Search
Keyword: microsoft internet explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{21E9C5D3-EBFF-11CD-B6FD-00AA00B4E22A} StubPath = "%Program Files%\DBS.EXE" Other System Modifications This backdoor adds the following registry
Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run openv = "%User Profile%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run avpupdt = "%System%\1718185808\avgupdt.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run ctfmon = "{malware path and file name}
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run cuhlmb = "%System%\nylvnco.exe" Other System Modifications This Trojan modifies the following file(s):
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Dr Watson (Note:
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run sassfix = "%System%\package.exe" Other System Modifications This
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This worm creates the following folders: %User Profile%\Microsoft\Dr Watson (Note: %User
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run ANNA-CLIENT-51 = "%System Root%\4Synnc\juschedi.exe" Other System Modifications This Trojan adds
\Windows NT\Accessories\Microsoft\mslives.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run cssms = "%Application Data%\cssms.exe" Other System Modifications This Trojan deletes the following files: %System Root%\r.bat (Note: %System Root% is
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Dr Watson (Note:
\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.) It adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Dr Watson (Note:
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run BTStacAvs = "%User Profile%\BTStacAvs.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion t = "005" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion d = "2012-1-25" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{A0DF6A98-A14C-J35H-46UD-F5AR862J2AH5} StubPath = "{malware path and file name}" Other System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication ID = 49433eb HKEY_LOCAL_MACHINE\SOFTWARE
system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run raidhost = "raidhost.exe" Other System Modifications This Trojan adds the following registry entries: HKEY_LOCAL_MACHINE
its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run common = "{malware path and file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
HKEY_CURRENT_USER\Software\Microsoft\ Bind It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Bind comment = "4xxx3913530" HKEY_CURRENT_USER\Software\Microsoft\ Bind comment2 = "f" Dropping