Search
Keyword: microsoft internet explorer
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
\System32.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Intel
\ScreenSaverPro.scr %Application Data%\Microsoft\{random}.exe (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows
system is located.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\Microsoft\ Windows\CurrentVersion\Run HKLM = "%Windows%\InstallDir\Server.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run HKCU = "%Windows%\InstallDir\Server.exe" HKEY_LOCAL_MACHINE
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows = "%Application Data%\UCN14M5WQZ.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
system and executes them: %Application Data%\Microsoft\flashplayer.exe (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}
\Microsoft\Windows\Network Shortcuts\@README.HTML %Application Data%\Microsoft\Windows\Network Shortcuts\@README.BMP %Desktop%\@README.BMP %Desktop%\@README.HTML (Note: %Start Menu% is the Start Menu folder,
following files: %Application Data%\Microsoft\Windows\e941aPoj504hBg.dat %Application Data%\Xenocode\ApplianceCaches\java.exe_v25435DCB\TheApp\STUBEXE\@WINDIR@\sample\java.exe (Note: %Application Data% is the
64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It drops the following files: %Application Data%\Microsoft\Crypto\RSA\{random folder name}\{random file name} (Note:
\Software\Microsoft\ Windows\CurrentVersion\Run Microsoft Windows Manager = "%WINDOWS%\M-50504528343485849294856957580535350\winmgr.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: "%Application Data%\Microsoft\Windows
Other System Modifications This Potentially Unwanted Application adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 HKEY_LOCAL_MACHINE\Software\Freemake It