ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLW.Autoruner1.10999

Добавлен в вирусную базу Dr.Web: 2012-01-17

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
Создает следующие сервисы:
  • [<HKLM>\SYSTEM\ControlSet001\Services\.redbook] 'ImagePath' = '\?'
Вредоносные функции:
Внедряет код в
следующие системные процессы:
  • <SYSTEM32>\winlogon.exe
  • %WINDIR%\Explorer.EXE
Изменения в файловой системе:
Создает следующие файлы:
  • %WINDIR%\$NtUninstallKB27979$\4121336045\@
  • %WINDIR%\$NtUninstallKB27979$\4121336045\cfg.ini
  • %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
  • %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
Сетевая активность:
Подключается к:
  • '94.##9.213.92':34354
  • '17#.#74.163.92':34354
  • '76.##0.218.126':34354
  • '75.##5.105.94':34354
  • '71.##3.152.90':34354
  • '2.###.150.30':34354
  • '19#.#61.129.240':34354
  • '89.##8.229.210':34354
  • '17#.#22.176.32':34354
  • '18#.#7.79.230':34354
  • '19#.#09.161.19':34354
  • '14#.#05.57.248':34354
  • '17#.#4.40.187':34354
  • '68.##7.235.7':34354
  • '98.##.206.100':34354
  • '17#.#5.136.126':34354
  • '97.##.43.141':34354
  • '24.##8.44.214':34354
  • '17#.#48.219.24':34354
  • '15#.#8.204.87':34354
  • '19#.#52.57.194':34354
  • '10#.#25.69.158':34354
  • '76.##.206.191':34354
  • '15#.#81.155.74':34354
  • '97.#2.76.87':34354
  • '94.##1.171.134':34354
  • '82.##1.50.28':34354
  • '76.##.16.166':34354
  • '64.##6.111.25':34354
  • '68.#.175.47':34354
  • '2.###.215.27':34354
  • '71.##8.39.136':34354
  • '17#.#62.36.34':34354
  • '16#.#90.65.106':34354
  • '17#.#1.196.209':34354
  • '67.##3.145.253':34354
  • '74.##4.240.243':34354
  • '72.##9.68.36':34354
  • '20#.#2.169.106':34354
  • '75.##8.244.108':34354
  • '10#.#.99.166':34354
  • '21#.#35.93.88':34354
  • '74.##.191.212':34354
  • '70.##7.77.206':34354
  • '71.##5.137.11':34354
  • '69.##6.174.182':34354
  • '46.#11.8.40':34354
  • '21#.#3.107.92':34354
  • '24.##.58.119':34354
  • '97.##0.141.35':34354
  • '87.##.26.178':34354
  • '21#.#54.79.178':34354
  • '12#.#9.76.120':34354
  • '24.##.24.180':34354
  • '85.##.191.231':34354
  • '24.##5.55.179':34354
  • '24.##.152.118':34354
  • '18#.#42.55.118':34354
  • '72.##6.34.19':34354
  • '11#.#98.229.116':34354
  • '74.##.89.171':34354
  • '17#.3.66.17':34354
  • '18#.#24.87.118':34354
  • '70.##8.44.118':34354
  • '17#.#25.11.197':34354
  • '67.##1.114.219':34354
  • '66.##9.25.223':34354
  • '68.##.199.137':34354
  • '11#.#54.182.153':34354
  • '81.##3.6.207':34354
  • '18#.#63.86.144':34354
  • '75.##6.199.145':34354
  • '98.##7.159.28':34354
  • '72.##.171.129':34354
  • '18#.#55.67.129':34354
  • '74.##.190.249':34354
  • '72.##9.98.135':34354
  • '82.##9.175.110':34354
  • '74.##.21.224':34354
  • '78.##.182.27':34354
  • '74.##4.150.187':34354
  • '90.##1.17.189':34354
  • '62.##.50.184':34354
  • '46.##2.36.10':34354
  • '11#.#36.9.197':34354
  • '76.##.200.52':34354
  • '76.##3.54.206':34354
  • '98.##4.111.195':34354
  • '99.##.83.176':34354
  • '24.##2.121.181':34354
  • '91.##.18.170':34354
  • '20#.#3.4.171':34354
  • '15#.#0.118.206':34354
  • '2.###.153.22':34354
  • '24.##3.34.12':34354
  • '15#.#9.229.206':34354
  • '70.##8.48.111':34354
  • '98.##9.138.148':34354
  • '76.##.13.253':34354
  • '66.##1.179.147':34354
  • '89.##.177.59':34354
  • '67.##1.106.22':34354
  • '18#.#9.166.205':34354
  • '76.##0.152.52':34354
  • '24.##.178.245':34354
  • '89.##0.135.62':34354
  • '24.##.240.245':34354
  • '72.##4.147.68':34354
  • '10#.#0.35.218':34354
  • '67.##0.49.57':34354
  • '68.#0.97.62':34354
  • '24.#.133.252':34354
  • '13#.#12.174.238':34354
  • '98.##.100.108':34354
  • '69.##.123.90':34354
  • '86.##1.136.39':34354
  • '97.##0.94.230':34354
  • '24.##.167.123':34354
  • '76.##3.235.108':34354
  • '75.##1.226.120':34354
  • '92.##.214.75':34354
  • '75.##.201.48':34354
  • '10#.#01.172.65':34354
  • '93.#5.33.70':34354
  • '69.##1.161.85':34354
  • '95.##.100.87':34354
  • '75.##2.25.76':34354
  • '76.##9.58.84':34354
  • '24.#.213.6':34354
  • '18#.#9.147.252':34354
  • '86.##4.243.119':34354
  • '17#.#03.75.50':34354
  • '74.##2.90.218':34354
  • '98.##.191.95':34354
  • '17#.#8.143.92':34354
  • '70.##3.179.168':34354
  • '17#.2.53.97':34354
  • '50.##6.110.54':34354
  • '17#.#90.100.123':34354
  • '14.##5.115.169':34354
  • '92.##2.0.180':34354
  • '68.##.36.125':34354
  • '24.##5.21.164':34354
  • '71.##6.23.134':34354
  • '72.##6.132.133':34354
  • '67.##6.104.197':34354
  • '17#.#23.16.3':34354
  • '72.##2.194.202':34354
  • '24.##0.160.58':34354
  • '71.##.109.52':34354
  • '21#.#31.21.206':34354
  • '10#.#0.249.4':34354
  • '69.##9.162.196':34354
  • '97.##0.169.194':34354
  • '58.##5.132.144':34354
  • '75.#85.0.13':34354
  • '97.##.49.190':34354
  • '96.##.155.56':34354
  • '98.##4.49.203':34354
  • '89.##.171.227':34354
  • '18#.#75.54.119':34354
  • '24.##.218.214':34354
  • '98.##3.141.146':34354
  • '75.##.38.184':34354
  • '67.##1.198.35':34354
  • '76.##0.173.221':34354
  • '70.##0.73.135':34354
  • '64.##.195.204':34354
  • '72.##4.56.20':34354
  • '94.##5.28.235':34354
  • '84.##7.3.166':34354
  • 'pr####.fling.com':80
  • '98.##5.66.141':34354
  • '74.#3.67.2':34354
  • '98.##8.148.218':34354
  • '78.#6.8.242':34354
  • '76.##.121.188':34354
  • '24.##.92.120':34354
  • '15#.#6.81.144':34354
  • '70.##4.77.26':34354
  • '98.##7.232.216':34354
  • '78.##0.198.181':34354
  • '95.#1.9.36':34354
  • '2.##.73.24':34354
  • '68.##8.160.167':34354
  • '74.##.100.220':34354
  • '88.##8.34.148':34354
  • '20#.#92.219.28':34354
  • '18#.#6.90.164':34354
  • '17#.#6.117.50':34354
  • '2.###.216.134':34354
  • '70.##0.92.46':34354
  • '69.##3.101.245':34354
  • '82.##.206.149':34354
  • '18#.#3.12.148':34354
  • '68.##.39.217':34354
  • '74.##8.194.255':34354
  • '19#.#8.85.200':34354
  • '17#.#30.12.156':34354
  • '91.##5.15.56':34354
  • '75.##2.142.203':34354
  • '83.##.215.142':34354
  • '69.##2.77.144':34354
  • '24.##6.139.214':34354
  • '96.##.222.118':34354
  • '68.##4.234.20':34354
  • '72.##3.169.147':34354
  • '89.##5.217.157':34354
  • '76.##8.98.219':34354
  • '76.##.212.84':34354
  • '69.##5.172.136':34354
  • '24.##0.153.78':34354
  • '71.##.175.145':34354
  • '10#.#.191.26':34354
  • '24.##.217.86':34354
  • '86.##3.73.246':34354
  • '19#.#5.123.252':34354
  • '24.##6.137.61':34354
  • '79.##8.38.70':34354
  • '24.##2.187.156':34354
  • '68.#1.131.5':34354
  • '11#.#93.144.219':34354
  • '15#.#24.149.190':34354
  • '71.##3.186.159':34354
  • '71.##0.130.191':34354
  • '76.##2.22.236':34354
  • '41.##1.236.192':34354
  • '75.##.90.188':34354
  • '24.##0.217.95':34354
  • '72.##0.137.102':34354
  • '76.#.240.11':34354
  • '94.##9.237.10':34354
  • '17#.#2.202.99':34354
  • '98.##1.237.48':34354
  • '97.##.128.48':34354
  • '68.#3.48.74':34354
  • '93.##4.252.74':34354
  • '17#.97.0.87':34354
  • '17#.#0.87.41':34354
  • '66.##8.59.190':34354
  • '17#.2.164.5':34354
  • '17#.#99.100.31':34354
  • '18#.#26.148.128':34354
  • '92.##.250.233':34354
  • '19#.#12.115.231':34354
  • '11#.#93.98.53':34354
  • '68.##8.223.141':34354
  • '75.##3.145.132':34354
  • '10#.#35.86.229':34354
  • '24.##5.243.206':34354
  • '24.##0.123.249':34354
  • '19#.#2.85.104':34354
  • '17#.#5.120.106':34354
  • '67.##.120.15':34354
  • '65.##5.177.117':34354
  • '68.##.82.114':34354
  • '75.##.206.116':34354
TCP:
Запросы HTTP GET:
  • pr####.fling.com/geo/txt/city.php
UDP:
  • DNS ASK pr####.fling.com
  • 'localhost':752
  • '8.#.8.8':1036