Keyword: URL
43774 Total Search   |   Showing Results : 2301 - 2320
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = http://{BLOCKED}upforsafedd.com/pickit/ HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url2 =
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = http://{BLOCKED}pickupforu.com/gabbanauk/ HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url2 =
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = "http://{BLOCKED}nevinovat.com/pteradaptelfan/ " HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit
information-stealing capability. Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED
Intensity of GPU usage [-10..10], default 0 -l yes|no - set 'no' to disable Long-Polling, default 'yes' -o url - in form http://username:password@server.tld:port/path, stratum+tcp://server.tld:port, by
following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}rtal360.com/404.php?id=105 http://{BLOCKED
information: List of strings it will monitor usually related to banking URL to send stolen information Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http:
Firefox)/Chrome Service Pack (for Google Chrome) to certain web browsers: .crx (for Google Chrome) .xpi (for Mozilla Firefox) It connects to the following URL to update its stat counter: http://whos.
and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) NOTES: It only connects to the following URL every Tuesday between 8:00 AM and 6:59 PM: http://{BLOCKED}s.{BLOCKED
following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}rtal360.com/404.php?id=105 http://{BLOCKED
C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following
[OpenURL] - Opens a URL using a hidden browser [SYN] - Sends a SYN Flood [Stop] - Stops a spcific command [Get] - Sends GET floods [Post] Sends POST floods [Speedtest] - check connection speed
\ Services\Windows Adobe Flash Game 3.6 Enum = Backdoor Routine This backdoor opens the following ports: TCP 777 It executes the following commands from a remote malicious user: Open a specific URL with
Files\System\ado\adoc.exe"" (Note: The default value data of the said registry entry is "Explorer.exe" .) Download Routine This Trojan downloads the file from the following URL and renames the file when
command execXbox - visit a URL This malware automatically adds the following URLs to the phone's bookmarks. More URLs can be received and added by the malware when commanded. http://{BLOCKED}d.paojiao.cn
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{853FB6B1-8FFF-448D-83A4-516B8E59BF25} URL = "http://universo.{BLOCKED}x.com/campos?campo={searchTerms}" HKEY_CURRENT_USER\Software\Microsoft
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
following URL to continue the purchase: http://{BLOCKED}tion-privacy.com/buynow.php NOTES: It displays the following fake scanning window and bogus alerts on the affected system: It terminates all running
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details