Для корректной работы нашего сайта необходимо включить поддержку JavaScript в вашем браузере.
Win32.HLLW.Autoruner1.51943
Добавлен в вирусную базу Dr.Web:
2013-07-22
Описание добавлено:
2013-07-22
Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvc.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPlus.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'UpdateGenuis' = '%PROGRAM_FILES%\BreezeMedia\BreezePlayer\UpdateGenuis.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'BreezePlayer' = '%PROGRAM_FILES%\BreezeMedia\BreezePlayer\BreezePlayer.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'FirstSetting' = '%PROGRAM_FILES%\BreezeMedia\BreezePlayer\FirstSetting.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvcUI.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'MIUI32' = '<SYSTEM32>\MIUI32.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmond.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmon.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBMon.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvMonXP.kxp] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVXP.kxp] 'Debugger' = 'noexist.exist'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe] 'Debugger' = 'noexist.exist'
Создает следующие файлы на съемном носителе:
<Имя диска съемного носителя>:\USBoot.exe
<Имя диска съемного носителя>:\Autorun.inf
Вредоносные функции:
Запускает на исполнение:
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPlus.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvc.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvcUI.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBMon.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmon.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmond.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvMonXP.kxp" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVXP.kxp" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
'<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe" /v "Debugger" /t REG_SZ /d "noexist.exist" /f
Изменения в файловой системе:
Создает следующие файлы:
<SYSTEM32>\Logonsvc.inf
C:\Autorun.inf
C:\USBoot.exe
%PROGRAM_FILES%\BreezeMedia\BreezePlayer\BreezePlayer.exe
<SYSTEM32>\MIUI32.exe
%PROGRAM_FILES%\BreezeMedia\BreezePlayer\FirstSetting.exe
%PROGRAM_FILES%\BreezeMedia\BreezePlayer\UpdateGenuis.exe
Присваивает атрибут 'скрытый' для следующих файлов:
<SYSTEM32>\Logonsvc.inf
<SYSTEM32>\MIUI32.exe
Поздравляем!
Обменяйте их на скидку до 50% на покупку Dr.Web.
Получить скидку
Скачайте Dr.Web для Android
Бесплатно на 3 месяца
Все компоненты защиты
Продление демо через AppGallery/Google Pay
Если Вы продолжите использование данного сайта, это означает, что Вы даете согласие на использование нами Cookie-файлов и иных технологий по сбору статистических сведений о посетителях. Подробнее
OK