Search
Keyword: troj _ vundo
itself if the malware name and/or path has the following substrings: samp smpl vir malw test troj (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name
following substrings: samp smpl vir malw test troj (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows
= $_.GetFolder $siteFolder.Items() | foreach { $site = $_ if ($site.IsFolder) { $pageFolder = $site.GetFolder $pageFolder.Items() | foreach { $visit = New-Object -TypeName PSObject -Property @{ URL =
\MSHist012010122720110103\MSHist012010122720110103.scr %User Profile%\MSHist012011010720110108\MSHist012011010720110108.scr %User Temp%\Temp.scr %User Temp%\_$Df\_$Df.scr %Temporary Internet Files%\Temporary Internet
\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFilesHash = "_\x87Zr=q\xa0B\xb1\xff\x1c{\xdd\xc9\xf3ui\x1b\xd8W\xa7\xfdwp}f
following substrings: samp smpl vir malw test troj Can do any of the following depending on the installation date of "%System%\win32k.sys": Create svchost process with this argument "-1 EVT{Volume ID}" Inject
Can Log off Current User Deletes the files inside %User Temp% folder Terminates itself if the malware name and/or path has the following substrings: samp smpl vir malw test troj Can do any of the
\Explorer ShowDriveLettersFirst = "4" HKEY_LOCAL_MACHINE\SOFTWARE\Classes sysfile = "NITA_WORM" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Window Title = " (^_^)NITA_WORM == Infected Your PC
following substrings: samp smpl vir malw test troj (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows
BitLocker VeraCrypt TrueCrypt Terminates itself if the malware name and/or path has the following substrings: samp smpl vir malw test troj Makes use of certain vulnerabilities depending on the installation
of the said registry entry is "0" .) Propagation This Worm drops the following copy(ies) of itself in all removable drives: {Removable Drive}:\_\DeviceManager.exe Other Details This Worm connects to
folders: {removable or network drive}:\_ %Windows%\T-406280757284502620 (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.) It drops the
\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFilesHash = "s\xf4\xdbc\x115\x16d\x87\x027\xab\xa4y\xe0\xa2u:w*_\xf9\xfc'V\x14
$shell.NameSpace(34) $folder = $hist.Self $hist.Items() | foreach { if ($_.IsFolder) { $siteFolder = $_.GetFolder $siteFolder.Items() | foreach { $site = $_ if ($site.IsFolder) { $pageFolder = $site.GetFolder
\ Windows NT\CurrentVersion\Winlogon LegalNoticeCaption = "Welcome Friend" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon LegalNoticeText = "Please enjoy the Babon Entertainment ^_
FILES.txt %User Profile%\MSHist012010122920101230\HOW TO DECRYPT FILES.txt %User Profile%\MSHist012011010220110103\HOW TO DECRYPT FILES.txt %User Temp%\HOW TO DECRYPT FILES.txt %User Temp%\_$Df\HOW TO DECRYPT
the Babon Entertainment ^_^" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Start Page = "http://www.{BLOCKED}m.com" (Note: The default value data of the said registry entry is
)__CHAR(0x14)__CHAR(0x15)__CHAR(0x16)__CHAR(0x17)__CHAR(0x18)__CHAR(0x19)__CHAR(0x1A)__CHAR(0x1B)__CHAR(0x1C)__CHAR(0x1D)__CHAR(0x1E)__CHAR(0x1F)_ !#$%&'()*+,-\0123456789:;=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
\dd_vcredistUI5DA7.txt %User Temp%\dd_vcredistUI6BB9.txt %User Temp%\Perflib_Perfdata_42c.dat %User Temp%\Perflib_Perfdata_740.dat %User Temp%\_$Df %Windows%\help\access.chm %Windows%\help\access.hlp %Windows%\help
\xb0o\xaa\x7fC-s*\xbdH\xc9N\xa6\xd3\_\xabN\x8f$\xb9\xb6\xe6\x07=\x80\xc0a\xb4\x01\xed}\x04\x08\x9d\x01\xb2\xc3\xbd\x8e\xd1\xad\x07(\xb1\x93\x1aa\x10\xf3\x11\x18\xac#\x99\xf6D6\xc5\xf7(\xf9\xac\xee\x1d