FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.24661

Added to the Dr.Web virus database: 2025-06-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%prea12ybq3
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\dxzg91nv3 porn sperm qfb04d7ux8iegf glans (ct00vwxo,rhpa1v).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm hot (!) titts fishy (2b0ay6o).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\tf1tq013 nude mvakgcwi big glans .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\dk4amn0 cum w5t8cu4 uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\dk4amn0 2yuliau vg2zgnq qfb04d7ux8iegf titts h41hy4cklkoue .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\0nmwz7s horse yo6djypsz uncut cock latex .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\dxzg91nv3 vyfkljc16kq k1tlhzdf w5t8cu4 hole .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\dxzg91nv3 nude k1tlhzdf uncut fishy .rar.exe
  • %WINDIR%\assembly\tmp\z7qips nude w5t8cu4 cew2xnf4xc .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tf1tq013 abj24u 5i8wmj9 uncut glans 50+ .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\5i8wmj9 3z6oda fcksd0samk (yeadrcq,opgr3as).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\beast 3z6oda (sarah).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z7qips nude a1swtsdhkhbf sm .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mvakgcwi w5t8cu4 hole 8j1qjf .mpeg.exe
  • %HOMEPATH%\templates\5i8wmj9 big feet (gina,rhpa1v).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z7qips yton2v k1tlhzdf w5t8cu4 1wyga12mzc .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\yhfjge 2yuliau yo6djypsz 6hg4sl boots .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\dxzg91nv3 abj24u horse qfb04d7ux8iegf cock sm .avi.exe
  • %WINDIR%\syswow64\ime\shared\5i8wmj9 uncut sweet .rar.exe
  • %WINDIR%\syswow64\fxstmp\ktrosnb vyfkljc16kq beast uncut 40+ .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0nmwz7s 2yuliau gay cew2xnf4xc 0vzq1yfv .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\dxzg91nv3 vegpvr beast girls (0wlc1ae).rar.exe
  • %WINDIR%\syswow64\ime\shared\xxx 3ikjnm4y feet .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\0nmwz7s etorvhr mvakgcwi [free] oltmowd (etc82zq,jade).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yhfjge etorvhr horse [milf] hole wifey (2b0ay6o).avi.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\beast [bangbus] feet hairy .rar.exe
  • %WINDIR%\assembly\temp\w5t8cu4 qfb04d7ux8iegf vnm7bo .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gay big oltmowd .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z7qips cum k1tlhzdf f9kdqlk fatfulz .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z7qips abj24u horse a1swtsdhkhbf (4us7a95g).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\dk4amn0 5p4dftc sperm qfb04d7ux8iegf glans 3fzhiwoxgra (2b0ay6o).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\0nmwz7s 2yuliau mvakgcwi uncut dvmdzwh8lo (etc82zq,8e6fxld).mpeg.exe
  • %WINDIR%\security\templates\z7qips vyfkljc16kq gay uncut (rhpa1v).mpg.exe
  • %WINDIR%\pla\templates\black porn k1tlhzdf 3z6oda titts n3mhrd7 .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ktrosnb etorvhr gay cew2xnf4xc feet fcksd0samk .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z7qips abj24u k1tlhzdf girls glans agl9tsu (2b0ay6o).zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\ktrosnb vegpvr horse [bangbus] .avi.exe
  • %APPDATA%\microsoft\windows\templates\dxzg91nv3 abj24u 5i8wmj9 cew2xnf4xc .zip.exe
  • %APPDATA%\microsoft\templates\dk4amn0 etorvhr beast snidyfph cock .rar.exe
  • %ProgramFiles%\windows journal\templates\dxzg91nv3 nude beast hot (!) (opgr3as).avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\0nmwz7s porn sperm hot (!) hole .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ 3z6oda boots .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\black abj24u k1tlhzdf qfb04d7ux8iegf 1n4kl7830jqa .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\peud38v vyfkljc16kq yo6djypsz cew2xnf4xc feet 50+ (8e6fxld).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\5i8wmj9 girls (liz).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z7qips vyfkljc16kq hot (!) hole .rar.exe
  • %WINDIR%\temp\sperm qfb04d7ux8iegf .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yhfjge cum w5t8cu4 6hg4sl titts .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\k1tlhzdf girls hole .mpg.exe
  • %ProgramFiles%\microsoft office\templates\gay a1swtsdhkhbf cock sweet (2b0ay6o).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\0nmwz7s 5p4dftc beast big z9ay2h .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mvakgcwi snidyfph glans .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\beast uncut titts latex .mpg.exe
  • %ProgramFiles%\dvd maker\shared\k1tlhzdf hot (!) .mpg.exe
  • %CommonProgramFiles%\microsoft shared\black cum gay 6hg4sl glans .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\peud38v obd4vccp8 mvakgcwi [milf] glans hotel .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\dxzg91nv3 obd4vccp8 5i8wmj9 qfb04d7ux8iegf glans .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0nmwz7s horse horse [free] (rhpa1v).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ktrosnb vyfkljc16kq xxx [free] feet .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\ktrosnb obd4vccp8 k1tlhzdf [free] .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black nude k1tlhzdf uncut titts yipsl1etyvv (liz).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\black cum w5t8cu4 hot (!) (karin).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\gay 6hg4sl 1wyga12mzc .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\black vyfkljc16kq gay uncut .avi.exe
  • %TEMP%\gay qfb04d7ux8iegf cock young (8e6fxld).avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\yhfjge vegpvr yo6djypsz [milf] (0wlc1ae).mpg.exe
  • %ALLUSERSPROFILE%\templates\thw5cms3 vegpvr sperm qfb04d7ux8iegf (sarah).rar.exe
  • C:\users\default\templates\z7qips nude gay w5t8cu4 feet .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\peud38v etorvhr sperm [free] feet agl9tsu .rar.exe
  • C:\users\default\appdata\local\temp\peud38v porn beast girls lady .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\beast hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\templates\thw5cms3 cum mvakgcwi snidyfph .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx hot (!) (2b0ay6o).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z7qips horse mvakgcwi [milf] fcksd0samk .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\peud38v 5p4dftc gay uncut young .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\gay big 8j1qjf .rar.exe
  • %WINDIR%\winsxs\installtemp\4m7060 w5t8cu4 3ikjnm4y 7k78h5f (sonja,liz).rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play