Search
Keyword: default5.asp
\is-DFBSL.tmp %User Temp%\is-OU7M1.tmp %User Temp%\is-OU7M1.tmp\_isetup %User Profile%\Application Data\ASP %User Temp%\is-VJ2VR.tmp %User Temp%\is-7SPQH.tmp %User Temp%\is-7SPQH.tmp\_isetup (Note: %User Temp% is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\ CurrentVersion\Winlogon Userinit = "%System%\userinit.exe;%System%\sdra64.exe;" (Note: The default value data of the said registry entry is %System%\userinit.exe; .)
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This spyware may be unknowingly downloaded by a user while visiting malicious websites. When executed, it adds folders. It injects itself into certain processes as part of its memory residency
{random values}" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Eventlog\Application Sources = "{random characters}" (Note: The default value data of the said
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
\Microsoft\ Windows NT\CurrentVersion\Winlogon Userinit = %System%\userinit.exe, %System%\sdra64.exe, (Note: The default value data of the said registry entry is %System%\userinit.exe, .) Other System
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be unknowingly
1601 = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Disable Script Debugger = "yes" (Note: The default value data of
\AuthRoot\Certificates\ 4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C Blob = "{random values}" (Note: The default value data of the said registry entry is {random values} .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
It monitors specific URLs. If users access these monitored sites, they are redirected by this malware to specific malicious sites. This Trojan may be dropped by other malware. Arrival Details This
User Name} = {Hex Values} It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = 1 (Note: The default value data of the said registry
\SOFTWARE\Classes\ CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 ThreadingModel = "Apartment" (Note: The default value data of the said registry entry is Apartment .) HKEY_LOCAL_MACHINE\SOFTWARE
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul - detected as JS_DURSG.H (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) It