Search
Keyword: microsoft internet explorer
\Microsoft\Windows\Start Menu\Programs\Startup on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit), 10(64-bit).) Other System Modifications This Trojan deletes the following files: %Windows%\Tasks\Smart
\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\FolderN\name.exe.lnk" /f cmd.exe /c echo [zoneTransfer]ZoneID = 2 > %temp%\FolderN\name.exe:Zone.Identifier %User Temp%
\ on all Windows operating system versions.) It creates the following folders: %Windows%\ServiceProfiles\NetworkService\AppData\Local\Microsoft (Note: %Windows% is the Windows folder, where it usually is
Windows root folder, where it usually is C:\ on all Windows operating system versions.) It creates the following folders: %Windows%\ServiceProfiles\NetworkService\AppData\Local\Microsoft (Note: %Windows% is
\AppData\Local\Microsoft (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.) Autostart Technique This Trojan Spy registers itself as a system
Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.) It creates the following folders: %Windows%\ServiceProfiles\NetworkService\AppData\Local\Microsoft
\Startup on Windows NT, C:\Documents and Settings\{User name}\Start Menu\Programs\Startup on Windows 2003(32-bit), XP and 2000(32-bit), or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu
Trend Micro detection for Microsoft Word documents that are compromised through the insertion of a malicious macro. NOTES: The created process opens the following FTP: ftp://{BLOCKED}.{BLOCKED}.136.5:20
CVE-2017-8570 | Microsoft Office Remote Code Execution Vulnerability Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Executes files
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: It patches the integrity level of Microsoft
\Local\Temp on Windows Vista and 7.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
\Local\Temp on Windows Vista and 7.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run interneter = "%System%\interneter.exe" Other System Modifications This Trojan modifies the following
keys: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Cryptography It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Cryptography MachineGuid = "e72fd476-9fb8-42d4-9802-ad26e4ee3a20
visiting malicious sites. Installation This Trojan drops and executes the following files: %Program Files%\Common Files\Microsoft Shared\MSInfo\rejoice49.exe %Program Files%\Common Files\Microsoft Shared
may be used to delete malware components and unregister malware registry entries under the following registry keys: SOFTWARE\Microsoft\Windows\CurrentVersion\Run SOFTWARE\Microsoft\Windows
adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S191044 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
\Software\Microsoft\ TOPqqUYI It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ TOPqqUYI swoCUIFE = "{random values}" Other Details This Trojan connects to the following possibly
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry