Search
Keyword: microsoft internet explorer
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S157186114 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S17219637 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S25108188 = "{malware path and file name}" Other System Modifications This Trojan adds the following
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Ac97Sound = "%System%\snddrv.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run microsystem = "
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "1bfd3631-bcea-48c6-8d31-3de3fdb1cd42" Other Details This Trojan
registry entries as part of its routine: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RunOnce\Cleanup C:\cleanup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\avg C:
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S100160110 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S14415964 = "{malware path and file name}" Other System Modifications This Trojan adds the following
Other Details This is a specially-crafted PDF file that attempts to exploit the folllowing vulnerability in Microsoft Word: CVE-2010-3333 Once successfully exploited, it drops and executes the following
execution at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run spro = "%ProgramFiles%\SPro\sproinit.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run
path}\{random file name}.exe Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run 76598903 = "{malware path and file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "398c261f-3178-497b-b86a-db6b4eb6c928" Other Details This Trojan
It adds the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ RFC1156Agent\CurrentVersion\Parameters It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "56c7ebd5-a4b0-4e0b-b774-d806dedb83df" Other Details This Trojan
\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "e6a73668-4060-4f73-82da-a4ba3c090e8b" Other Details This Trojan
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .)
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .)
\Software\Microsoft\ Multimedia\DrawDib It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Multimedia\DrawDib vga.drv 800x600x16(565 0) = "31,31,31,31" This report is generated via
\Software\Microsoft\ Multimedia\DrawDib It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Multimedia\DrawDib vga.drv 1024x768x32(BGR 0) = "31,31,31,31" This report is generated via