Search
Keyword: microsoft internet explorer
(Symantec) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes, Steals information
(Symantec) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes, Steals information
(Symantec) Downloaded from the Internet Connects to URLs/IPs, Displays message/message boxes, Steals information, Encrypts files
Downloaded from the Internet Connects to URLs/IPs, Steals information, Encrypts files, Displays message/message boxes
Ransom:Win32/Locky (Microsoft) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes, Steals information
number of encrypted files OS architecture (if 64bit) victim ID Ransom:Win32/Locky!rfn (Microsoft); Ransom.Locky (Malwarebytes); Trojan.Cryptolocker.AF (Symantec) Downloaded from the Internet Connects to
Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes, Steals information
window containing the ransom message: The dropped ransom note contains the same ransom message: Trojan:Win32/Dynamer!ac (Microsoft), a variant of Win32/Injector.CPGP (ESET) Downloaded from the Internet
Downloaded from the Internet Connects to URLs/IPs, Encrypts files
decryption key, it displays the following message boxes: Trojan.MalPack.AI (Malwarebytes), Ransom:Win32/Genasom (Microsoft) Dropped by other malware, Downloaded from the Internet Displays message/message
by other malware, Downloaded from the Internet Terminates processes, Encrypts files
adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Windows NT Service = "%Application Data%
Center\Svc UacDisableNotify = "1" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings GlobalUserOffline = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
\6F638C1200771EBE0009A1AE7B07D287\6F638C1200771EBE0009A1AE7B07D287 %User Profile%\Application Data\Microsoft\Protect\S-1-5-21-1614895754-436374069-682003330-1003\1cc9ebfa-cf99-4554-8a6f-085f28fd928a %Start Menu%\Programs\Live
C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and
name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) Autostart Technique This backdoor adds the following
C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random} = "%AppDataLocal%\{random}\{random}.exe" It modifies the following registry entry(ies) to enable its automatic execution at every system
It checks if it has already infected the Microsoft Word global template, Normal.dot by checking for the existence of a registry key. Infected document files are detected by Trend Micro as
Profile%\Microsoft\atiesrx.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name