Search
Keyword: microsoft internet explorer
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This worm creates the following folders: %User Profile%\Microsoft\Dr Watson (Note: %User
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run ANNA-CLIENT-51 = "%System Root%\4Synnc\juschedi.exe" Other System Modifications This Trojan adds
\Windows NT\Accessories\Microsoft\mslives.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run cssms = "%Application Data%\cssms.exe" Other System Modifications This Trojan deletes the following files: %System Root%\r.bat (Note: %System Root% is
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Dr Watson (Note:
\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.) It adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Dr Watson (Note:
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run BTStacAvs = "%User Profile%\BTStacAvs.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion t = "005" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion d = "2012-1-25" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{A0DF6A98-A14C-J35H-46UD-F5AR862J2AH5} StubPath = "{malware path and file name}" Other System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication ID = 49433eb HKEY_LOCAL_MACHINE\SOFTWARE
system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run raidhost = "raidhost.exe" Other System Modifications This Trojan adds the following registry entries: HKEY_LOCAL_MACHINE
its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run common = "{malware path and file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
HKEY_CURRENT_USER\Software\Microsoft\ Bind It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Bind comment = "4xxx3913530" HKEY_CURRENT_USER\Software\Microsoft\ Bind comment2 = "f" Dropping
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run subjet = "%Program Files%\subjet\subjete.exe" Other System Modifications This backdoor deletes the following
) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed
) Autostart Technique This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{99C89CE0-60D6-9DE7-9B14-A12169525705} StubPath = "%System
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{19F815DD-0C0E-CD42-10DD-C10A2C63378D} StubPath = "%System
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run GHProtect = "%User Profile%\Application Data\071517501.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion