FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.32168

Added to the Dr.Web virus database: 2025-07-18

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\fac71w2 w6csjja14n1 horse epyxwn cock qx2j1b5 .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\f07qtt ddqayq nom72kl big hairy .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xxx big (y8oxsqa).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mzwpstr8n [bangbus] .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec horse lpcu5ai3 uncut titts (gina,g6u8n4r).mpg.exe
  • %ProgramFiles%\microsoft office\templates\upfgetx horse mnho9y54 epyxwn feet ash .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\mnho9y54 uncut feet lady .zip.exe
  • %ProgramFiles%\windows journal\templates\black wep6b08 xxx girls .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\8r3baiec xakmpl gay apv53deiq9fw sweet .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f1i7cm ddqayq yzw1afy nom72kl glans .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\upfgetx 7nd83wovj yzw1afy ihthd33 titts girly .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\s2fkave xakmpl horse hot (!) .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt nude mnho9y54 sgu4m7oc qq6w54yfhtqrbwcslg .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\sperm nom72kl .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\beast bq4kno .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt wep6b08 xxx hot (!) hole b37oavmx289 (y8oxsqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast bq4kno (karin).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 h93bklf tsomq34 l9hwcs7vvnphd9 (g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt 8ok6yf gay uncut balls .mpeg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 l9hwcs7vvnphd9 titts latex (2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay ihthd33 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e cum sperm 7vepaqjm 50+ .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec 7nd83wovj nom72kl uncut glans girly .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm bd1l5ir tsomq34 [free] (g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\templates\s2fkave nude horse sgu4m7oc sgoibhh (dehod0,jade).avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt h93bklf nom72kl l9hwcs7vvnphd9 nrb42wq .mpg.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e horse mnho9y54 bq4kno cock .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\8r3baiec 8ok6yf gay epyxwn hole young .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave xakmpl sperm l9hwcs7vvnphd9 titts hairy .mpeg.exe
  • C:\users\default\templates\gay hot (!) hole eigt45 (y8oxsqa).mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm cum gay vjq39c1gwy .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\tsomq34 [bangbus] qq6w54yfhtqrbwcslg .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\eq7k2xcxt horse mzwpstr8n uncut titts .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\eq7k2xcxt xakmpl yzw1afy big eigt45 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\beast uncut ol6p1tua .mpg.exe
  • %APPDATA%\microsoft\templates\f07qtt h93bklf lpcu5ai3 uncut (dxocjwba).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\eq7k2xcxt h93bklf lpcu5ai3 uncut glans (rdl1tfkz,karin).zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\gzn4ud7e ddqayq nom72kl [milf] .mpeg.exe
  • %HOMEPATH%\templates\gay bq4kno titts .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ 7vepaqjm feet (hyo87il,jade).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black horse horse apv53deiq9fw gh5b6gd7wrv .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\horse [bangbus] fw58kpr41ob1w .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 [bangbus] nmibe2 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f1i7cm w6csjja14n1 mzwpstr8n vjq39c1gwy (sarah).avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\lpcu5ai3 [milf] qq6w54yfhtqrbwcslg (jenna,liz).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx 8ok6yf mzwpstr8n [milf] lady .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\upfgetx cum sperm epyxwn fishy .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black bd1l5ir nom72kl hot (!) titts 40+ (cy4xpd).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\s2fkave wep6b08 gay sgu4m7oc qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\mnho9y54 [free] 50+ (gina,c4w8hqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx bd1l5ir yzw1afy vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gzn4ud7e nude nom72kl big feet boots (dxocjwba).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\nom72kl nom72kl .rar.exe
  • %WINDIR%\assembly\temp\beast [milf] cock sweet .mpeg.exe
  • %WINDIR%\assembly\tmp\upfgetx h93bklf [free] feet .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e 8ok6yf gay uncut cock ae2sd7u4xh .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\ nom72kl 8pfmdyy (jenna,sarah).mpeg.exe
  • %WINDIR%\pla\templates\xxx [bangbus] ash (sandy,y8oxsqa).rar.exe
  • %WINDIR%\security\templates\gay 7vepaqjm glans hotel (c4w8hqa).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx bd1l5ir lpcu5ai3 7vepaqjm wifey .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt wep6b08 horse l9hwcs7vvnphd9 feet rv0y8n (karin).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\fac71w2 porn girls .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt h93bklf nom72kl bq4kno boots .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\fac71w2 xakmpl tsomq34 girls ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 mzwpstr8n uncut .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\eq7k2xcxt nude nom72kl 7vepaqjm 8pfmdyy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl epyxwn feet (sonja,g6u8n4r).rar.exe
  • %WINDIR%\syswow64\fxstmp\h93bklf xxx nom72kl .avi.exe
  • %WINDIR%\syswow64\ime\shared\mnho9y54 l9hwcs7vvnphd9 (dxocjwba).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e w6csjja14n1 mzwpstr8n l9hwcs7vvnphd9 cock rv0y8n .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm ihthd33 wifey .rar.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 sgu4m7oc glans .avi.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt bd1l5ir yzw1afy hot (!) hairy .mpg.exe
  • %WINDIR%\temp\ apv53deiq9fw hole rv0y8n .rar.exe
  • %WINDIR%\winsxs\installtemp\porn sperm l9hwcs7vvnphd9 (g6u8n4r).avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\mzwpstr8n lpcu5ai3 hot (!) .rar.exe
  • %CommonProgramFiles%\microsoft shared\viaz50 horse mzwpstr8n nom72kl ae2sd7u4xh .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\bd1l5ir l9hwcs7vvnphd9 .rar.exe
  • %ProgramFiles%\dvd maker\shared\s2fkave wep6b08 8ok6yf sgu4m7oc 779mipj (jade).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\0287zh horse ddqayq [bangbus] hotel .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\ddqayq sgu4m7oc hotel (dehod0).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\fac71w2 cum [bangbus] sm .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\wep6b08 xxx ihthd33 ash .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\0287zh beast apv53deiq9fw boobs .avi.exe
  • %ProgramFiles%\microsoft office\templates\7b6fhxi horse sperm [free] glans .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\zc8giv9 mzwpstr8n sperm sgu4m7oc sweet .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx beast tsomq34 l9hwcs7vvnphd9 (g6u8n4r,sonja).avi.exe
  • %ProgramFiles%\microsoft office\templates\asian beast xakmpl epyxwn .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\0287zh bd1l5ir porn [bangbus] zn3tvn (haj1oyikd,gina).mpg.exe
  • %ProgramFiles%\windows journal\templates\cum big balls .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\nude 7nd83wovj girls boobs gh5b6gd7wrv .rar.exe
  • %ProgramFiles%\windows journal\templates\mzwpstr8n nom72kl girls (liz,rdl1tfkz).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7nd83wovj horse apv53deiq9fw fw58kpr41ob1w (y8oxsqa,c4w8hqa).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\0287zh uncut .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ddqayq epyxwn shoes .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\bd1l5ir wep6b08 big .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\s2fkave 8ok6yf apv53deiq9fw hotel (sarah).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\w6csjja14n1 ihthd33 js80j73 .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\ikdyfwhy nude nom72kl ol6p1tua .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\ddqayq [free] ol6p1tua (haj1oyikd).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ikdyfwhy ddqayq 8ok6yf big kfp2yqq .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\beast ihthd33 qx2j1b5 .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\ikdyfwhy porn hot (!) zn3tvn .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse lpcu5ai3 uncut .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xakmpl beast [milf] fishy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 horse epyxwn legs ol6p1tua .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx beast nom72kl big .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z1qxwcd tsomq34 tsomq34 [free] (sarah,rdl1tfkz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\4h1e2a346 wep6b08 [bangbus] (sarah,dehod0).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian h93bklf 8ok6yf 7vepaqjm sweet (sandy).mpeg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 cum uncut young (sonja).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\wpjwijv mnho9y54 horse [free] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\cum mnho9y54 big wifey .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx xxx xakmpl hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xakmpl porn uncut ash .avi.exe
  • %ALLUSERSPROFILE%\templates\s2fkave uncut (sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e 8ok6yf lpcu5ai3 l9hwcs7vvnphd9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wep6b08 nom72kl .avi.exe
  • %ALLUSERSPROFILE%\templates\7b6fhxi bd1l5ir apv53deiq9fw nmibe2 .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8ok6yf beast bq4kno .avi.exe
  • C:\users\default\appdata\local\temp\mnho9y54 ddqayq vjq39c1gwy zmc8ujp (cy4xpd).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\ikdyfwhy beast hot (!) .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm ddqayq epyxwn (jenna,36mho73).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\z1qxwcd sperm vjq39c1gwy balls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt xxx porn [bangbus] .mpg.exe
  • C:\users\default\templates\beast uncut ae2sd7u4xh (36mho73,dehod0).rar.exe
  • %ALLUSERSPROFILE%\templates\h93bklf sgu4m7oc .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 horse sgu4m7oc hairy .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx w6csjja14n1 horse ihthd33 ejn547rbxhd1 .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec wep6b08 big 779mipj .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse girls legs .zip.exe
  • %TEMP%\z1qxwcd mnho9y54 wep6b08 hot (!) .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\ikdyfwhy nom72kl sgu4m7oc .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\nude nom72kl sweet .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\tsomq34 horse l9hwcs7vvnphd9 ash (haj1oyikd,sonja).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\horse nom72kl sm (cy4xpd,jenna).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\wep6b08 uncut ash .mpeg.exe
  • %TEMP%\4h1e2a346 sperm nom72kl big sgoibhh (sonja,gina).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\4h1e2a346 8ok6yf 7vepaqjm .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\wpjwijv w6csjja14n1 nom72kl hairy (rdl1tfkz,sonja).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\h93bklf [free] (rdl1tfkz,cy4xpd).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\z9z7rwe xxx sgu4m7oc cock ejn547rbxhd1 .avi.exe
  • %APPDATA%\microsoft\templates\7b6fhxi lpcu5ai3 w6csjja14n1 epyxwn fishy .mpg.exe
  • %APPDATA%\microsoft\windows\templates\eq7k2xcxt horse lpcu5ai3 l9hwcs7vvnphd9 lzxyhb7k (liz).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\viaz50 w6csjja14n1 big .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\4h1e2a346 lpcu5ai3 girls feet .avi.exe
  • %APPDATA%\microsoft\windows\templates\xxx sperm [milf] feet hotel .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\0287zh cum wep6b08 bq4kno .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z9z7rwe tsomq34 horse [milf] .zip.exe
  • %HOMEPATH%\templates\horse girls lzxyhb7k (jenna,2hbt8wr).avi.exe
  • %HOMEPATH%\templates\zc8giv9 lpcu5ai3 uncut (jade).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z1qxwcd porn epyxwn legs .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\0287zh h93bklf nom72kl .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl 7nd83wovj l9hwcs7vvnphd9 (jenna,karin).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\xakmpl nude girls glans .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f1i7cm lpcu5ai3 tsomq34 girls legs qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\zc8giv9 sperm uncut .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\cum girls hotel .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\viaz50 yzw1afy xakmpl girls .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\asian wep6b08 epyxwn sweet (g6u8n4r).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\7b6fhxi 8ok6yf apv53deiq9fw shoes (dxocjwba).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mnho9y54 [free] glans .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ uncut ash (liz).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\fac71w2 7nd83wovj sgu4m7oc qx2j1b5 (jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\upfgetx h93bklf nude vjq39c1gwy shoes .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\viaz50 7nd83wovj epyxwn 6tl9zg0uqa .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xakmpl big ash boots (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black h93bklf l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f07qtt tsomq34 apv53deiq9fw eigt45 (haj1oyikd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z1qxwcd l9hwcs7vvnphd9 boobs sm .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\gay 8ok6yf vjq39c1gwy legs 40+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\viaz50 tsomq34 vjq39c1gwy glans .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\wpjwijv ddqayq porn uncut nrb42wq .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\wpjwijv lpcu5ai3 beast nom72kl boobs eigt45 .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\asian nom72kl hole zmc8ujp (c4w8hqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm w6csjja14n1 [bangbus] titts qq6w54yfhtqrbwcslg (haj1oyikd).zip.exe
  • %WINDIR%\assembly\temp\viaz50 xakmpl hot (!) boobs gsva2xn (gina).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\w6csjja14n1 apv53deiq9fw cock sgoibhh .avi.exe
  • %WINDIR%\assembly\tmp\horse uncut .mpg.exe
  • %WINDIR%\assembly\temp\0287zh lpcu5ai3 [free] ash lzxyhb7k (jade,dehod0).mpeg.exe
  • %WINDIR%\assembly\tmp\ikdyfwhy sperm horse big .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e 8ok6yf [free] ash .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe nom72kl apv53deiq9fw qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\xxx bq4kno 8pfmdyy .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\viaz50 8ok6yf l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\pla\templates\tsomq34 ihthd33 eigt45 .mpg.exe
  • %WINDIR%\pla\templates\porn cum girls legs sgoibhh .zip.exe
  • %WINDIR%\security\templates\viaz50 horse apv53deiq9fw .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy horse uncut eigt45 .zip.exe
  • %WINDIR%\security\templates\w6csjja14n1 wep6b08 girls boobs gh5b6gd7wrv (rdl1tfkz,karin).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\w6csjja14n1 bd1l5ir sgu4m7oc 6tl9zg0uqa .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\mzwpstr8n 8ok6yf uncut .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 [bangbus] (jade,2hbt8wr).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx ddqayq mzwpstr8n girls cock (dehod0,c4w8hqa).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\ l9hwcs7vvnphd9 gh5b6gd7wrv .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\0287zh w6csjja14n1 uncut (sonja,sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xxx bd1l5ir sgu4m7oc (g6u8n4r).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\black [free] boots (cy4xpd).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black porn mnho9y54 [bangbus] shoes .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 gay epyxwn nrb42wq (jade,sandy).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\horse beast nom72kl balls .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\beast 7vepaqjm .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 vjq39c1gwy js80j73 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\lpcu5ai3 girls qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e nude uncut nrb42wq .avi.exe
  • %WINDIR%\syswow64\fxstmp\lpcu5ai3 ihthd33 .avi.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm xakmpl apv53deiq9fw .avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec mzwpstr8n epyxwn .avi.exe
  • %WINDIR%\syswow64\ime\shared\horse beast sgu4m7oc .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\wep6b08 tsomq34 [free] .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec h93bklf xxx [bangbus] (hyo87il).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 hot (!) qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy horse bq4kno cock .mpg.exe
  • %WINDIR%\syswow64\fxstmp\sperm ddqayq 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\ime\shared\viaz50 porn ihthd33 qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\syswow64\ime\shared\z1qxwcd bd1l5ir hot (!) ash 779mipj (c4w8hqa).mpeg.exe
  • %WINDIR%\temp\f1i7cm lpcu5ai3 [milf] young (g6u8n4r,karin).rar.exe
  • %WINDIR%\temp\beast l9hwcs7vvnphd9 50+ .zip.exe
  • %WINDIR%\winsxs\installtemp\0287zh horse bq4kno cock nmibe2 (y8oxsqa,haj1oyikd).mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play