Search
Keyword: htmlbagleq1
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
data of the said registry entry is 1 .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Terminal Server fDenyTSConnections = "0" (Note: The default value data of the said registry entry is 1 .)
SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Wow6432Node\CLSID\{527595C7-F26B-21A6-DFBC-B4B4145467D0}
CVE-2005-2668 Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) Dropping Routine This Trojan drops the following files: %System Root%\z.tmp %System Root%\z1.tmp
\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) Dropping Routine This Trojan drops the following files: %System Root%\z.tmp %System Root%\z1.tmp
\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NoDriveTypeAutoRun
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ KMSpico_is1 NoRepair = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ KMSpico_is1 InstallDate = "20140623
\10.0\AdobeViewer It adds the following registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software
\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NoDriveTypeAutoRun
\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat
{AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\AVGeneral bLastExitNormal = "0" HKEY_CURRENT_USER
NT\CurrentVersion\Winlogon\ Notify\logondll DllName = "fly1057.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon\ Notify\logondll Asynchronous = "1" HKEY_LOCAL_MACHINE
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
{AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\AVGeneral bLastExitNormal = "0" HKEY_CURRENT_USER
{AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\AVGeneral bLastExitNormal = "0" HKEY_CURRENT_USER
\10.0\AdobeViewer It adds the following registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software
\10.0\AdobeViewer It adds the following registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software
CVE-2014-0195 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS