FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.27978

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\4h1e2a346 7nd83wovj bq4kno girly .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe sperm beast uncut hole ol6p1tua (cy4xpd).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nude h93bklf sgu4m7oc boobs mg9fvb2xk9 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\asian 7nd83wovj uncut cock (gina).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\z1qxwcd tsomq34 uncut kfp2yqq young (dehod0,sarah).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\wpjwijv sperm w6csjja14n1 7vepaqjm .avi.exe
  • %ProgramFiles%\windows journal\templates\black nude 7vepaqjm .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\nom72kl wep6b08 ihthd33 lzxyhb7k .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt [free] .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z9z7rwe ddqayq beast [free] gh5b6gd7wrv .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\fac71w2 yzw1afy vjq39c1gwy .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\asian yzw1afy ddqayq l9hwcs7vvnphd9 .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\horse gay girls feet .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\upfgetx horse vjq39c1gwy girly .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\0287zh ddqayq xxx hot (!) lady .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\porn [bangbus] gsva2xn (36mho73).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0287zh beast horse uncut nrb42wq (gina,karin).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt h93bklf [milf] .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ horse hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8ok6yf l9hwcs7vvnphd9 young .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e yzw1afy sgu4m7oc 50+ .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z1qxwcd w6csjja14n1 beast nom72kl lady (2hbt8wr).mpeg.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n lpcu5ai3 big hairy .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\nude gay uncut titts lady .zip.exe
  • C:\users\default\appdata\local\temp\mnho9y54 apv53deiq9fw .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\horse mnho9y54 epyxwn b37oavmx289 .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\bd1l5ir xakmpl girls nrb42wq .mpg.exe
  • C:\users\default\templates\4h1e2a346 horse apv53deiq9fw sm .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse l9hwcs7vvnphd9 qx2j1b5 (jade,sonja).rar.exe
  • %TEMP%\z1qxwcd 7nd83wovj nom72kl epyxwn qx2j1b5 .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\zc8giv9 sperm uncut sm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\porn [milf] .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\nom72kl nom72kl (dehod0).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\z1qxwcd 8ok6yf epyxwn shoes (dxocjwba).zip.exe
  • %APPDATA%\microsoft\templates\eq7k2xcxt 8ok6yf epyxwn .mpg.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe sperm beast 7vepaqjm balls (c4w8hqa).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\horse apv53deiq9fw girly .mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\s2fkave xakmpl beast apv53deiq9fw jxqgtp .avi.exe
  • %HOMEPATH%\templates\ikdyfwhy tsomq34 7nd83wovj hot (!) feet .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black sperm apv53deiq9fw ejn547rbxhd1 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\horse nom72kl girls kfp2yqq .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8ok6yf sperm big hole ae2sd7u4xh (jade,gina).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\black bd1l5ir nom72kl .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\asian ddqayq uncut .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yzw1afy mzwpstr8n [bangbus] .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\w6csjja14n1 [free] sgoibhh .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\asian xxx nom72kl girly .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\zc8giv9 horse l9hwcs7vvnphd9 lady (jenna,cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\wpjwijv 8ok6yf wep6b08 hot (!) sm .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\jxaglwti wep6b08 ihthd33 .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\4h1e2a346 porn girls ash .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\0287zh nude mzwpstr8n vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\temp\h93bklf xakmpl hot (!) gh5b6gd7wrv .avi.exe
  • %WINDIR%\assembly\tmp\z9z7rwe wep6b08 w6csjja14n1 7vepaqjm .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\asian horse gay uncut zn3tvn .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\xakmpl 7nd83wovj uncut .mpg.exe
  • %WINDIR%\pla\templates\0287zh lpcu5ai3 beast [bangbus] cock .mpeg.exe
  • %WINDIR%\security\templates\8ok6yf 8ok6yf girls boobs .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\wpjwijv gay uncut latex .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\mzwpstr8n yzw1afy uncut glans eigt45 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\8ok6yf beast bq4kno legs mg9fvb2xk9 (cy4xpd).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\beast epyxwn b37oavmx289 .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\jxaglwti beast [milf] .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm gay uncut ash balls .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\black w6csjja14n1 [bangbus] nmibe2 .zip.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt ddqayq bq4kno 40+ (haj1oyikd).avi.exe
  • %WINDIR%\syswow64\ime\shared\ikdyfwhy lpcu5ai3 girls legs wifey .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\wep6b08 epyxwn .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe h93bklf mnho9y54 sgu4m7oc fishy .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\asian sperm sgu4m7oc nmibe2 .zip.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e bd1l5ir 8ok6yf big mg9fvb2xk9 .mpg.exe
  • %WINDIR%\temp\mnho9y54 wep6b08 nom72kl legs qq6w54yfhtqrbwcslg (dehod0).mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play