Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
CVE-2010-0818 This security update addresses vulnerability in MPEG-4 codec that when exploited could give an attacker user rights as the user. In addition, this could also lead to remote code
CVE-2010-0820 This security update addresses a vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). It could
Service Pack 2,Windows Server 2008 for x64-based Systems,Windows Server 2008 for x64-based Systems Service Pack 2 For information on patches specific to the affected software, please proceed to the
Vista x64 Edition Service Pack 1,Windows Vista x64 Edition Service Pack 2 For information on patches specific to the affected software, please proceed to Microsoft Web page .
CVE-2010-1888,CVE-2010-1889,CVE-2010-1890 This security update addresses several privately reported vulnerabilities in Microsoft Windows . The most serious of these may allow elevation of privilege
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
CVE-2011-0032,CVE-2011-0042 This update resolves a vulnerability in DirectShow and a vulnerability in Windows Media Player and Windows Media Center. If a user opens a specially crafted Microsoft
EnergyDataService ErpEnvSvc eSightService Flash Helper Service FlexNet Licensing Service 64 FontCache3.0.0.0 FTA ftnlses3 ftnlsv3 ftusbrdsrv ftusbrdwks FxService Gailun_Downloader GPSDaemon GPSDataProcSvr GPSDownSvr
is 7 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping Routine This worm drops
the said registry entry is 7 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
\Software\Microsoft\ Windows\CurrentVersion\Applets\ Wordpad\Word6 LayoutAux2 = "{random values}" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Applets\ Wordpad\Word6 Wrap = "2
Windows 2000 and XP, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup on Windows Vista, 7, and 8.) It drops the following files: %Common Startup%\1 %User Startup%\2 (Note: %Common