Search
Keyword: microsoft security bulletin ms03-007
able to receive critical updates. This opens the infected machine to more security threats. This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following
\CurrentControlSet\ Services\{malware name} DisplayName = "1" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{malware name}\Security Security = "{hex value}" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\ControlSet001\ Services\syshost32 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\syshost32\Security It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\syshost32 Type = "1
\CurrentControlSet\ Services\bfsvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\bfsvc\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\bfsvc\Security It adds the following registry entries as part
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\mkbqhhfl.exe %Start Menu%\Programs\Security Shield.lnk
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\suxur.exe %Start Menu%\Programs\Security Shield.lnk
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\eqbsojledl.exe %Start Menu%\Programs\Security
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\sfixpcuqu.exe %Start Menu%\Programs\Security
It adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\fotacok.exe %Start
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\qkpccvn.exe %Start Menu%\Programs\Security Shield.lnk
\Microsoft\ Active Setup\Installed Components\{CBFCF6A3-403D-98F9-223F-03EB127AFEE0} StubPath = %Windows%\EXPL0RER.exe Other System Modifications This backdoor adds the following registry keys:
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\cmjqkcgkun.exe %Start Menu%\Programs\Security
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\krzztjduk.exe %Start Menu%\Programs\Security
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\qfrerih.exe %Start Menu%\Programs\Security Shield.lnk
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\lydggsamwv.exe %Start Menu%\Programs\Security
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\18482.exe %Start Menu%\Programs\Security Shield.lnk
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\dyxpq.exe %Start Menu%\Programs\Security Shield.lnk
keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce Dropping Routine This Trojan drops the following files: %Application Data%\49123.exe %Start Menu%\Programs\Security Shield.lnk
CVE-2014-1808 This security update resolves two privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens an Office file
CVE-2012-0158 This particular security update resolves a vulnerability in Windows common controls. The said function is found in several Microsoft applications. When the vulnerability is successfully