FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.24655

Added to the Dr.Web virus database: 2025-06-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%prea12ybq3
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\5i8wmj9 [free] .mpg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\0nmwz7s vyfkljc16kq vegpvr hot (!) e05pe26 (sonja,karin).avi.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\etorvhr horse [milf] .mpeg.exe
  • %HOMEPATH%\templates\mvakgcwi hot (!) 40+ (jenna).mpg.exe
  • %HOMEPATH%\templates\asian xxx etorvhr [free] q4njwcdgux5bzomjnr (gina,sonja).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black mvakgcwi snidyfph h41hy4cklkoue .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay [bangbus] n3mhrd7 .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\qjsuuj51 horse cew2xnf4xc .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\2yuliau vyfkljc16kq hot (!) .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\2yuliau horse w5t8cu4 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ktrosnb obd4vccp8 porn snidyfph boobs .zip.exe
  • %APPDATA%\microsoft\windows\templates\qppc8g mvakgcwi uncut 8j1qjf .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\qppc8g etorvhr qfb04d7ux8iegf dvmdzwh8lo (karin,sonja).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\4m7060 2yuliau cew2xnf4xc sweet (sarah,gina).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\horse k1tlhzdf [bangbus] .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\etorvhr girls hole .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\p2yoszc w5t8cu4 big boots .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z7qips 2yuliau w5t8cu4 wxpokr .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\black k1tlhzdf horse 3z6oda girly .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\9saw1az3 vegpvr w5t8cu4 a1swtsdhkhbf hole (yeadrcq).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\tl1xg0d mvakgcwi 6hg4sl 0vzq1yfv .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\beast uncut (yeadrcq).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\9saw1az3 vegpvr girls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\peud38v xxx uncut wifey .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black gay hot (!) titts .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\thw5cms3 yo6djypsz vyfkljc16kq uncut ash young (gina).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tl1xg0d sperm 2yuliau 3ikjnm4y fcksd0samk .rar.exe
  • %APPDATA%\microsoft\windows\templates\qjsuuj51 cum 3z6oda q4njwcdgux5bzomjnr (8e6fxld,rhpa1v).rar.exe
  • %APPDATA%\microsoft\templates\dxzg91nv3 mvakgcwi w5t8cu4 cock vnm7bo .mpg.exe
  • %APPDATA%\microsoft\templates\etorvhr horse [milf] 0vzq1yfv .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\k1tlhzdf uncut upfukdp8 (jenna).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\tf1tq013 porn qfb04d7ux8iegf lady .rar.exe
  • %ALLUSERSPROFILE%\templates\sperm qfb04d7ux8iegf jbu8c1 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\peud38v horse horse a1swtsdhkhbf .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\porn a1swtsdhkhbf ash z9ay2h .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ktrosnb mvakgcwi big jbu8c1 (karin).mpg.exe
  • C:\users\default\appdata\local\temp\thw5cms3 mvakgcwi qfb04d7ux8iegf hotel .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\dxzg91nv3 horse obd4vccp8 [bangbus] wkdgiqz .mpg.exe
  • C:\users\default\appdata\local\temp\tl1xg0d vegpvr 3ikjnm4y 3fzhiwoxgra .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\k1tlhzdf horse uncut .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\etorvhr vegpvr [milf] upfukdp8 .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\horse cew2xnf4xc glans girly .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\cvj3ofi sperm vegpvr big feet .mpeg.exe
  • C:\users\default\templates\xxx girls (gina).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\peud38v vg2zgnq 6hg4sl dvmdzwh8lo .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\p2yoszc horse vg2zgnq a1swtsdhkhbf glans .zip.exe
  • %TEMP%\horse hot (!) .zip.exe
  • %TEMP%\k1tlhzdf uncut (yeadrcq).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\tl1xg0d xxx sperm 3z6oda .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\z7qips etorvhr mvakgcwi qfb04d7ux8iegf upfukdp8 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\tl1xg0d k1tlhzdf gay uncut boots .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\4m7060 yton2v cum 3ikjnm4y z9ay2h (gyta81s3l).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\5i8wmj9 uncut cock .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\xf0m998 vegpvr cum 3ikjnm4y cock balls .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\p2yoszc 5p4dftc [milf] oltmowd .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black xxx cum [bangbus] boots (sonja,0wlc1ae).avi.exe
  • C:\users\default\templates\9saw1az3 horse yton2v cew2xnf4xc vnm7bo .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\xf0m998 k1tlhzdf big (8e6fxld).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\dxzg91nv3 etorvhr f9kdqlk fishy (rhpa1v).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\asian horse beast 3ikjnm4y .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\peud38v gay snidyfph lady .rar.exe
  • %WINDIR%\syswow64\ime\shared\obd4vccp8 porn [milf] jbu8c1 h41hy4cklkoue (f56rj0).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\qjsuuj51 yton2v 3z6oda feet balls .zip.exe
  • %WINDIR%\syswow64\ime\shared\yton2v big feet .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\obd4vccp8 a1swtsdhkhbf glans .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\yton2v etorvhr uncut glans ash .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\k1tlhzdf cum hot (!) vvano0phq .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\k1tlhzdf [bangbus] titts n3mhrd7 .zip.exe
  • %WINDIR%\syswow64\fxstmp\yton2v cew2xnf4xc boobs .rar.exe
  • %WINDIR%\syswow64\fxstmp\yton2v uncut lady (2b0ay6o,liz).rar.exe
  • %WINDIR%\syswow64\ime\shared\qjsuuj51 vyfkljc16kq abj24u 6hg4sl yipsl1etyvv .rar.exe
  • %WINDIR%\syswow64\ime\shared\qppc8g mvakgcwi sperm qfb04d7ux8iegf .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\5p4dftc yton2v 3z6oda lady .rar.exe
  • %WINDIR%\syswow64\fxstmp\abj24u porn snidyfph boobs lady .mpeg.exe
  • %WINDIR%\temp\vegpvr uncut sm .mpeg.exe
  • %WINDIR%\winsxs\installtemp\5p4dftc cew2xnf4xc ash .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\horse qfb04d7ux8iegf q4njwcdgux5bzomjnr .avi.exe
  • %ProgramFiles%\dvd maker\shared\gay xxx [free] feet n3mhrd7 (sonja).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\vyfkljc16kq [free] .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\vyfkljc16kq 3z6oda ash .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\p2yoszc etorvhr hot (!) hotel (rhpa1v).rar.exe
  • %ProgramFiles%\microsoft office\templates\beast yo6djypsz uncut 1n4kl7830jqa .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\peud38v abj24u [bangbus] (2b0ay6o,sonja).zip.exe
  • %ProgramFiles%\windows journal\templates\asian gay a1swtsdhkhbf (sonja).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\qjsuuj51 yton2v etorvhr w5t8cu4 (8e6fxld).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\asian xxx uncut vnm7bo .mpeg.exe
  • %WINDIR%\temp\cum uncut 40+ .avi.exe
  • %WINDIR%\winsxs\installtemp\tl1xg0d horse horse [bangbus] fcksd0samk (f56rj0).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\cy0hhk4jm yton2v uncut (sonja,ct00vwxo).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mvakgcwi nude w5t8cu4 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black nude 2yuliau 3ikjnm4y (rhpa1v,f56rj0).mpeg.exe
  • %WINDIR%\assembly\temp\sperm 3z6oda wkdgiqz .zip.exe
  • %WINDIR%\assembly\tmp\sperm w5t8cu4 hairy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\asian sperm f9kdqlk (jenna,liz).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\cy0hhk4jm k1tlhzdf a1swtsdhkhbf titts 40+ .mpg.exe
  • %WINDIR%\assembly\temp\vyfkljc16kq 3z6oda feet .avi.exe
  • %WINDIR%\assembly\tmp\porn 3z6oda .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\w5t8cu4 a1swtsdhkhbf young .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\vg2zgnq 6hg4sl cock .mpeg.exe
  • %WINDIR%\pla\templates\peud38v w5t8cu4 vegpvr 3ikjnm4y shoes .mpeg.exe
  • %WINDIR%\security\templates\yton2v 6hg4sl 50+ (karin).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\nude vegpvr uncut .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\ktrosnb mvakgcwi 3ikjnm4y titts agl9tsu .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\nude w5t8cu4 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\abj24u girls hole balls .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\tl1xg0d vg2zgnq 6hg4sl girly .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\p2yoszc obd4vccp8 vg2zgnq a1swtsdhkhbf (0wlc1ae,sonja).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\porn vg2zgnq hot (!) 3fzhiwoxgra (sonja,karin).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\qppc8g horse hot (!) oltmowd .avi.exe
  • %WINDIR%\pla\templates\beast mvakgcwi cew2xnf4xc sm .mpeg.exe
  • %WINDIR%\security\templates\thw5cms3 vyfkljc16kq w5t8cu4 boobs (2b0ay6o).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\thw5cms3 yo6djypsz big .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\tf1tq013 cum vyfkljc16kq big jbu8c1 rg7tdu4 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\p2yoszc obd4vccp8 gay [bangbus] glans dvmdzwh8lo .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ktrosnb w5t8cu4 qfb04d7ux8iegf glans lady .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xf0m998 5i8wmj9 yton2v hot (!) dvmdzwh8lo .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\5p4dftc [bangbus] cock (sarah,4us7a95g).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\asian yo6djypsz 3z6oda vkwhqow .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\p2yoszc obd4vccp8 [free] 40+ (etc82zq,8e6fxld).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\4m7060 5p4dftc [bangbus] jbu8c1 z9ay2h (etc82zq).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z7qips 5p4dftc 3z6oda lady (jenna,etc82zq).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black etorvhr mvakgcwi f9kdqlk hairy .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\yo6djypsz [bangbus] dvmdzwh8lo .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\tf1tq013 porn xxx f9kdqlk cock girly .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\ktrosnb cum yo6djypsz uncut glans girly (8e6fxld).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\peud38v vyfkljc16kq gay uncut hole .zip.exe
  • %APPDATA%\microsoft\templates\ktrosnb obd4vccp8 5i8wmj9 3ikjnm4y .avi.exe
  • %APPDATA%\microsoft\windows\templates\k1tlhzdf 3ikjnm4y titts .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\yhfjge nude gay f9kdqlk titts 3fzhiwoxgra (0wlc1ae).mpg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\mvakgcwi a1swtsdhkhbf hole z9ay2h (0wlc1ae).mpg.exe
  • %HOMEPATH%\templates\0nmwz7s cum beast snidyfph .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\thw5cms3 obd4vccp8 horse w5t8cu4 1wyga12mzc .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black porn w5t8cu4 big .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\z7qips horse gay girls hole vnm7bo .rar.exe
  • %TEMP%\5i8wmj9 6hg4sl fcksd0samk .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\horse big dvmdzwh8lo .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black obd4vccp8 vg2zgnq big .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yhfjge vyfkljc16kq vg2zgnq w5t8cu4 titts .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\k1tlhzdf qfb04d7ux8iegf ash (yeadrcq,sarah).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\thw5cms3 horse yo6djypsz [milf] titts .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mvakgcwi uncut 3fzhiwoxgra .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\0nmwz7s 5p4dftc a1swtsdhkhbf hole vnm7bo .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\k1tlhzdf 3z6oda .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\ktrosnb nude mvakgcwi [milf] fishy .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gay girls titts .rar.exe
  • %WINDIR%\assembly\temp\thw5cms3 cum xxx [free] 0vzq1yfv .mpg.exe
  • %WINDIR%\assembly\tmp\5i8wmj9 girls .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yhfjge abj24u k1tlhzdf hot (!) (2b0ay6o).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\0nmwz7s obd4vccp8 gay f9kdqlk dvmdzwh8lo (sonja,jade).zip.exe
  • C:\users\default\templates\tf1tq013 porn 5i8wmj9 hot (!) vkwhqow .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\beast [free] feet 40+ (8e6fxld).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\vg2zgnq w5t8cu4 shoes .rar.exe
  • %ProgramFiles%\dvd maker\shared\z7qips horse sperm uncut rg7tdu4 .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\peud38v yton2v f9kdqlk hole sm .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\ktrosnb nude beast cew2xnf4xc (4us7a95g).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\thw5cms3 horse horse [bangbus] feet 3fzhiwoxgra (0wlc1ae).zip.exe
  • %ProgramFiles%\microsoft office\templates\beast uncut 8j1qjf (f56rj0,2b0ay6o).rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\w5t8cu4 f9kdqlk (rhpa1v).mpeg.exe
  • %ProgramFiles%\windows journal\templates\ktrosnb abj24u mvakgcwi big (sarah).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black 2yuliau horse cew2xnf4xc glans .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\tf1tq013 vyfkljc16kq [free] (2b0ay6o).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yhfjge vyfkljc16kq xxx [milf] titts .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\dk4amn0 5p4dftc horse [free] glans lady .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\peud38v porn xxx snidyfph cock rg7tdu4 (rhpa1v).zip.exe
  • %CommonProgramFiles%\microsoft shared\dk4amn0 abj24u xxx w5t8cu4 0vzq1yfv .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\mvakgcwi snidyfph cock shoes (karin).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black vegpvr sperm [bangbus] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tf1tq013 obd4vccp8 k1tlhzdf big feet 8j1qjf (karin).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\dxzg91nv3 nude beast [bangbus] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black 5p4dftc sperm 3z6oda 50+ .avi.exe
  • %ALLUSERSPROFILE%\templates\peud38v nude 6hg4sl .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\dxzg91nv3 5p4dftc k1tlhzdf hot (!) titts .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\dk4amn0 horse 5i8wmj9 hot (!) glans yipsl1etyvv (sarah).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0nmwz7s obd4vccp8 vg2zgnq 6hg4sl vvano0phq .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\yhfjge yton2v w5t8cu4 [milf] feet ash (8e6fxld).avi.exe
  • %ALLUSERSPROFILE%\templates\thw5cms3 abj24u beast hot (!) (opgr3as).avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\peud38v nude 5i8wmj9 [free] .rar.exe
  • C:\users\default\appdata\local\temp\k1tlhzdf girls balls (etc82zq,liz).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\vg2zgnq f9kdqlk hole q4njwcdgux5bzomjnr (jade).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\w5t8cu4 6hg4sl titts 3fzhiwoxgra .rar.exe
  • %WINDIR%\pla\templates\z7qips porn k1tlhzdf 3z6oda 3fzhiwoxgra .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tf1tq013 porn yton2v [bangbus] .avi.exe
  • %WINDIR%\security\templates\dk4amn0 horse xxx a1swtsdhkhbf dvmdzwh8lo .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\0nmwz7s beast uncut vnm7bo (karin,ct00vwxo).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\yhfjge gay w5t8cu4 girls cock oltmowd .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\5i8wmj9 [free] fishy (karin).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\yhfjge 5i8wmj9 3z6oda ash (jenna).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\vg2zgnq w5t8cu4 big young .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black beast [milf] e05pe26 boots .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\dk4amn0 uncut lady .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\qjsuuj51 porn uncut jbu8c1 (gyta81s3l).mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tl1xg0d mvakgcwi uncut rg7tdu4 .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\5p4dftc vegpvr 3z6oda balls .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tf1tq013 obd4vccp8 sperm 3z6oda yipsl1etyvv .mpg.exe
  • %ProgramFiles%\windows journal\templates\4m7060 horse yo6djypsz [bangbus] yipsl1etyvv .avi.exe
  • %ProgramFiles%\windows journal\templates\xxx horse qfb04d7ux8iegf hotel .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\0nmwz7s nude cum [free] jbu8c1 8j1qjf (0wlc1ae).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\cy0hhk4jm yton2v 2yuliau w5t8cu4 sweet (8e6fxld).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\cum abj24u girls (opgr3as,liz).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\xf0m998 5p4dftc f9kdqlk e05pe26 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\peud38v w5t8cu4 lady .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\dxzg91nv3 vyfkljc16kq porn 6hg4sl .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\yton2v beast [free] boots .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\tl1xg0d yton2v vg2zgnq [milf] h41hy4cklkoue .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\cvj3ofi mvakgcwi [milf] sweet .rar.exe
  • %ALLUSERSPROFILE%\templates\qppc8g porn uncut ash .mpeg.exe
  • %ALLUSERSPROFILE%\templates\peud38v beast f9kdqlk legs vvano0phq .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\qppc8g sperm uncut titts wxpokr .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\vegpvr vyfkljc16kq uncut (4us7a95g).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\abj24u w5t8cu4 sm .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\thw5cms3 yton2v uncut titts vvano0phq .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\xf0m998 vg2zgnq vegpvr 3z6oda upfukdp8 (4us7a95g).rar.exe
  • %ProgramFiles%\microsoft office\templates\cvj3ofi yo6djypsz big (f56rj0,sandy).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\5i8wmj9 w5t8cu4 lady .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z7qips cum yo6djypsz uncut hole girly .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\beast girls dvmdzwh8lo .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z7qips cum gay 3z6oda upfukdp8 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\5i8wmj9 [free] (rhpa1v).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\tf1tq013 horse horse [milf] feet .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\dxzg91nv3 abj24u vg2zgnq a1swtsdhkhbf titts 7k78h5f .avi.exe
  • %WINDIR%\syswow64\fxstmp\9saw1az3 xxx 3ikjnm4y .rar.exe
  • %WINDIR%\syswow64\ime\shared\vg2zgnq w5t8cu4 hole 3fzhiwoxgra .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm w5t8cu4 feet .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\peud38v horse beast hot (!) (sarah).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\tf1tq013 cum f9kdqlk cock .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\horse big glans h41hy4cklkoue .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\yhfjge 2yuliau w5t8cu4 girls 3fzhiwoxgra (sandy,karin).mpeg.exe
  • %WINDIR%\winsxs\installtemp\qjsuuj51 horse w5t8cu4 .zip.exe
  • %CommonProgramFiles%\microsoft shared\ktrosnb beast qfb04d7ux8iegf .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\qjsuuj51 5i8wmj9 horse 3z6oda .rar.exe
  • %ProgramFiles%\dvd maker\shared\etorvhr hot (!) jbu8c1 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\peud38v k1tlhzdf yo6djypsz qfb04d7ux8iegf glans wxpokr .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xf0m998 5p4dftc girls .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\9saw1az3 sperm yo6djypsz hot (!) .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\peud38v abj24u nude big cock vnm7bo .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\cy0hhk4jm etorvhr a1swtsdhkhbf young (jenna).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ktrosnb obd4vccp8 vg2zgnq [free] rg7tdu4 .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xf0m998 horse vg2zgnq uncut boobs hotel (etc82zq).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\xf0m998 sperm [bangbus] (karin).mpeg.exe
  • %WINDIR%\temp\peud38v yton2v k1tlhzdf 3z6oda cock ash (jade).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\p2yoszc abj24u cew2xnf4xc jbu8c1 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gay vyfkljc16kq cew2xnf4xc hole n3mhrd7 (jade,2b0ay6o).mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play