JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLW.Autoruner.13916
Added to the Dr.Web virus database:
2010-01-29
Virus description added:
2012-11-21
Technical Information
Malicious functions:
Creates and executes the following:
%CommonProgramFiles%\Microsoft Shared\MSInfo\SVCHOST.exe
%CommonProgramFiles%\Microsoft Shared\QQ.exe
Executes the following:
<SYSTEM32>\tskill.exe KVSrvXP
<SYSTEM32>\tskill.exe KRegEx
<SYSTEM32>\tskill.exe UIHost
<SYSTEM32>\tskill.exe KVXP
<SYSTEM32>\tskill.exe KvMonXP
<SYSTEM32>\tskill.exe KVCenter
<SYSTEM32>\tskill.exe kav32
<SYSTEM32>\tskill.exe kavstart
<SYSTEM32>\tskill.exe katmain
<SYSTEM32>\tskill.exe TrojDie
<SYSTEM32>\tskill.exe FrogAgent
<SYSTEM32>\tskill.exe kav
<SYSTEM32>\tskill.exe UpdaterUI
<SYSTEM32>\tskill.exe TBMon
<SYSTEM32>\tskill.exe scan32
<SYSTEM32>\tskill.exe Mcshield
<SYSTEM32>\tskill.exe VsTskMgr
<SYSTEM32>\tskill.exe naPrdMgr
<SYSTEM32>\tskill.exe Rav
<SYSTEM32>\tskill.exe Ravmon
<SYSTEM32>\tskill.exe RavStub
<SYSTEM32>\tskill.exe Ravmond
<SYSTEM32>\tskill.exe CCenter
<SYSTEM32>\tskill.exe RavTask
Modifies file system :
Creates the following files:
%WINDIR%\system\star.scr
%CommonProgramFiles%\Microsoft Shared\MSInfo\SVCHOST.exe
%CommonProgramFiles%\Microsoft Shared\QQ.exe
Deletes the following files:
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK