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\microsoft .net framework 1.1 configuration.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\freecell.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet hearts.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet reversi.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet spades.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\hearts.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet backgammon.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\internet checkers.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\disk defragmenter.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\files and settings transfer wizard.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\scheduled tasks.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\backup.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\character map.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\disk cleanup.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\security center.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\component services.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\computer management.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\data sources (odbc).lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\system information.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\system restore.lnk_
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\wordpad.lnk_
Network activity:
Connects to:
  • 'ma##.hotbox.ru':25
  • 'ma##.##ssip.donetsk.ua':25
  • 'ma##.#owtrucks.net':25
  • 'ma##.essp.ru':25
  • 'ma##.quorum.ru':25
  • '94.##0.191.201':25
  • 'ma#l.p':25
UDP:
  • DNS ASK ma##.hotbox.ru
  • DNS ASK ho##ox.ru
  • DNS ASK ma##.essp.ru
  • DNS ASK go####.donetsk.ua
  • DNS ASK ma##.#owtrucks.net
  • DNS ASK lo###ucks.net
  • DNS ASK ma##.##ssip.donetsk.ua
  • DNS ASK ma#l.ru
  • DNS ASK ma##.quorum.ru
  • DNS ASK qu##um.ru
  • DNS ASK ma##.mail.ru
  • DNS ASK es#p.ru
  • DNS ASK ma#l.p
  • DNS ASK p
The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124