Search
Keyword: microsoft internet explorer
{user name}\Start Menu on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7
Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and
Profile%\Microsoft FxCop\SamSs.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user
Profile%\Microsoft FxCop\SamSs.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user
Profile%\Microsoft FxCop\SamSs.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user
HKEY_CURRENT_USER\Software\Microsoft\ Bind It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Bind comment = "winamp_3913056.exe" HKEY_CURRENT_USER\Software\Microsoft\ Bind comment2 = "f
) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run Intel
Server 2003.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
following software vulnerabilities to drop malicious files: RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) Other Details More information on this vulnerability can be found below: Microsoft Security
) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MSNet
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run onestep = "%Program Files%\onestep\onestepe.exe" Other System Modifications This Trojan deletes the
ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
\WinShell\WinSeven.exe %System Root%\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskhost.exe (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Netprotocol = "%User Profile%\Application Data\netprotocol.exe" Other System Modifications This Trojan adds
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Protect (Note:
evenlpr = "%System%\dumphare.dll" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\Safer\ CodeIdentifiers DefaultLevel = "4" (Note: The default value data
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run avpupdt = "%System%\1718185808\avgupdt.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run ctfmon = "{malware path and file name}
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run 9E7041CA = "%Windows%\9E7041CA\svchsot.exe" Other System Modifications This backdoor adds the following registry keys: HKEY_CURRENT_USER\Software\WinRAR SFX
Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Active Setup\Installed Components\{CLSID} StubPath
HKEY_CURRENT_USER\Software\Microsoft\ Bind It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Bind comment = "3913207" HKEY_CURRENT_USER\Software\Microsoft\ Bind comment2 = "f" Dropping