Search
Keyword: JS_PADODOR
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
\offers\offers\opera %User Temp%\ip\bin %Application Data%\InstallPack\logs %User Temp%\ip %User Temp%\ip\bin\Tools %User Temp%\ip\js %User Temp%\ip\offers\offers %User Temp%\ip\offers\offers\avast %User
Temp%\ip\offers\offers\yandex-stub %User Temp%\ip\js %User Temp%\ip\bin\Tools %User Temp%\ip %User Temp%\ip\offers %User Temp%\ip\img %User Temp%\ip\offers\offers\opera %User Temp%\ip\bin (Note:
\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\api %AppDataLocal%\Google\Chrome\User Data\Default\Extensions
%Application Data%\InstallPack\logs %User Temp%\ip\img %User Temp%\ip\css %User Temp%\ip\offers %User Temp%\ip\data %User Temp%\ip\offers\offers\yandex-dirty %User Temp%\ip\js %User Temp%\ip\offers\offers\split
This malware is part of the fileless botnet Novter that is delivered via the KovCoreG malvertising campaign. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded
%User Temp%\ip\offers\offers %User Temp%\ip\img %User Temp%\ip\offers\offers\split %User Temp%\ip\js %User Temp%\ip\offers\offers\yandex-sovetnik %User Temp%\ip %User Temp%\ip\css (Note: %User Temp% is
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\aaaaggphaebghfengepdepbkegaggggh\51.1_0\config\skin\widgets\SPE-options\js\options.js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png %Program Files%\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js %System Root%\Program Files\Windows Sidebar\Gadgets
\js\library.js %System Root%\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv %System Root%\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
\box_new\layer-v2.1\layer\skin %Program Files%\YouWoBox\Cache\js %Application Data%\YouWoBox %Application Data%\Microsoft\Internet Explorer\Quick Launch\User Pinned %Program Files%\YouWoBox\standby F:
\YouWoBox\skins\yxphonegame %Application Data%\YouWoBox\advertisement %Program Files%\YouWoBox\Cache\box_new\js %Program Files%\YouWoBox\Cache\box_new\layer-v2.1\layer\skin\default %User Profile%\AppData F:
This Trojan executes when a user accesses certain websites where it is hosted. This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain malicious
%Program Files%\leyoubox\Cache\box_new\item_wl.html %Program Files%\leyoubox\Cache\box_new\item_wy.html %Program Files%\leyoubox\Cache\box_new\js\box2.js %Program Files%\leyoubox\Cache\box_new\js
\Rar.exe" a -y -ep -inul -k -m0 -hp"{%.FS\sgs5@B{S8pd8@vfuS,)ax-=Tog" "%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.1.0_0\data\js\44 \xd0\xa4\xd0\xb0\xd0
\User Data\Default\Extensions\{Extension ID}\13.917.16.52171_0\js\ajax.js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\{Extension ID}\13.917.16.52171_0\js\babAPI.js %AppDataLocal%\Google