FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.27506

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\xakmpl nom72kl uncut .rar.exe
  • %ProgramFiles%\dvd maker\shared\wep6b08 l9hwcs7vvnphd9 sgoibhh .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\7b6fhxi wep6b08 girls .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe h93bklf epyxwn .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\wpjwijv w6csjja14n1 sperm ihthd33 .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\bd1l5ir sgu4m7oc latex .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\mnho9y54 horse big titts ae2sd7u4xh (haj1oyikd).mpg.exe
  • %ProgramFiles%\windows journal\templates\bd1l5ir bq4kno 50+ (sarah,cy4xpd).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx sperm epyxwn eigt45 (y8oxsqa,hyo87il).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\8r3baiec 8ok6yf ihthd33 sm .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 epyxwn .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\zc8giv9 sperm epyxwn cock sm (rdl1tfkz,liz).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\bd1l5ir ihthd33 titts shoes .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\xxx horse ihthd33 shoes .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\w6csjja14n1 [free] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast nude uncut ash balls (g6u8n4r,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\cum nom72kl kfp2yqq .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xakmpl w6csjja14n1 epyxwn latex .avi.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy nude big 779mipj (sarah,dxocjwba).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 w6csjja14n1 uncut (sarah).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tsomq34 7nd83wovj ihthd33 sweet .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 [free] feet b37oavmx289 .mpg.exe
  • %ALLUSERSPROFILE%\templates\8ok6yf horse uncut (jade,hyo87il).mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\7nd83wovj xakmpl epyxwn (jade,dxocjwba).rar.exe
  • C:\users\default\appdata\local\temp\z9z7rwe ddqayq nude [bangbus] .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\0287zh bd1l5ir 7nd83wovj big (dehod0).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\viaz50 gay ihthd33 ae2sd7u4xh .avi.exe
  • C:\users\default\templates\h93bklf l9hwcs7vvnphd9 nrb42wq .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\8r3baiec xakmpl sgu4m7oc titts (gina).avi.exe
  • %TEMP%\nude horse [milf] rv0y8n .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\0287zh 7vepaqjm legs lzxyhb7k (liz).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\w6csjja14n1 [free] hairy .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\tsomq34 [milf] .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\gay girls fishy (36mho73,sarah).avi.exe
  • %APPDATA%\microsoft\templates\s2fkave nom72kl wep6b08 [free] b37oavmx289 (rdl1tfkz).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\fac71w2 beast apv53deiq9fw sweet .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\bd1l5ir girls legs .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z1qxwcd mzwpstr8n ihthd33 ae2sd7u4xh (gina,sonja).avi.exe
  • %HOMEPATH%\templates\gay hot (!) hole .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\horse nude ihthd33 cock (y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\w6csjja14n1 big 8pfmdyy .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z1qxwcd horse w6csjja14n1 [milf] 779mipj (karin).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z1qxwcd nom72kl [bangbus] feet .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\fac71w2 horse yzw1afy hot (!) .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe xxx yzw1afy hot (!) (gina).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\ikdyfwhy ddqayq bd1l5ir [free] glans .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\black 8ok6yf horse uncut ol6p1tua (c4w8hqa).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\jxaglwti xxx vjq39c1gwy legs (cy4xpd).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\wpjwijv wep6b08 vjq39c1gwy eigt45 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\jxaglwti mnho9y54 sgu4m7oc .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xxx vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\asian yzw1afy cum [milf] fishy .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\ddqayq nom72kl girls .mpg.exe
  • %WINDIR%\assembly\temp\eq7k2xcxt mzwpstr8n apv53deiq9fw hairy (c4w8hqa).zip.exe
  • %WINDIR%\assembly\tmp\beast nude [milf] (karin).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\viaz50 lpcu5ai3 l9hwcs7vvnphd9 legs rv0y8n (liz,sonja).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\nude nom72kl ol6p1tua (haj1oyikd).avi.exe
  • %WINDIR%\pla\templates\wpjwijv horse 8ok6yf nom72kl ash .rar.exe
  • %WINDIR%\security\templates\f1i7cm nom72kl vjq39c1gwy .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 ddqayq uncut lzxyhb7k (hyo87il,c4w8hqa).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave yzw1afy w6csjja14n1 hot (!) .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\asian mnho9y54 7vepaqjm titts sgoibhh (g6u8n4r,rdl1tfkz).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\0287zh mzwpstr8n vjq39c1gwy feet .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\viaz50 sperm vjq39c1gwy lzxyhb7k .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\xakmpl big wifey .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\wpjwijv lpcu5ai3 [milf] feet .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\asian 7nd83wovj nom72kl .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\yzw1afy bd1l5ir nom72kl wifey .avi.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt 7nd83wovj girls feet rv0y8n .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\z9z7rwe sperm epyxwn .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 ihthd33 lzxyhb7k .zip.exe
  • %WINDIR%\syswow64\fxstmp\porn vjq39c1gwy rv0y8n .zip.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec cum cum nom72kl jxqgtp fishy (hyo87il).rar.exe
  • %WINDIR%\temp\4h1e2a346 gay horse vjq39c1gwy hotel .mpeg.exe
  • %WINDIR%\winsxs\installtemp\nom72kl h93bklf hot (!) .mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\xxx l9hwcs7vvnphd9 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\f1i7cm porn beast vjq39c1gwy lady (sandy,jade).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\sperm vjq39c1gwy (2hbt8wr).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\beast bq4kno ae2sd7u4xh .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\z9z7rwe bd1l5ir epyxwn hotel (dehod0,karin).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\s2fkave 7nd83wovj lpcu5ai3 nom72kl 6tl9zg0uqa .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\beast [bangbus] nrb42wq .mpg.exe
  • %ProgramFiles%\windows journal\templates\8r3baiec 8ok6yf lpcu5ai3 epyxwn .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx xakmpl tsomq34 [free] glans 6tl9zg0uqa .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\wpjwijv horse epyxwn boots .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f1i7cm w6csjja14n1 xxx vjq39c1gwy hole .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e 7nd83wovj mzwpstr8n big (liz).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\fac71w2 bd1l5ir nom72kl uncut ash .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gay ihthd33 hole gh5b6gd7wrv (sarah).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm big glans lady (c4w8hqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tsomq34 uncut titts sm (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\yzw1afy sgu4m7oc gh5b6gd7wrv .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx uncut (karin).avi.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 [free] (karin).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt cum nom72kl bq4kno glans .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 l9hwcs7vvnphd9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n l9hwcs7vvnphd9 glans .mpeg.exe
  • %ALLUSERSPROFILE%\templates\h93bklf gay l9hwcs7vvnphd9 glans nrb42wq (c4w8hqa).mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ hot (!) (dxocjwba).avi.exe
  • C:\users\default\appdata\local\temp\yzw1afy hot (!) cock sgoibhh .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\sperm sgu4m7oc qx2j1b5 .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\fac71w2 cum nom72kl [free] feet (sonja,karin).zip.exe
  • C:\users\default\templates\mzwpstr8n ihthd33 qq6w54yfhtqrbwcslg .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e 7nd83wovj xxx [free] cock .mpeg.exe
  • %TEMP%\tsomq34 apv53deiq9fw 8bgkvshe1 .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt nude hot (!) ae2sd7u4xh (rdl1tfkz,karin).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\ apv53deiq9fw titts qx2j1b5 .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\ ihthd33 (sarah).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\upfgetx 8ok6yf mnho9y54 ihthd33 779mipj .zip.exe
  • %APPDATA%\microsoft\templates\f07qtt horse xxx big feet ejn547rbxhd1 .rar.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe nude gay [free] .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\horse uncut 779mipj .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gay girls lady (sonja,karin).avi.exe
  • %HOMEPATH%\templates\upfgetx cum mzwpstr8n l9hwcs7vvnphd9 hole hairy (liz).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\fac71w2 7nd83wovj gay bq4kno hole 779mipj (liz).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gay sgu4m7oc qx2j1b5 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n [milf] hole .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\eq7k2xcxt h93bklf nom72kl sgu4m7oc hole latex .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\upfgetx horse beast uncut ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\beast [milf] ash .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm wep6b08 mzwpstr8n ihthd33 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\nom72kl sgu4m7oc shoes .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx horse mzwpstr8n sgu4m7oc cock fw58kpr41ob1w .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\f07qtt cum nom72kl nom72kl (y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse [milf] zn3tvn .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\fac71w2 8ok6yf nom72kl ihthd33 nmibe2 .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gzn4ud7e porn xxx [bangbus] (g6u8n4r).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black 8ok6yf xxx apv53deiq9fw balls .mpeg.exe
  • %WINDIR%\assembly\temp\8r3baiec nude sperm 7vepaqjm .rar.exe
  • %WINDIR%\assembly\tmp\fac71w2 w6csjja14n1 sperm uncut fw58kpr41ob1w .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\xxx 7vepaqjm latex .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy [milf] .avi.exe
  • %WINDIR%\pla\templates\black 8ok6yf yzw1afy [milf] nmibe2 .mpg.exe
  • %WINDIR%\security\templates\fac71w2 nude vjq39c1gwy rv0y8n .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe bd1l5ir lpcu5ai3 vjq39c1gwy cock 40+ .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\fac71w2 xakmpl yzw1afy [free] cock balls .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse [bangbus] lzxyhb7k .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 7nd83wovj lpcu5ai3 apv53deiq9fw glans 8bgkvshe1 (liz).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\xxx bq4kno hole .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm nude 7vepaqjm feet latex (liz).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm xakmpl nom72kl girls balls .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\xxx vjq39c1gwy shoes (haj1oyikd,jade).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy mzwpstr8n uncut titts ash .rar.exe
  • %WINDIR%\syswow64\ime\shared\black 7nd83wovj beast 7vepaqjm cock .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\mnho9y54 uncut lady (dehod0,c4w8hqa).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec horse beast sgu4m7oc hole sgoibhh .avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec ddqayq mnho9y54 [milf] glans qx2j1b5 (jade).avi.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt horse yzw1afy vjq39c1gwy young .mpeg.exe
  • %WINDIR%\temp\horse big glans (hyo87il,c4w8hqa).rar.exe
  • %WINDIR%\winsxs\installtemp\eq7k2xcxt wep6b08 mzwpstr8n hot (!) eigt45 (dehod0,karin).rar.exe
  • %CommonProgramFiles%\microsoft shared\8r3baiec xakmpl wep6b08 epyxwn .zip.exe
  • %CommonProgramFiles%\microsoft shared\s2fkave w6csjja14n1 mzwpstr8n epyxwn mg9fvb2xk9 .avi.exe
  • %ProgramFiles%\dvd maker\shared\w6csjja14n1 hot (!) .zip.exe
  • %ProgramFiles%\dvd maker\shared\lpcu5ai3 big (c4w8hqa).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\z9z7rwe w6csjja14n1 [milf] boobs rv0y8n .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gzn4ud7e w6csjja14n1 yzw1afy 7vepaqjm cock ejn547rbxhd1 (cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\bd1l5ir ihthd33 (liz,liz).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave porn beast big feet gsva2xn (cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\porn nude bq4kno boobs nmibe2 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f1i7cm porn beast nom72kl cock .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\7b6fhxi h93bklf mnho9y54 [milf] jxqgtp boots .mpg.exe
  • %ProgramFiles%\microsoft office\templates\gay [free] 6tl9zg0uqa (sonja,2hbt8wr).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black sperm epyxwn (sarah,sarah).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black xakmpl nom72kl hot (!) glans fw58kpr41ob1w .zip.exe
  • %ProgramFiles%\windows journal\templates\s2fkave cum tsomq34 ihthd33 (rdl1tfkz,g6u8n4r).avi.exe
  • %ProgramFiles%\windows journal\templates\nom72kl ihthd33 cock zmc8ujp (sarah).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx cum nom72kl bq4kno .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\tsomq34 big titts (rdl1tfkz,dxocjwba).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z9z7rwe yzw1afy 8ok6yf l9hwcs7vvnphd9 (g6u8n4r,dxocjwba).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\tsomq34 7vepaqjm ejn547rbxhd1 .mpg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play