JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner2.24581
Added to the Dr.Web virus database:
2016-06-29
Virus description added:
2016-06-28
Technical Information
Malicious functions:
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
Windows Update
Windows Security Center
blocks the following features:
System Restore (SR)
User Account Control (UAC)
Executes the following:
'<SYSTEM32>\sc.exe' delete wscsvc
'<SYSTEM32>\sc.exe' delete wuauserv
'<SYSTEM32>\sc.exe' delete MsMpSvc
'<SYSTEM32>\msiexec.exe' /X /passive /quiet /norestart
'<SYSTEM32>\sc.exe' delete WinDefend
'<SYSTEM32>\msiexec.exe' /V
Searches for windows to
detect analytical utilities:
ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
ClassName: 'RegMonClass' WindowName: ''
ClassName: 'FileMonClass' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK