Search
Keyword: microsoft internet explorer
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SvcHost zpzwpsbb = "zpzwpsbb" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\zpzwpsbb\Parameters ServiceDll = "
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run kbmac = "%User Profile%\kbmac.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run kbmac =
system is located.) Autostart Technique This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Windows Applicaton = "{malware path and file name}" Other System Modifications This spyware modifies the
\Microsoft\ Windows\CurrentVersion\Run {malware file name} = "%User Temp%\{malware file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {malware file name} = "%User Temp%\{malware file
\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) It creates the following folders: %Start Menu%\MSDCSC %User
%User Profile%\Microsoft QQ (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT,
and Server 2003.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\SYSTEM\CurrentControlSet\ Control\MediaResources\msvideo It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SvcHost nzbdky = "nzbdky
\x.mpeg Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {Random}
keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\netcache It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\netcache Enabled = "0" It
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run cfgbin = "%User Profile%\cfgbin.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run .NET. = "%System%\msnmgnr.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Backups (Note:
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon userinit = "%System%\userinit.exe,%Windows%\apppatch\cslbkv.exe," (Note: The default value data of the said
visiting malicious sites. Installation This worm drops the following copies of itself into the affected system: %Application Data%\{random}.exe %Application Data%\Microsoft\{random file name}.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Java developer Script Browse = "%Windows%\jusched.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Java developer Script Browse =
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run .NET. = "%System%\msnmgnr.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run NVIDIA driver monitor = "%Windows%\nvsvc32.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run NVIDIA driver monitor = "%Windows%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Java developer Script Browse = "%Windows%\jusched.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Java developer Script Browse =