Search
Keyword: microsoft internet explorer
Profile%\Microsoft\AudioEndpointBuilder.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:
\Software\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process
\Software\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process
\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process Windows
\Software\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process
\Software\Microsoft\ Windows\CurrentVersion\Run Client Server Runtime Process = "%User Profile%\Application Data\csrss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Host-process
%Application Data%\Microsoft\Windows\toolbar.exe (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows
entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce u5g151rnw = "%User Profile%\u5g151rnw\peqq.vbs" HKEY_CURRENT_USER
Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) It creates the following folders: %Start Menu%\MSDCSC %User Profile%\Application Data\dclogs
every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {malware file name} = "{malware path and file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
Windows Vista and 7.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run sbcperz = "%User Profile%\nameg\sbcperz.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run crrsc = "%User Profile%\System32\crrsc.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista, 7, and 8.) Autostart Technique This Worm adds the following registry entries to enable its automatic execution at every system startup:
%Application Data%\Microsoft\Windows\lanmon.exe (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows
\software\microsoft\ esent\process\{malware file name} hkey_local_machine\software\microsoft\ esent\process\{malware file name}\ debug HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ ESENT\Process\qwioc
Windows Server 2012.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
on Windows Vista and 7.) It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Dfrg\BootOptimizeFunction LcnStartLocation = "1463841" (Note: The default value data of the
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run dpapopen = "%User Profile%\dpapopen.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows