JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner1.26567
Added to the Dr.Web virus database:
2012-09-22
Virus description added:
2012-10-13
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'uљr171
171' = '"•sR171#171'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '’A
L170ѓ170' = ';s\j1709170'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—gЊ169Џ169' = ':5DЉ1693169'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%rj172‰172' = 'њTЃЄ172*172'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Qr„175/175' = 't 175#175'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l0.174*174' = ':w&`174¤174'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 't”1'173o173' = ')d
-173N173'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@%i.168168' = 'lV\E1682168'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' (q163 163' = 'MЉ9<163†163'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'J/ќ]162@162' = 'RIЏo162Љ162'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'n(Љ161(161' = 'GЉ'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VX”A164@164' = 'Fl8164<164'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l
Џ167167' = ']m{Ћ167167'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>›+‘166o166' = 'EЏ7166S166'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1Ќ(4165 165' = 'c‡)165Љ165'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '\"%176176' = 'C-176%176'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!f
h187ё187' = 'ћ_,“187d187'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '€\UK186G186' = '
‘@p186$186'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ђe±185m185' = '*«qЊ185•185'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '™k<X188·188' = '№‘=©188+188'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%‰¦191’191' = 'zЄЋ1913191'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '®—n¦190`190' = '`O'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '†®FC189189' = '|ѓ3q189Y189'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Pќ)*184\184' = '‹ћj184184'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¦•-$179179' = '?@l179‘179'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '†„=178›178' = '«ћЈ01788178'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'p2“177I177' = 'nN+Q177y177'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '[‘Ђ180h180' = 'a>b180“180'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X€+p183_183' = 'g”f183њ183'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ґl)ђ182®182' = 'vЂ182’182'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<ѓЇ1818181' = 'Ї8Џ181^181'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'h3160x160' = '€”160A160'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tWK139,139' = '…3{139139'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'A6I{138ѓ138' = ';!F138M138'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8%2y137N137' = 'v'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
WRX140\140' = '
p:1140k140'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a]l143q143' = '*d143U143'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '\2‡142Y142' = 'Z{142e142'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Z' = '[t5R141141'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '|3„136E136' = 'zb136D136'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Si<?1318131' = 'n]1319131'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Nqn
130q130' = 'sBk130/130'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'T5A129j129' = '=OD#129=129'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l }1329132' = '\
C132132'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2tli135'135' = '>Y"135 135'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'k‚‚134K134' = 'Ib+
134134'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'I='133133' = '4ѓ133z133'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '(~nR144d144' = '0qK144C144'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bѓ155‹155' = '
&]155v155'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '}i154C154' = 'n>e154@154'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1*„3153\153' = 'c*“153M153'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ipad156156' = 'Ђ=g156g156'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6"љ159n159' = '‹L‡K159;159'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>Џ158158' = '„^љQ1580158'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '157‚157' = 'Xf157X157'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—|g152Y152' = '•••152152'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '95L'147‰147' = 'Gug’147D147'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XFN146R146' = 'c{J1462146'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<HLN145S145' = '%7,J145145'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'n$]148m148' = 'DrE148
148'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e7tD151151' = '`da151p151'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЋUk150…150' = '<-~A150W150'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b:149>149' = 'UN2149149'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‹[U192ђ192' = 'XI«ё192n192'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Я+b=235й235' = '§}О 235¤235'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RЌt234 234' = '‘}Uј234Ы234'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'D?·233Н233' = 'S‹µ·233Є233'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
Ѕ 236Љ236' = '“±@236Й236'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '`Ељ‘239K239' = 'Q2s7239H239'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xQ†„238б238' = 'кёЧў238\238'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Щ8[!237и237' = 'TE-А237)237'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ўj\4232Ѕ232' = 'гIёј232232'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'W†227·227' = '|c¦ 227‰227'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ПЁ«¤226@226' = 'jSҐ226r226'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<M¬5225“225' = 'cЕ5A225v225'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'јNЈ228!228' = 'Hі228228'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '›њ231H231' = 'G)™231Ѕ231'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l!ЌГ230Њ230' = 'R
®Щ230Я230'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Й|N229•229' = 's'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'кAГ240“240' = 'A‚В‘240s240'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '•шј251<251' = 'Ў{Џ_251ѕ251'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ogћ250є250' = 'ИjFc250250'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Е©В249w249' = ')_F249С249'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4Т_Ђ252q252' = 'Ќ`Д252h252'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '/+ќЎ255
255' = 'юўЭY255Њ255'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Г{Цр254254' = 'xдє¶254a254'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'еb•'253I253' = 'оЦ‹ж253«253'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ґ“@248248' = '>°Vi248O248'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ѓ“єа243™243' = '»dЖ¶243v243'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'uЙG242242' = 'JГ‘242Й242'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a•А241X241' = '”ЉsБ241s241'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '244Ґ244' = 'ShЎ244й244'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'є…i^247К247' = 'Q…Ў247—247'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¬ѕc246М246' = 'Цµ)2467246'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'УфZ245245' = '·qЎ;245Ъ245'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'В#224П224' = 'l”ЖЗ224Н224'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>…•)203]203' = '#ЏR/203*203'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Аќ202202' = 'j^±2022202'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nЊЉ201201' = 'F’›<201^201'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@ЇS204u204' = '±јЈ204`204'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Љ_љ207ѓ207' = '_D207n207'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tA¶"206g206' = 'ґџЛ206±206'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—^\a205O205' = '?s
205P205'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 's!I200!200' = 'F©B2003200'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‚5:є195i195' = '%¤U195'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ѓ–¬c194Ј194' = 'bЄ70194h194'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Tw’193n193' = '5Ј„8193©193'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'k!(‘196i196' = 'a"*;196Y196'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'џPO1996199' = ' Py199#199'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЎTµm198y198' = ';E”V198C198'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '?T1’197H197' = 'ўF«m197Ћ197'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¶И~208}208' = 'ЉH.‰208Є208'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '™:њb219
219' = '§ҐuЩ219М219'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X218І218' = '
‘!®218 218'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Hj"R217_217' = 't)
‘217<217'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЉІНw220ќ220' = '›LDЗ220Ф220'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UЖЖ^223w223' = '7IЅ223џ223'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Тe1222‚222' = '_І_222222'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$Hh221…221' = 'UvQ*221221'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KV№z216°216' = '+ЈAВ2160216'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‚bџ·2110211' = 'v—]2111211'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЖЁїZ210d210' = 'ёmBђ210›210'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ќ'Q<209%209' = '0Жlѓ209"209'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{$ЎЏ212}212' = 'Ё.Sђ212`212'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '“I"¦215—215' = 'TЈ5215.215'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Е™214D214' = '—џљњ214¶214'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mLa213r213' = 'ПЋ.213Р213'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e{128&128' = 'Fc~128,128'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$43
43' = ''4343'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
4242' = '42 42'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' #4141' = ' 4141'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '#44&44' = '%4444'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ')4747' = '-4747'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!46,46' = ')4646'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '"45$45' = '
45
45'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''40!40' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
3535' = '3535'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '3434'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 3333' = ' 3333'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '"#' = '3636'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '$!!3939'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3838' = '$!3838'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '#$3737' = '3737'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''4848' = '')4848'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7859.59' = '259*59'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$.5858' = '(5858'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1
5757' = '7'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ':6060' = '#*
6060'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''363663' = '
=*,6363'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2$62462' = '#'66262'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6161' = '<!61661'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '75656' = ''0-56$56'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '& .5151' = ',%5151'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ',( 50'50'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$
49
49' = ',!49 49'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '52/52' = '#&35252'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3
5555' = '5555-55'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
45454' = '*154$54'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0
5353' = '5353'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3232' = '3232'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 1111' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '1010'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '99' = '99'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1212' = '
1212'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
15
15' = '
15 15'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
1414' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '13 13' = ' 1313'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '88'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%ALLUSERSPROFILE%\Favorites\ Internet Explorer\Web.scr' = '%ALLUSERSPROFILE%\Favorites\ Internet Explorer\Web.pif'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '3'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '77' = '77'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '6'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '55' = '55'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1616' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
' = '
2727'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2626' = '
'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2525' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '28 28' = '28'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
3131' = '3131'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3030' = '3030'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '29'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '24
24' = '2424'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1919' = '19
19'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1818' = '
1818'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 17' = ' 1717'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '20
20' = '
2020'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
2323' = '
2323'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '
2222'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2121' = ' '
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '964364' = '&6464'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PWNh107a107' = 'P/107107'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+M106/106' = 'E1065106'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OOP105Q105' = 'GFE105"105'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e
`108W108' = '`G108]108'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+$
111111' = 'O%G&111111'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%Mm>110(110' = ' f8k1104110'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XNR1098109' = 'Q,109109'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+K104[104' = '7X1041104'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '*_JP99)99' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@:498*98' = '2LE9898'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3W)97>97' = '7E97/97'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6R 100?100' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%Pa103%103' = '_&`1037103'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = 'N(RK102c102'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'V101^101' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Od112>112' = '$h"112F112'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'x\*123n123' = 'y-@123123'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!(R122122' = '3M122"122'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '29$1212121' = '7>ps121T121'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1S124j124' = '0u(124y124'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'byz127A127' = '"U\Z1277127'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+9
126Y126' = '=vLA126p126'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '64N125D125' = '3d125125'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ',o55120[120' = 'W)Eo120j120'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'm J115H115' = '<`115O115'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '19V114
114' = 'aCB\114c114'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pAU113,113' = '`&C113113'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ']D
116/116' = 'hWh1167116'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
119119' = 'O@OL119)119'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 118:118' = 'mO118o118'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a3?117117' = 'f3-117P117'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'L349696' = '@096696'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '22?75>75' = '<D75&75'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1*7474' = '?+>7474'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '&:-7373' = '="!73073'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8;"76
76' = 'C#
F76/76'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!7M!7979' = ':.079F79'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '",678 78' = '7K78>78'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '-"77577' = '
77077'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '772372' = '%4'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '?67167' = '<+>67467'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '/$#66"66' = '0;$'66766'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!#'6565' = '%1-
65<65'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ';68
68' = '@'C56868'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ';7171' = ')7171'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' E 70
70' = '"7070'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ')669 69' = '"2@6969'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0=280E80' = '80'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6.9191' = 'F>Q9191'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X9090' = 'XVH
90.90'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'C
N8989' = '16889T89'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '#S,&92I92' = '>P9292'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DA495@95' = '4"%95 95'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ' ?>94[94'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TK93X93' = '$OHW93 93'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '
W-88U88' = '#;)8888'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '=?9
8383' = 'L"8383'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '"
38282' = ' .ED82
82'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'G81F81' = '&81I81'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HF8484' = '+4-84/84'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1' = 'PO2887!87'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'L;
#86%86' = '%CL#86L86'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''B=8585' = '
KL8585'
Creates or modifies the following files:
%HOMEPATH%\Start Menu\Programs\Startup\SoundDivx.lnk
Creates the following files on removable media:
<Drive name for removable media>:\sex.exe
<Drive name for removable media>:\autorun
Malicious functions:
Executes the following:
<SYSTEM32>\cmd.exe /c %WINDIR%\temp\l.bat
<SYSTEM32>\cmd.exe /c %WINDIR%\temp\a.bat
<SYSTEM32>\cmd.exe /c %WINDIR%\temp\m.bat
<SYSTEM32>\cmd.exe /c %WINDIR%\temp\o.bat
Modifies file system :
Creates the following files:
%WINDIR%\Temp\l.bat
%WINDIR%\Temp\a.bat
%WINDIR%\Temp\o.bat
%WINDIR%\Temp\m.bat
C:\autorun
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK