JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Lime.3529
Added to the Dr.Web virus database:
2014-01-30
Virus description added:
2014-02-01
Technical Information
Malicious functions:
Searches for windows to
detect analytical utilities:
ClassName: 'OLLYDBG' WindowName: '(null)'
ClassName: 'FileMonClass' WindowName: '(null)'
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\login[1].html
Network activity:
Connects to:
'17##.qq.com':80
'12#.#25.114.144':80
'localhost':1036
TCP:
HTTP GET requests:
17##.qq.com//login.html
12#.#25.114.144/vwktmrutijbtvwq
UDP:
DNS ASK 17##.qq.com
DNS ASK hi.##idu.com
Miscellaneous:
Searches for the following windows:
ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
ClassName: 'Shell_TrayWnd' WindowName: '(null)'
ClassName: '18467-41' WindowName: '(null)'
ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK