Search
Keyword: otorun2
40554 Total Search |
Showing Results : 1 - 20
\SYSTEM\CurrentControlSet\ Services\srv{random characters} Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\srv{random characters} ErrorControl = "1" HKEY_LOCAL_MACHINE\SYSTEM
This worm deletes registry entries, causing some applications and programs to not function properly. It drops copies of itself in all removable drives. It deletes itself after execution. Installation
This worm arrives via removable drives. It modifies certain registry entries to hide file extensions. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses
"4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wuauserv Start = "4" (Note: The default value data of the said registry entry
This Worm drops a file in the Windows Common Startup folder to enable its automatic execution at every system startup. It terminates certain processes if found running in the affected system's
This worm arrives by connecting affected removable drives to a system. It may be downloaded by other malware/grayware from remote sites. It is injected into all running processes to remain memory
to automatically execute the copies it drops when a user accesses the drives of an affected system. The said .INF file contains the following strings: [autorun] open=DRIVE\BIN\April2.exe ; ;½½¾¡´¿²
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops copies of itself
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops copies of itself in removable drives. These
This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following malware: WORM_PALEVO.SMGA NOTES: This is the Trend Micro detection for AUTORUN.INF files
\SYSTEM\CurrentControlSet\ Services\wscsvc Start = 4 (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wuauserv Start = 4 (Note: The
following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services Type = "20" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
CheckedValue = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\ SHOWALL DefaultValue = 2 It modifies the following registry entries to disable the Windows
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
Explorer.exe csrcs.exe (Note: The default value data of the said registry entry is Explorer.exe .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default
This worm drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. Installation This worm drops the following copies of itself
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware: WORM_AUTORUN OTORUN Since these files commonly arrive and
\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the said registry entry is 1 .) Propagation This worm drops the following copy(ies) of itself in all removable
\CurrentVersion\Explorer\ Advanced Hidden = "2" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0