Search
Keyword: w2kmpassproe
%User Temp%\smtmp\1 %User Temp%\smtmp\2 %User Temp%\smtmp\3 %User Temp%\smtmp\4 (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
System Modifications This file infector modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "2" (Note: The default value data
\Policies\ Microsoft\Windows\System DisableCMD = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon SFCScan = "0" It modifies the following registry entries: HKEY_CURRENT_USER
\CurrentControlSet\ Services\{random characters} Start = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{random characters} ErrorControl = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{random
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This spyware may be dropped by other malware. As of this writing, the said sites are inaccessible. However, as of this writing, the said sites are inaccessible. It deletes itself after execution.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses Windows Task Scheduler to create a scheduled
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
333333 33333 3333 333 33 3 22222222 2222222 222222 22222 2222 222 22 2 11111111 1111111 111111 11111 1111 111 11 1 00000000 0000000 00000 0000 000 00 0987654321 987654321 87654321 7654321 654321 54321 4321
registry entries to disable the following system services: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\BITS Start = "4" (Note: The default value data of the said registry entry is 2 .)
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a