Search
Keyword: ms07047 windows media player 936782
This malware has received attention from independent media sources and/or other security firms. This malware is a part of a package that generate BitCoins and performs DDOS attacks against targeted
RhinoSoft FTPVoyager Robo-FTP 3.7 SimonTatham PuTTY SmartFTP SoftX FTP Client Sota FFFTP South River Technologies WebDrive Staff-FTP TurboFTP UltraFXP VanDyke SecureFX Visicom Media WinFTP SFTP It gathers the
RhinoSoft FTPVoyager Robo-FTP 3.7 SimonTatham PuTTY SmartFTP SoftX FTP Client Sota FFFTP South River Technologies WebDrive Staff-FTP TurboFTP UltraFXP VanDyke SecureFX Visicom Media WinFTP SFTP It gathers the
following processes: %Windows%\Microsoft.NET\Framework\v{version number}\cvtres.exe (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.) It adds
}.bat - this will delete the executed file (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server
malware and itself after execution (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and
Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and
%AppDataLocal% is the Application Data folder found in Local Settings, where it is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, Windows Server 2003, and Windows
"explorer.exe %System%\drivers\lsass.exe" (Note: The default value data of the said registry entry is Explorer.exe .) Other System Modifications This Trojan deletes the following files: %Windows%\Media\Windows XP
itself - deleted afterwards (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and
following folders: %User Profile%\Macromedia\Flash Player (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\
following folders: %User Profile%\Macromedia\Flash Player (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\
Assemblies\Microsoft\Framework\v3.5\RedistList\FRAMEW~1.XML %Program Files%\Windows Media Player\custsat.dll %Program Files%\Windows Media Player\migrate.exe %Program Files%\Windows Media Player\mplayer2.exe
\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8
%Application Data%\temp.bin (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000, XP, and Server 2003,
early as 2009.� A malware variant said to have ZeuS-like info-stealing routines (see ZeuS ) has also been reported in the media as Sunspot , although TrendLabs has verified that it is another variant of
idea temperature investment area society activity story industry media thing oven community definition safety quality development language management player variety video week security country exam movie
Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040) 1001839* - Restrict
Publisher = "J.O Media Corp." HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ searchkey DisplayIcon = "%Program Files%\searchkey\searchkey.exe,0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft