Search
Keyword: os2first
2 .) It modifies the following registry entries to disable Security Center functions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" (Note: The default value data
services: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\Services\SharedAccess Start = "4" (Note: The default value data of the said registry entry is 2 .) It modifies the following registry entries to
{BLOCKED}:4443 Information Theft This spyware gathers the following data: Host Name Public IP Address OS Version User Name Computer Name OS platform Installed programs Other Details This spyware connects to
This adware may be manually installed by a user. Arrival Details This adware may be manually installed by a user. Installation This adware drops the following files: %AppDataLocal%\SmartWeb
\ Advanced Hidden = "2" (Note: The default value data of the said registry entry is {user-defined} .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0"
This adware may be manually installed by a user. However, as of this writing, the said sites are inaccessible. Arrival Details This adware may be manually installed by a user. Installation This
and 7.) As of this writing, the said sites are inaccessible. NOTES: For OS versions in 6.0 and above (Windows Vista and above): This malware will perform the malicious routines mentioned above if it is
This Trojan arrives as an attachment to email messages mass-mailed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
\CurrentControlSet\ Services\apagent Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\apagent Type = "20" Backdoor Routine This Backdoor executes the following commands from a remote malicious user:
by users when visiting malicious sites. Backdoor Routine This Backdoor executes the following commands from a remote malicious user: Get OS version, user name, host name, $PATH variable, home
entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows {random} = "{hex value}" Information Theft This spyware gathers the following data: OS information Account Information of certain application Path of
information to its command and control (C&C) server: Machine GUID Computer Name Account Name Public IP Address OS Version The information are posted to the server in the following format: GUID={GUID}&BUILD=
7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Information Theft This Trojan gathers the following data: Computer Name OS
gathers the following data: OS information Account Information of certain application Path of target process and its CRC Keystroke Clipboard Screenshots Running processes Network traffic Network user
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the dropped file(s). As a result, malicious
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the files it drops, prompting the affected
}3.17 http://185.3{BLOCKED}6.82 Information Theft This Backdoor gathers the following data: OS Version OS Architecture Computer System Domain Computer Name Username IP Address Checks if the current user
is "%System%\qmgr.dll" .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\BITS Start = "2" (Note: The default value data of the said registry entry is "3" .) HKEY_LOCAL_MACHINE\SYSTEM
7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Information Theft This Trojan gathers the following data: Computer Name OS