Search
Keyword: os2first
following registry entries to hide files with Hidden attributes: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the said registry
This Trojan attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This Trojan may be downloaded from the
SOHANAD malware has been around since 2006. Its first variant used instant messaging applications to spread to other computers. Later versions incorporated network share propagation and spreading via
VUNDO is a family of Trojans, adware, and spyware first spotted in 2004. It usually arrives as a bundle of components, downloaded from malicious websites. VUNDO is multi-component, meaning it has
{BLOCKED}.146.12/box1/1.gif It attempts to steal information from the following banks and/or other financial institutions: Santader Wellsfargo First Citizens Bank Chase Stolen Information The stolen
attempts to steal information from the following banks and/or other financial institutions: Ally Bank Atlantic Bank & Trust Bank of America CASHplus Chase Columbia Bank Comerica Danversbank First Citizens
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be downloaded from
and/or other financial institutions: Santader Wellsfargo First Citizens Bank Chase Stolen Information The stolen information is saved in the following file: %Application Data%\jh87uhnoe3\ewfrvbb.nls
Installation This spyware drops the following copies of itself into the affected system and executes them: %System%\{string1 + string2}.exe where: {string1} = first four letters of a dll file under %System%
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
Start = "4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ services\WinDefend Start = "4" (Note: The default value data of the said registry
2 characters} = "{hex value}" Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}og.co.za/aa.php http://{BLOCKED
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan modifies the Internet Explorer Zone Settings. It connects to certain websites to send and receive information. Installation This Trojan drops the following component file(s): %Desktop%
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It saves downloaded files into the said created
169. It accepts the following parameters: -p {Directory} - Encrypts the specific directory first -size {chunk mode} -log {Log File Path}\{Log Filename} - Log output to {Log File Path}\{Log Filename}
containing list of folders to encrypt first before proceeding to the other folders} -m - {all|local|net|backups} all - combination of net and local local - delete backups and encrypt local drives net - delete
first before proceeding to the other folders} -m - {all|local|net|backups} all - combination of net and local local - delete backups and encrypt local drives net - delete backups and encrypt only network
first before proceeding to other folders -m -{local|net|backups} local - delete backups and encrypt local drives net - delete backups and encrypt network shares backups - delete backups Ransomware Routine