Search
Keyword: microsoft internet explorer
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Shell = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
Files%\Common Files\Microsoft Shared\MSINFO\rejoice48.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) Dropping Routine This Trojan drops the following files:
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {malware file name} = "%System Root%\{malware file name}.exe" Other System Modifications This Trojan adds
following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ RFC1156Agent\CurrentVersion\Parameters It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ RFC1156Agent
system startup: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ Windows\CURRENTVERSION\Run Microsoft Drive Guard32 = %User Profile%\DrvGuard32.exe Other System Modifications This backdoor adds the following registry
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {random name} = "%All Users Profile%\Application Data\{random name}\{random name}.exe" Other System
it automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ WINDOWS NT\CURRENTVERSION\Winlogon Userinit = userinit.exe,%Windows%\System\svchost.exe (Note: The default value
following registry entries to ensure it automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon Userinit = %System%\userinit.exe,%Windows%
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run WindowsUpdate = "%System Root%\winlogof.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\VISIO (Note:
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) It takes advantage of the following software vulnerabilities to drop malicious files: (MS09-067) Vulnerabilities in Microsoft Office Excel
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 82DPO5SVPJ = "{malware path and filename}" Other System Modifications This Trojan adds the following registry keys as part
every system startup by adding the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\AeLookup Description = "Microsoft .NET and Windows XP COM+ Integration with SOAP
\Microsoft\ GenericHost It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ GenericHost Policy = "{random characters}" Dropping Routine This worm drops the following files: %Windows%
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run bot.exe = "%User Profile%\Application Data\bot.exe " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\Software\Microsoft\ Windows Script\Settings It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows Script\Settings JITDebug = "0" Dropping Routine This Trojan drops the
\Microsoft\ Windows NT\CurrentVersion Application = "66efaff" HKEY_CURRENT_USER\Software\Microsoft\ Windows NT\CurrentVersion x = "x" Dropping Routine This worm drops the following files: %Windows%\csrss.exe
It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry