Search
Keyword: JS_XORBAT.B
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\icons %User Temp%\~zm_{D34034DD-CB99-4890-AA88-98D890B1D5D8}\js %User Temp%\~zm_{D34034DD-CB99-4890-AA88-98D890B1D5D8}\js\bramus %User Temp%\~zm_{D34034DD-CB99-4890-AA88-98D890B1D5D8}\js\prototype (Note:
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. It connects to
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This File infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and
%Desktop%\PDFCreator.lnk %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\GetPrinterDevices.js %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\MergedFiles2Tif.js %Program Files%\PDFCreator
It arrives as a file downloaded from the following URL: http://IWfybFyWi.com/pl/wggw.exe It accesses the following site to download its configuration file: http://iwfybfywi.com/pl/eqtewttetwq.img
{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A} FLast = "%Desktop%.htt" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A} FNum = "b" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A
\eu\shell\ runas HKEY_CURRENT_USER\eu\shell\ runas\command HKEY_CURRENT_USER\JS HKEY_CURRENT_USER\JS\DefaultIcon HKEY_CURRENT_USER\JS\shell HKEY_CURRENT_USER\JS\shell\ open HKEY_CURRENT_USER\JS\shell
HKEY_CLASSES_ROOT\b HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ b\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ b\CurVer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} HKEY_LOCAL_MACHINE
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
} FNum = "b" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A} FNum = "c" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A} FLast = "
Temp%\DLG\ui %User Temp%\DLG\dlgres %User Temp%\DLG\ui\common\base\css %User Temp%\DLG\ui\common\progress\js %User Temp%\DLG\ui\offers\4bee1563f288b8178b768f312db4c273 %System Root%\Users %User Temp%\DLG
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
Application creates the following folders: %User Temp%\DLG\ui\common\base\js %User Temp%\DLG\ui\offers\fd286b8d7f971e3468eba12c41b59383 %User Temp%\DLG\ui\common\progress\css %User Temp%\DLG\ui\common %User