Search
Keyword: microsoft internet explorer
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
Profile%\Microsoft\ZJfdLyE4jCnl5.exe %User Profile%\Default Folder\Default File.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run cinuomofrudc = "%User
\Wilbert %User Profile%\Microsoft\CLR Security Config %User Profile%\CLR Security Config\v2.0.50727.42 (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system
the affected system: %User Profile%\Microsoft\task55.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and
\Wilbert %User Profile%\Microsoft\CLR Security Config %User Profile%\CLR Security Config\v2.0.50727.42 (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system
\Programs\Startup on Windows XP, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup on Windows Vista, 7, and 8.. %Common Startup% is the startup folder for all users, which
Ransomware adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce BrowserUpdateCheck = %Application
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random} = "%Application Data%\{random string}-{random string}\{random string}
Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\Delsim\ Connection\del HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ delsim It adds the following
Data\Microsoft (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows
every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run [system] = "%System%\drivers\services.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run
CVE-2011-3402 A vulnerability in a Microsoft Windows component that may allow an attacker to execute code on the vulnerable machine. The vulnerability exists in the Win32k TrueType font parsing
and executes them: %System%\{random file name}.exe -> Drop when file is run with admin rights %AppDataLocal%\Microsoft\Windows\{random file name}.exe -> Drop when file is run without admin rights (Note:
Files%\Microsoft\WaterMark.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:
\Users\{user name} on Windows Vista and 7.) It creates the following folders: %User Profile%\Microsoft\Backups (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and
following file(s): %User Profile%\Application Data\Microsoft (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server
on Windows Vista and 7.) Other System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Ynfuwaab HKEY_CURRENT_USER\Software\Microsoft\ Myxylaaqi It adds
This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run JavaVM = "%Windows%\java.exe
following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run JavaVM = "%Windows%\java.exe" HKEY_LOCAL_MACHINE