Search
Keyword: microsoft internet explorer
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 8337ecf2e08c721ff4ba7dbed7d63814d4db8d2a = "wscript.exe //b
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
System Modifications This Trojan modifies the following file(s): %Application Data%\Microsoft\Office\Word12.pip (Note: %Application Data% is the current user's Application Data folder, which is usually C:
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
Settings\{User name}\Start Menu\Programs\Startup on Windows 2003(32-bit), XP and 2000(32-bit), or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup on Windows Vista, 7, 8,
).) Other System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 It adds the following registry entries: HKEY_CURRENT_USER
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{3E01A920-6244-66A3-23E9-6ECFC5C85E01} StubPath = "%System%:mstanks.exe" or "%System%\mstanks.exe" Other System Modifications
Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MUmintry KRSteam = "
registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run BC75E553 = "%Application Data%\BC75E553\BC75E553.EXE" Other System
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS Svasta Pomalo v2 = "%User Profile%\Application Data\odjebiav2.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MS Svasta Pomalo v2 = "
%User Profile%\Microsoft\Backups (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\
\Software\Microsoft\ Windows\CurrentVersion\Run SCRService = %Windows%\ScreenSaver.scr Download Routine This Ransomware connects to the following URL(s) to download its configuration file: http://{BLOCKED
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {Random CLSID} = %Application Data%\{random1}\{random}.exe Other System Modifications This spyware adds the following registry keys: HKEY_CURRENT_USER
the following registry keys: HKEY_CURRENT_USER\Software\DC3_FEXEC It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows NT\CurrentVersion\Winlogon shell = "%User Profile%