JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner.61301
Added to the Dr.Web virus database:
2011-10-02
Virus description added:
2011-10-03
Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
<Drive name for removable media>:\Videos.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\Sounds.exe
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
hidden files
file extensions
Executes the following:
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V Hidden /t REG_DWORD /d 0 /f
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V HideFileExt /t REG_DWORD /d 1 /f
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V ShowSuperHidden /t REG_DWORD /D 0 /f
Modifies file system :
Creates the following files:
<SYSTEM32>\Fino.exe
<SYSTEM32>\chalie.exe
<SYSTEM32>\steb.exe
<SYSTEM32>\Click.exe
<SYSTEM32>\War.exe
<SYSTEM32>\Heaven.exe
<SYSTEM32>\Honda.exe
<SYSTEM32>\Revo.exe
C:\Sounds.exe
C:\autorun.inf
C:\Videos.exe
%WINDIR%\system\oeminfo.ini
<SYSTEM32>\Smash.exe
<SYSTEM32>\Viva.exe
%WINDIR%\system\drver.cab.sys
%WINDIR%\Kenel32.exe
%WINDIR%\freesex.exe
<SYSTEM32>.exe
%WINDIR%\Help\KGC.exe
%TEMP%\a24987.bat
<SYSTEM32>\vaillo.exe
%WINDIR%\Fonts\limons.ttf
%WINDIR%\taskes.exe
%WINDIR%\Media\soundsman.exe
<SYSTEM32>\God.exe
<SYSTEM32>\Of.exe
%WINDIR%\Web\GameKhmer.exe
%WINDIR%\suck.exe
%WINDIR%\system\driber.exe
%WINDIR%\Web\Wallpapers.exe
Sets the 'hidden' attribute to the following files:
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK