Search
Keyword: htmlbagleq1
{9603BF4B-1038-409A-9C2C-FC3D584070B1} NoExplorer = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID {9603BF4B-1038-409A-9C2C-FC3D584070B1} = "1" It modifies the following registry entries:
{B6CD54AD-C5D1-4637-9393-399637495EDF} NoExplorer = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID {B6CD54AD-C5D1-4637-9393-399637495EDF} = "1" It modifies the following registry entries:
\SOFTWARE\Classes\ CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\MiscStatus\ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\Classes
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It executes
\ Internet Explorer\Styles Use My Stylesheet = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Styles User Stylesheet = "%Windows%\Web\oslogo.bmp" HKEY_CURRENT_USER\Software\Microsoft\ Internet
%System%\Config\USERXP.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Shared Tools\Msconfig\startupeg hkey = "HKCU" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Shared Tools\Msconfig\startupeg inimapping = "1
DisableOSUpgrade = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ OSUpgrade ReservationsAllowed = "0" HKEY_LOCAL_MACHINE\SOFTWARE\qanz ltpxeirzlt = "IzkWisc+BVA1rA==" HKEY_CURRENT_USER
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software
}" HKEY_CURRENT_USER\Software\Optimizer Pro culValue = "" HKEY_CURRENT_USER\Software\Optimizer Pro Language = "1" HKEY_CURRENT_USER\Software\Optimizer Pro InstallDate = "{hex value}" HKEY_CURRENT_USER
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
%User Profile%\Cookies\wilbert@www.msn[1].txt = "68adfd" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping
CVE-2010-3000 Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute
%User Profile%\Cookies\wilbert@www.msn[1].txt = "68adfd" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping
%User Profile%\Cookies\wilbert@www.msn[1].txt = "68adfd" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
Publisher = "EZDownloader" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ {0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
StartAutoScanPMUI = "1" HKEY_CURRENT_USER\Software\Solvusoft\ WinThruster StartAutoScanOnLaunch = "0" HKEY_CURRENT_USER\Software\Solvusoft\ WinThruster StartAutoTutorial = "1" HKEY_CURRENT_USER\Software\Solvusoft
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. Arrival Details