Search
Keyword: microsoft internet explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run AhnLab V3Lite Update Process = "%System%\V3LiveRun.exe" Other System Modifications This Trojan adds the following registry keys: HKEY_LOCAL_MACHINE
following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random name} = "%system root%\Documents and Settings\All
Installation This worm drops the following copies of itself into the affected system: %User Profile%\Application Data\Microsoft\conhost.exe (Note: %User Profile% is the current user's profile folder,
the affected system: %Application Data%\Microsoft\service.exe (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Windows\Profiles\{user name}\Application Data
visiting malicious sites. Installation This worm drops the following files: %User Profile%\Application Data\Microsoft\svchost.exe (Note: %User Profile% is the current user's profile folder, which is usually
\Application Data\Microsoft\conhost.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows
system versions.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winlogin = "%User Profile%\Windows\winlogin.exe" HKEY_CURRENT_USER\Software
Profile%\Microsoft\AppReadiness.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user
\Microsoft\ Windows\CurrentVersion\Run {random file name}.exe = "%Application Data%\KB{random numbers}.exe" Other System Modifications This backdoor adds the following registry keys: HKCU\Software\Microsoft
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run cuhlmb = "%System%\nylvnco.exe" Other System Modifications This backdoor modifies the following file(s):
operating system is located.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT
located.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion
Files%\Microsoft\DesktopLayer.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:
7.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winlogin = "%User Profile%\Windows\winlogin.exe" HKEY_CURRENT_USER\Software
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winlogin = "%User Profile%\Windows\winlogin.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Configuring = "rundll32.exe %User Temp%\62687.txt,krb" Other System
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winlogin = "%User Profile%\Windows\winlogin.exe" HKEY_CURRENT_USER\Software
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winlogin = "%User Profile%\Windows\winlogin.exe" HKEY_CURRENT_USER\Software