Search
Keyword: microsoft internet explorer
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S1706115 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run svhost.exe = "%User Profile%\Application Data\svhost.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S318210 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S121187157 = "{malware path and file name}" Other System Modifications This spyware adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run svmhost.exe = "%User Profile%\Application Data\svmhost.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "99717c07-a0bc-46df-b4a5-e71ed20d0d6c" Other Details This Trojan
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S73154109 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S25163157 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S9918359 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S2246112 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S157186114 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S17219637 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S25108188 = "{malware path and file name}" Other System Modifications This Trojan adds the following
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Ac97Sound = "%System%\snddrv.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run microsystem = "
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "1bfd3631-bcea-48c6-8d31-3de3fdb1cd42" Other Details This Trojan
registry entries as part of its routine: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RunOnce\Cleanup C:\cleanup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\avg C:
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S100160110 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S14415964 = "{malware path and file name}" Other System Modifications This Trojan adds the following
Other Details This is a specially-crafted PDF file that attempts to exploit the folllowing vulnerability in Microsoft Word: CVE-2010-3333 Once successfully exploited, it drops and executes the following