Search
Keyword: PDF_FAREIT
This threat, dubbed as BitCrypt, is a ransomware that steals funds from various cryptocurrency wallets. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers information and reports it to its servers.
\CurrentControlSet\ services\VSS (Note: This is the Windows Volume Shadow Copy (VSS) Service) Other Details This Trojan encrypts files with the following extensions: doc xls rft pdf dbf jpg dwg cdr psd cd mdb png lcd
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
malicious sites. Installation This adware adds the following folders: %All Users Profile%\Start Menu\Programs\PDF Creator %Application Data%\Microsoft\Protect\S-1-5-21-1614895754-436374069-682003330-1003
compression (small file sizes)\Printing\ Formats HKEY_CURRENT_USER\Software\PDFCreator\ Profiles\High compression (small file sizes)\Printing\ Formats\PDF HKEY_CURRENT_USER\Software\PDFCreator\ Profiles\High
\Software\PDF Architect 6\ Options\General Send user statistics = "1” HKEY_CURRENT_USER\Software\pdfforge\ PDFCreator\Settings\ApplicationSettings Language = "en” HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ AppID\
\Images2PDF\Images2PDF.settings %Program Files%\PDFCreator\PayPal.ico %Program Files%\PDFCreator\pdfforge.ico %Program Files%\PDFCreator\DeleteMonitorDll.exe %ProgramData%\PDF Architect 3\Installation
\Licenses\GPL License.lnk %Common Programs%\PDFCreator\PDFCreator Help.lnk %Common Programs%\PDFCreator\PDFCreator on the Web.lnk %Common Programs%\PDFCreator\PDFCreator.lnk %Desktop%\PDF Architect 2.lnk
}7.com/ http://en.{BLOCKED}7.com "%Program Files%\ZXT2007 Software\Image To PDF\ImageToPDF.exe" %System%\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} %System%\DllHost.exe /Processid:
\nsDialogs.dll %Windows%\primopdf.ini %Program Files%\Nitro PDF\PrimoPDF\gsdll32.dll %Program Files%\Nitro PDF\PrimoPDF\PrimoRun.exe %Program Files%\Nitro PDF\PrimoPDF\PrimInstInfo.txt %Program Files%\Nitro PDF
This Trojan arrives as attachment to mass-mailed email messages. It deletes itself after execution. Arrival Details This Trojan arrives as attachment to mass-mailed email messages. Dropping Routine
Application adds the following folders: %User Temp%\ns{random}.tmp %Program Files%\Nitro PDF %Common Programs%\PrimoPDF (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and
users when visiting malicious sites. Installation This Potentially Unwanted Application adds the following folders: %User Temp%\ns{random}.tmp %Program Files%\Nitro PDF %Common Programs%\PrimoPDF (Note:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\pair4.js %Program Files%\Adobe\acrobat reader dc\Reader\click on 'change' to select default pdf handler.pdf %Program Files%\Adobe\acrobat reader dc\Reader\webresources\resource0\base_uris.js %Program Files%
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies Internet Explorer security settings. This
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ pdfforge Images2PDF\DefaultIcon HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ pdfforge Images2PDF\shell\open\ command HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\ Links HKEY_LOCAL_MACHINE