Search
Keyword: microsoft internet explorer
Modifications This backdoor modifies the following files: %User Profile%\Application Data\Microsoft (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on
following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Office\Outlook\Addins\ RIMExportEx.Connect HKEY_CLASSES_ROOT\CLSID\{F03BF566-B3CC-4DF7-B7D2-C9194C8882DF} HKEY_CLASSES_ROOT\CLSID\
\Roaming on Windows Vista and 7.) Autostart Technique This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
Data\Microsoft (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows
{user name} on Windows Vista and 7.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
\Microsoft\ Windows\CurrentVersion\Run flash.exe = "%User Temp%\..\flash.exe" Other System Modifications This Trojan deletes the following files: %User Profile%\locals~1\{malware file name} (Note: %User
XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) It creates the following folders: %Start Menu%\Programs\MSDCSC %User Temp%\dclogs
backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run SunJavaUpdateSched = "%ProgramData%
spyware drops the following files: {All Users Profile}\Microsoft\PDA\Mircosoft System..DLL It creates the following folders: {All Users Profile}\Microsoft\PDA Autostart Technique This spyware registers
) It creates the following folders: %User Profile%\Microsoft\Dr Watson (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and
\Software\Microsoft\ Windows\CurrentVersion\Run MicroUpdate = "%User Profile%\MSDCSC\msdcsc.exe" It modifies the following registry entries to ensure it automatic execution at every system startup:
Server 2003.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run KB{random number} = "%User Profile%\Application Data\KB
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run NVIDIA driver monitor = %Windows%\nvsvc32.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Dfrg\BootOptimizeFunction LcnStartLocation = "1463841" (Note: The default value data of the said registry entry is 0 .) HKEY_LOCAL_MACHINE\SOFTWARE
%Application Data%\Microsoft\delta.exe (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003,
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
folders: %System Root%\trivax1.Bin\ %User Profile%\Application Data\VMware %User Profile%\Microsoft\Dr Watson %Windows%\SoftwareDistribution %Windows%\SoftwareDistribution\DataStore\Logs\ %Windows%
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows