Search
Keyword: default5.asp
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon Userinit = "%System%\userinit.exe, %System%\sdra64.exe," (Note: The default value data of the said
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\helpsvc ImagePath = "%System%\inertno.exe" (Note: The default value data of the said registry entry is {random values} .) Dropping Routine This Trojan drops the
the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters NameServer = {BLOCKED}.{BLOCKED}.164.128,93.188.160.208 (Note: The default value data of the said
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\ Zones\1 1406 = "0" (Note: The default value data of the said
files: %Program Files%\Gamevance\arsplg.dll %Desktop%\ArcadeRockstar.lnk %Application Data%\IconCache.db (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.. %Desktop% is
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Eventlog\Application Sources = "{random characters}" (Note: The default value data of the said registry entry is {random values} .) It
\ControlSet001\ Services\Eventlog\Application Sources = "{random characters}" (Note: The default value data of the said registry entry is {random values} .) It deletes the following registry keys:
when visiting malicious sites. It uses the default Windows folder icon to trick users into opening the file. Double-clicking the file executes this malware. It drops copies of itself in removable drives.
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It attempts to steal sensitive online banking information, such as user
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Infection Points This spyware arrives as a file
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
\Desktop on Windows Vista, 7, and 8.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), 7 (32-bit), and 8 (32-bit),
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
\Parameters NameServer = "{BLOCKED}.162.160,{BLOCKED}.166.191 " (Note: The default value data of the said registry entry is {user defined} .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip
{4EFE2452-168A-11D1-BC76-00C04FB9453B} HKEY_CURRENT_USER\Software\Microsoft\ ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\ Default MidiOut Device HKEY_CURRENT_USER\Software\Microsoft\ ActiveMovie\devenum\
\Microsoft.NET.3.6\go.bat" %Fonts%\Microsoft.NET.3.6\go.bat %System%\PING.EXE ping 127.0.0.1 -n 1 %System%\cmd.exe /S /D /c" ver" findstr "5\.2\.[0-9][0-9]*" findstr "6\.[0-9]\.[0-9][0-9]*" %Fonts%\Microsoft.NET
Files%\Internet Explorer\binding.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) It creates the following folders: %Program Files%\yzm %System%\GroupPolicy