Search
Keyword: microsoft internet explorer
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\HomeGroup\ UIStatusCache UIStatus = "560" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\HomeGroup\ UIStatusCache OnlyMember = "0
NOTES: This malware may arrive as a legitimate Microsoft .DLL file that has been altered by another malware as an autostart mechanism.
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run netAdapter = "%System Root%\Documents and Settings\All Users\netAdapter.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run ElsxjvO = "%System Root%\ProgramData\TuvjywK\CtlouiB\ElsxjvO.exe" Other System Modifications This Trojan adds the following
\Microsoft\ Windows\CurrentVersion\Run Java Runtime Viewer = "%User Profile%\Adobe\TaskViewer.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Remote Shell Manager = "%User Profile%
} on Windows Vista and 7.) Autostart Technique This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
\Software\Microsoft\ Windows\CurrentVersion\Run HostProcess = "%Application Data%\HostProcess\{malware name}.exe" Other System Modifications This backdoor adds the following registry entries as part of its
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run HKLM = "%Windows%\InstallDir\Server.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run HKCU = "%Windows%\InstallDir\Server.exe
where the operating system is located.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
located.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce
when visiting malicious sites. Other System Modifications This Trojan modifies the following files: %User Profile%\Application Data\Microsoft %Application Data%\GDIPFONTCACHEV1.DAT (Note: %User Profile%
when visiting malicious sites. Other System Modifications This Trojan modifies the following files: %User Profile%\Application Data\Microsoft %Application Data%\GDIPFONTCACHEV1.DAT (Note: %User Profile%
following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Antivirus = "%System Root%\Cache\checker.exe" Other
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 1 = "%User Temp%\{malware file name}" Other System Modifications This spyware modifies the following files: %Application Data%\GDIPFONTCACHEV1.DAT
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run winupdater = "%System Root%\Windupdt\winupdate.exe" It modifies the following registry entries to ensure it
automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Intel Data Manager = "%System%\igfxtd86.exe" Other System Modifications This worm adds the
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
Profile%\Microsoft\AudioEndpointBuilder.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C: