Search
Keyword: microsoft internet explorer
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon Taskman = %Application Data%\vfbu.exe Other System Modifications This
Installation This Dialer drops the following files: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\Network\CONNECTIONS\Pbk\rasphone.pbk
as part of its routine: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Driver Updater DisplayName = "WinZip Driver Updater" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
/delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader" (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions..
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run FileOcean = "fileoceandn.exe" Other System Modifications This Trojan deletes the following files: %User Temp%\$inst\0.tmp %User Temp%\$inst\1.tmp %User
C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and
\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) Other System Modifications This Trojan deletes the following
registry keys: HKEY_CURRENT_USER\Software\SelectiveAdmission HKEY_CLASSES_ROOT\SelectiveAdmission\CLSID HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ SelectiveAdmission It adds the
following copies of itself into the affected system: %Program Files%\MSN Gaming Zone\otbQbYeC.exe %Application Data%\Microsoft\aJTdzIeE.exe %User Temp%\nJaMdEHM.exe (Note: %Program Files% is the Program Files
is C:\Documents and Settings\{user name}\Start Menu on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows
following: Uses the following as infection marker: NAMCAP Size of malicious code after NAMCAP It infects the following drive types: Fixed Only infects when the directory is currently open in explorer The
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Windows Driver = %Windows%\T-26207508265082650820840\windrv.exe HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Microsoft
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run List IP Authentication Enumerator Spooler = "%System%\{random filename 1}.exe" Other System Modifications
present in the affected system: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Hyper-V HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ VirtualMachine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Virtual Machine\Guest\Parameters
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {Malware Filename} = %AppDataLocal%\{Malware Filename}.exe HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {Malware
automatic execution at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run {Malware Filename} = "%System%\{Malware Filename}" HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows
}\Start Menu\Programs\Startup on Windows NT, C:\Documents and Settings\{User name}\Start Menu\Programs\Startup on Windows XP, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Printsrv = "%System%\Printing_Admin_Scripts\en-US\driverupd.vbs" Other System Modifications This
Spy adds the following processes: cmd.exe /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%appdata%\FolderN\name.exe.lnk" /f cmd.exe /c echo [zoneTransfer
\ServiceProfiles\NetworkService\AppData\Local\Microsoft (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows