Search
Keyword: microsoft internet explorer
located.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run webcsdat = "mshta {All
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Protected Storage System Settings It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\SharedAccess\Parameters\ FirewallPolicy\DomainProfile
%Application Data%\Microsoft\nvvsvc.exe (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Windows\Profiles\{user name}\Application Data on Windows 98 and ME, C:\WINNT
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Words = "%Program Files%\Words\Words.exe" Other System Modifications This Trojan deletes the following files: %User Temp%
at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run csrview = "%User Profile%\csrview.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run NVIDIA driver monitor = "%Windows%\nvsvc32.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run NVIDIA driver
entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MSConfig = "%User Profile%\umu.exe \u" It modifies the following registry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Protected Storage System Settings It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\SharedAccess\Parameters\ FirewallPolicy\DomainProfile
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SvcHost gmehjj = ""gmehjj"" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\gmehjj\Parameters ServiceDll = "
at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run irnls = "%User Profile%\irnls.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run irnls = "
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SvcHost bcwwul = ""bcwwul"" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\bcwwul\Parameters ServiceDll = "
at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run mshchar = "%User Profile%\mshchar.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Java developer Script Browse = "%Windows%\jusched.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Java
\Application Data on Windows 2000, XP, and Server 2003.) It adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce It modifies the following registry entries:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Protected Storage System Settings It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\SharedAccess\Parameters\ FirewallPolicy\DomainProfile
\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon userinit = "%System%\userinit.exe,%System%\ntos.exe," (Note: The default value data of the said registry entry is %Windows%\system32\userinit.exe, .)
%User Profile%\Microsoft QQ (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT,
and Server 2003.) Other System Modifications This Trojan adds the following registry entries as part of its installation routine: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ ESENT\Process\{malware filename}
\Software\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process