ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLW.Autoruner1.25795

Добавлен в вирусную базу Dr.Web: 2012-09-16

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'uљr171 171' = '"•sR171#171'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '’A L170ѓ170' = ';s\j1709170'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—gЊ169Џ169' = ':5DЉ1693169'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%rj172‰172' = 'њTЃЄ172*172'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Q˜r„175/175' = 't 175#175'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l0.174*174' = ':w&`174¤174'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 't”1'173o173' = ')d -173N173'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@%i.168168' = 'lV\E1682168'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' (q163 163' = 'MЉ9<163†163'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'J/ќ]162@162' = 'RIЏo162Љ162'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'n(Љ161(161' = 'GЉ'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VX”A164@164' = 'Fl8164<164'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l Џ167167' = ']m{Ћ167167'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>›+‘166o166' = 'EЏ7166S166'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1Ќ(4165 165' = 'c‡)165Љ165'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '\"%176176' = 'C-176%176'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!f h187ё187' = 'ћ_,“187d187'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '€\UK186G186' = ' ‘@p186$186'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ђe±185m185' = '*«qЊ185•185'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '™k<X188·188' = '№‘=©188+188'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%‰˜¦191’191' = 'zЄЋ1913191'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '®—n¦190`190' = '`O'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '†®FC189189' = '|ѓ3q189Y189'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Pќ)*184\184' = '‹ћj 184184'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¦•-$179179' = '?­@l179‘179'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '†„=178›178' = '«ћЈ01788178'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'p2“177I177' = 'nN+Q177y177'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '[‘Ђ180h180' = 'a>b180“180'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X€+p183_183' = 'g”f183њ183'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ґl)ђ182®182' = 'vЂ182’182'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<ѓЇ1818181' = 'Ї8Џ181^181'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'h3160x160' = '€˜”160A160'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tWK139,139' = '…3{139139'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'A6I{138ѓ138' = ';!F138M138'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8%2y137N137' = 'v'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' WRX140\140' = ' p:1140k140'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a]l143q143' = '*d143U143'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '\2‡142Y142' = 'Z{142e142'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Z' = '[t5R141141'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '|3„136E136' = 'zb136D136'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Si<?1318131' = 'n]1319131'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Nqn 130q130' = ' sBk130/130'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'T5A129j129' = '=OD#129=129'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l }1329132' = '\ C132132'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2tli135'135' = '>Y "135 135'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'k‚ ‚134K134' = 'Ib+ 134 134'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'I='133133' = '4ѓ 133z133'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '(~nR144d144' = '0qK144C144'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bѓ155‹155' = ' &]155v155'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '}i154C154' = 'n>e154@154'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1*„3153\153' = 'c*“153M153'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ipad156156' = 'Ђ=g156g156'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6"љ159n159' = '‹L‡K159;159'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>Џ158158' = '„^љQ1580158'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '˜˜ 157‚157' = 'Xf157X157'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—|g152Y152' = '•••152152'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '95L'147‰147' = 'Gug’147D147'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XFN146R146' = 'c{J1462146'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<HLN145S145' = '%7,J145145'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'n$]148m148' = 'DrE148 148'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e7tD151151' = '`da151p151'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЋUk150…150' = '<-~A150W150'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b:149>149' = 'UN2149149'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‹[U192ђ192' = 'XI«ё192n192'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Я+b=235й235' = '§}О 235¤235'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RЌt234 234' = '‘}Uј234Ы234'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'D?·233Н233' = 'S‹µ·233Є233'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' Ѕ 236Љ236' = '“±@236Й236'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '`Ељ‘239K239' = 'Q2s7239H239'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xQ†„238б238' = 'кёЧў238\238'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Щ8[!237и237' = 'TE-А237)237'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ўj\4232Ѕ232' = 'гIёј232232'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'W†227·227' = '|c¦ 227‰227'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ПЁ«¤226@226' = 'jSҐ226r226'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<M¬5225“225' = 'cЕ5A225v225'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'јNЈ228!228' = 'H і228228'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '›њ231H231' = 'G)™231Ѕ231'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'l!ЌГ230Њ230' = 'R ®Щ230Я230'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Й|N229•229' = 's'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '˜кAГ240“240' = 'A‚В‘240s240'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '•шј251<251' = 'Ў{Џ_251ѕ251'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ogћ250є250' = 'ИjFc250 250'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Е©В249w249' = ')_F249С249'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4Т_Ђ252q252' = 'Ќ`Д252h252'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '/+ќЎ255 255' = 'юўЭY255Њ255'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Г{Цр254˜254' = 'xдє¶254a254'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'еb•'253I253' = 'оЦ‹ж253«253'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ґ “@248248' = '>°Vi248O248'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ѓ“єа243™243' = '»dЖ¶243v243'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'uЙG242242' = 'JГ‘242Й242'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a•А241X241' = '”ЉsБ241s241'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '244Ґ244' = 'ShЎ244й244'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'є…i^247К247' = 'Q…Ў247—247'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¬ѕc246М246' = 'Цµ)2467246'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'УфZ245245' = '·qЎ;245Ъ245'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'В#224П224' = 'l”ЖЗ224Н224'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '>…•)203]203' = '#ЏR/203*203'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Аќ202202' = 'j^±2022202'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nЊЉ201 201' = 'F’›<201^201'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@ЇS204u204' = '±јЈ204`204'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Љ_љ207ѓ207' = '_D207n207'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tA¶"206g206' = 'ґџЛ206±206'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '—^\a205O205' = '?s 205P205'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 's!I200!200' = 'F©B2003200'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‚5:є195i195' = '%¤U195'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ѓ–¬c194Ј194' = 'bЄ70194h194'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Tw’193n193' = '5Ј„8193©193'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'k!(‘196i196' = 'a"*;196Y196'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'џPO1996199' = ' Py199#199'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЎTµm198y198' = ';E”V198C198'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '?T1’197H197' = 'ўF«m197Ћ197'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '¶И~208}208' = 'ЉH.‰208Є208'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '™:њb219 219' = '§ҐuЩ219М219'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X 218І218' = ' ‘!®218 218'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Hj"R217_217' = 't) ‘217<217'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЉІНw220ќ220' = '›LDЗ220Ф220'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UЖЖ^223w223' = '7IЅ223џ223'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Тe1222‚222' = '_І_222222'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$Hh221…221' = 'UvQ*221221'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KV№z216°216' = '+ЈAВ2160216'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '‚bџ·2110211' = 'v—]2111211'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ЖЁїZ210d210' = 'ёmBђ210›210'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ќ'Q<209%209' = '0Жlѓ209"209'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{$ЎЏ212}212' = 'Ё.Sђ212`212'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '“I"¦215—215' = 'TЈ5215.215'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Е™214D214' = '—џљњ214¶214'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mLa213r213' = 'ПЋ.213Р213'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e{128&128' = 'Fc~128,128'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$43 43' = ''4343'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 4242' = ' 42 42'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' #4141' = ' 4141'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '# 44&44' = '% 4444'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ')4747' = '-4747'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!46,46' = ')4646'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '"45$45' = ' 45 45'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''40!40' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '  3535' = ' 3535'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '3434'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 3333' = ' 3333'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '"#' = ' 3636'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '$!!3939'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3838' = '$!3838'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '#$3737' = '3737'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''4848' = '')4848'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7859.59' = '259*59'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$.5858' = '(5858'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1 5757' = '7'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ':6060' = '#* 6060'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''363663' = ' =*,6363'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2$62462' = '#'66262'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6161' = ' <!61661'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '75656' = ''0-56$56'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '& .5151' = ',%5151'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ',( 50'50'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '$ 49 49' = ',!49 49'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '52/52' = '#&35252'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3 5555' = '55 55-55'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 45454' = '*154$54'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0 5353' = '53 53'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3232' = '3232'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 1111' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '1010'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '99' = '99'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1212' = ' 1212'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 15 15' = ' 15 15'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 1414' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 13 13' = '  1313'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '88'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%ALLUSERSPROFILE%\Favorites\ Internet Explorer\Web.scr' = '%ALLUSERSPROFILE%\Favorites\ Internet Explorer\Web.pif'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '3'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '77' = '77'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '6'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '55' = '55'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1616' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' ' = ' 2727'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2626' = ' '
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2525' = ' '
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '28 28' = '28'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 3131' = '3131'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3030' = ' 3030'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ' 29'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '24 24' = '2424'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1919' = '  19 19'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1818' = ' 1818'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '  17' = ' 1717'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '20 20' = ' 2020'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '  2323' = '  2323'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ' 2222'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2121' = ' '
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '964364' = '&6464'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PWNh107a107' = 'P/107107'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+M106/106' = 'E1065106'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OOP105Q105' = 'GFE105"105'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e `108W108' = '`G108]108'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+$ 111111' = 'O%G&111111'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%Mm>110(110' = ' f8k1104110'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XNR1098109' = 'Q,109109'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+K104[104' = '7X1041104'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '*_JP99)99' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '@:498*98' = ' 2LE9898'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3W)97>97' = '7E97/97'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6R 100?100' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%Pa103%103' = '_&`1037103'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = 'N(RK102c102'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'V101^101' = ''
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Od112>112' = '$h"112F112'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'x\*123n123' = 'y-@123123'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!(R122122' = '3M122"122'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '29$1212121' = '7>ps121T121'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1S124j124' = '0u(124y124'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'byz127A127' = '"U\Z1277127'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '+9 126Y126' = '=vLA126p126'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '64N125D125' = '3d 125 125'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ',o55120[120' = 'W)Eo120j120'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'm J115H115' = '<`115O115'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '19V114 114' = 'aCB\114c114'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pAU113,113' = '`&C113113'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ']D 116/116' = 'hWh1167116'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 119119' = 'O@OL119)119'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' 118:118' = 'mO118o118'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a3?117117' = 'f3-117P117'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'L349696' = '@096696'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '22?75>75' = '<D75&75'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1*7474' = '?+>7474'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '&:-7373' = '="!73073'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8;"76 76' = 'C# F76/76'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!7M!7979' = ':.079F79'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '",678 78' = '7K78>78'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '-"77577' = ' 77077'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '772372' = '%4'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '?67167' = '<+>67467'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '/$#66"66' = '0;$'66766'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '!#'6565' = '%1- 65<65'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ';68 68' = '@'C56868'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ';7171' = ')7171'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' E 70 70' = '"7070'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ')669 69' = '"2@69 69'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0=280E80' = '80'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6.9191' = 'F>Q9191'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'X9090' = 'XVH 90.90'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'C N8989' = '16889T89'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '#S,&92I92' = '>P92 92'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DA495@95' = '4"%95 95'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = ' ?>94[94'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TK93X93' = '$OHW93 93'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' W-88U88' = '#;)8888'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '=?9 8383' = 'L"8383'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '" 38282' = ' .ED82 82'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'G81F81' = ' &81I81'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HF8484' = '+4-84/84'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1' = 'PO2887!87'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'L; #86%86' = '%CL#86L86'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ''B=8585' = ' KL8585'
Создает или изменяет следующие файлы:
  • %HOMEPATH%\Start Menu\Programs\Startup\SoundDivx.lnk
Вредоносные функции:
Запускает на исполнение:
  • <SYSTEM32>\cmd.exe /c %WINDIR%\temp\a.bat
  • <SYSTEM32>\cmd.exe /c %WINDIR%\temp\j.bat
  • <SYSTEM32>\cmd.exe /c %WINDIR%\temp\l.bat
  • <SYSTEM32>\cmd.exe /c %WINDIR%\temp\m.bat
  • <SYSTEM32>\cmd.exe /c %WINDIR%\temp\o.bat
Изменения в файловой системе:
Создает следующие файлы:
  • %WINDIR%\Temp\j.bat
  • %WINDIR%\Temp\a.bat
  • %HOMEPATH%\Start Menu\Programs\My picture.lnk
  • C:\My picture.lnk
  • %WINDIR%\Temp\one.ocx
  • %WINDIR%\Temp\m.bat
  • %WINDIR%\Temp\l.bat
  • %WINDIR%\Temp\o.bat
Другое:
Ищет следующие окна:
  • ClassName: 'CMD' WindowName: ''
  • ClassName: 'setup' WindowName: ''
  • ClassName: 'msconfig' WindowName: ''
  • ClassName: 'Indicator' WindowName: ''
  • ClassName: 'ProcExp' WindowName: ''
  • ClassName: 'bdagent' WindowName: ''
  • ClassName: 'USBGuard' WindowName: ''
  • ClassName: 'regedit' WindowName: ''
  • ClassName: 'taskman' WindowName: ''
  • ClassName: 'taskmgr' WindowName: ''