Search
Keyword: default5.asp
\Desktop Wallpaper = "%Desktop%\@WanaDecryptor@.bmp" (Note: The default value data of the said registry entry is {user settings} .) It sets the system's desktop wallpaper to the following image: Other
ais ait ak al allet alt amf amr amu amx amxx anekspakiet aneksskrypt ans aoi ap ape api apj apk apnx arc arch00 ari arj aro arr art arw as as3 asa asc ascx ase asf ashx asm asmx asp aspx asr asset asx
and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.. %Program Files% is the default Program Files folder, usually C:\Program Files.) It adds the following registry keys:
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon Userinit = "%System%\userinit.exe,%WindowS%\host32.exe," (Note: The default value is "%System%\userinit.exe," .) When the
\DOCUME~1 %System Root%\DOCUME~1\ADMINI~1 %User Profile%\LOCALS~1 %User Temp%\nsd2.tmp %User Temp%\nsl4.tmp %Program Files%\Common %User Temp%\nsdF.tmp %System%\starforce (Note: %Program Files% is the default
\Policies\ System EnableLUA = "1" (Note: The default value data of the said registry entry is "0" .) It deletes the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
and 8.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), 7 (32-bit), and 8 (32-bit), or C:\Program Files (x86)
entry is 0 .) HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Policies\ System ConsentPromptBehaviorAdmin = 0 (Note: The default value data of the said registry entry is 5 .)
ConsentPromptBehaviorAdmin = 0 (Note: The default value data of the said registry entry is 5 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the
\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" (Note: The default value data of the said registry entry is 0 .) It modifies registry entries to disable the following system
usually C:\Documents and Settings\{User Name}\Desktop on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\Desktop on Windows Vista and 7.. %Program Files% is the default Program Files folder,
Name}\Desktop on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\Desktop on Windows Vista and 7.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000,
2003, or C:\Users\{user name}\Desktop on Windows Vista and 7.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit),
%\050568E0\fi5 (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) Other System Modifications This backdoor deletes the following files: %User Temp%\vmcenca.exe.re
default value data of the said registry entry is 2 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced SuperHidden = "1" HKEY_CURRENT_USER\Software\Microsoft\ Windows
websites. Installation This worm drops and executes the following files: %Program Files%\Common Files\BOSC.dll - detected as SPYW_SPYMYPC (Note: %Program Files% is the default Program Files folder, usually C:
%Program Files%\Common Files\BOSC.dll - detected as SPYW_SPYMYPC (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) It drops the following non-malicious files: %All Users%
\Microsoft\ Windows\CurrentVersion\Run InsideTool = "%Program Files%\InsideTool\InsideTool.exe" HKEY_CLASSES_ROOT\CLSID\{0B3B9D03-5E08-4E48-BF77-FC88443F3DC2}\ InprocServer32 Default = "%Program Files%
HKEY_CLASSES_ROOT\scrfile (Default) = "File Folder" (Note: The default value data of the said registry entry is Screen Saver .) HKEY_CLASSES_ROOT\exefile (Default) = "File Folder" (Note: The default value data of the
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ TUX\biang 5 = "{random numbers}" HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ noGods\appActive service.exe = {data} HKEY_CURRENT_USER\Software\VB and VBA Program