Search
Keyword: microsoft internet explorer
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon\ SpecialAccounts\UserList sysadm = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon\ SpecialAccounts\UserList DHCP = "0" It
\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" Dropping Routine This Trojan drops the following
\SOFTWARE\Microsoft\ GenericHost It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ GenericHost Policy = "{random characters}" Dropping Routine This Trojan drops the following
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run jagoul = "%System%\zovicada.exe" Other System Modifications This backdoor deletes the following registry
\SOFTWARE\Microsoft\ DirectWin32 It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectWin32 Policy = "{random characters}" Dropping Routine This backdoor drops the following
\software\gxb It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" (Note: The default value data of the said registry entry
\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication ID = "4117b81" Dropping Routine This Trojan drops the
List HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\ Settings HKEY_LOCAL_MACHINE\Software\Microsoft\ Active Setup\Installed Components\{random} It adds the following registry entries:
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Pinyin IME = "{malware path and file name}" Dropping Routine This Trojan drops the following
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Vpnkjsl = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
\Software\Microsoft\ RYRVrsUO It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ RYRVrsUO GSksjXxw = "{random values}" Dropping Routine This Trojan drops the following files:
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run NOKIASERVER REGCREATE = "{malware path}\{malware file name}.exe" HKEY_LOCAL_MACHINE\Software\Microsoft
Other System Modifications This backdoor adds the following registry keys: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Windows\DbxUpdateET It adds the following registry entries: HKEY_CURRENT_USER\Software
\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
\Software\Microsoft\ Direct3D\MostRecentApplication It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Direct3D\MostRecentApplication Name = "{malware file name}" Dropping Routine
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Updater = "{malware path and file name}" Other System Modifications This Trojan adds the