FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.29710

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\gzn4ud7e xakmpl beast ihthd33 hole (dehod0,2hbt8wr).mpg.exe
  • %ProgramFiles%\dvd maker\shared\f1i7cm h93bklf nom72kl l9hwcs7vvnphd9 titts latex .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mnho9y54 apv53deiq9fw .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\yzw1afy [free] feet .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f1i7cm h93bklf gay [bangbus] qq6w54yfhtqrbwcslg .zip.exe
  • %ProgramFiles%\microsoft office\templates\tsomq34 sgu4m7oc glans .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 cum horse apv53deiq9fw zmc8ujp .zip.exe
  • %ProgramFiles%\windows journal\templates\lpcu5ai3 [bangbus] (sarah).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\eq7k2xcxt bd1l5ir big .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z9z7rwe 8ok6yf yzw1afy girls cock balls (2hbt8wr).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gzn4ud7e nude nom72kl feet .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ l9hwcs7vvnphd9 glans (haj1oyikd,jade).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mnho9y54 sgu4m7oc boots .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\nom72kl [bangbus] cock .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black nude nom72kl [bangbus] cock sm .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm wep6b08 horse [bangbus] (sarah).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt nude nom72kl epyxwn cock lady .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt 8ok6yf tsomq34 [free] (jade).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm 7nd83wovj tsomq34 apv53deiq9fw .mpeg.exe
  • %ALLUSERSPROFILE%\templates\s2fkave w6csjja14n1 horse uncut (karin).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 bd1l5ir mzwpstr8n bq4kno .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e 7nd83wovj nom72kl girls glans 40+ .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 epyxwn gh5b6gd7wrv .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave w6csjja14n1 mnho9y54 nom72kl 779mipj .zip.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n [bangbus] titts gh5b6gd7wrv .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe porn mnho9y54 vjq39c1gwy (2hbt8wr).mpg.exe
  • C:\users\default\appdata\local\temp\ l9hwcs7vvnphd9 .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\8r3baiec cum nom72kl hot (!) cock (sonja,sarah).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\black bd1l5ir gay [milf] hole zn3tvn (c4w8hqa).rar.exe
  • C:\users\default\templates\f07qtt h93bklf yzw1afy sgu4m7oc hairy .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt ddqayq mnho9y54 [milf] qq6w54yfhtqrbwcslg .rar.exe
  • %TEMP%\f1i7cm 7nd83wovj sperm hot (!) eigt45 .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\fac71w2 7nd83wovj sperm epyxwn ejn547rbxhd1 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\f1i7cm xakmpl lpcu5ai3 epyxwn glans sweet .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\yzw1afy [milf] sweet (dehod0,c4w8hqa).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\8r3baiec cum mnho9y54 big qx2j1b5 .mpg.exe
  • %APPDATA%\microsoft\templates\xxx bq4kno glans lzxyhb7k .zip.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec cum mnho9y54 big cock .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f1i7cm w6csjja14n1 mnho9y54 [bangbus] 8pfmdyy .mpeg.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\horse l9hwcs7vvnphd9 hole .avi.exe
  • %HOMEPATH%\templates\black horse horse [milf] titts wifey .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black porn mnho9y54 girls (dxocjwba).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt porn lpcu5ai3 big (jade).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\upfgetx ddqayq sperm vjq39c1gwy lady (rdl1tfkz,cy4xpd).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe horse horse ihthd33 titts wifey .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt ddqayq mzwpstr8n epyxwn glans .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mzwpstr8n 7vepaqjm nmibe2 (haj1oyikd,sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe horse nom72kl uncut titts (sonja,g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec 8ok6yf mnho9y54 hot (!) .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast ihthd33 hole qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\yzw1afy uncut gsva2xn (sandy,sarah).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\sperm nom72kl cock .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm xakmpl xxx sgu4m7oc glans .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse apv53deiq9fw lady .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\nom72kl 7vepaqjm glans ol6p1tua (dxocjwba).rar.exe
  • %WINDIR%\assembly\temp\z9z7rwe horse sperm epyxwn lady .rar.exe
  • %WINDIR%\assembly\tmp\yzw1afy ihthd33 .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f07qtt porn nom72kl [milf] (g6u8n4r).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e wep6b08 nom72kl 7vepaqjm zmc8ujp .mpg.exe
  • %WINDIR%\pla\templates\mzwpstr8n [milf] .zip.exe
  • %WINDIR%\security\templates\black xakmpl sperm epyxwn hole sm .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe 7nd83wovj nom72kl bq4kno .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 sgu4m7oc cock .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay girls cock .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy epyxwn ae2sd7u4xh .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\beast uncut qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm nude tsomq34 hot (!) feet .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gay [free] shoes .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e ddqayq nom72kl bq4kno feet ol6p1tua (g6u8n4r).mpg.exe
  • %WINDIR%\syswow64\fxstmp\0287zh mnho9y54 epyxwn feet ae2sd7u4xh (sarah).rar.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e xakmpl yzw1afy epyxwn .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\nom72kl hot (!) ejn547rbxhd1 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ uncut titts .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt porn mnho9y54 apv53deiq9fw glans sm .mpg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave 7nd83wovj xxx girls titts 6tl9zg0uqa .zip.exe
  • %WINDIR%\temp\eq7k2xcxt bd1l5ir tsomq34 big hole .mpeg.exe
  • %WINDIR%\winsxs\installtemp\xakmpl horse girls titts girly (sarah).avi.exe
  • <Current directory>\sqjaed7r1vnw
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play