Search
Keyword: microsoft internet explorer
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run svchost = "%User
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Network List Service = "%User Profile%\Windows\Dnscache.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run NetWire = "%User Profile%\Install\Host.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\
the affected system: %User Profile%\Microsoft\XGvZuYqOn.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and
and executes them: %System%\{random file name}.exe -> Drop when file is run with admin rights %AppDataLocal%\Microsoft\Windows\{random file name}.exe -> Drop when file is run without admin rights (Note:
of itself into the affected system: %Application Data%\Microsoft\{random character}\{random character}.exe (Note: %Application Data% is the current user's Application Data folder, which is usually C:
registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run BackUp{Volume ID} = "%Application Data%\BackUp{Volume ID}.exe
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 1payday = %Application Data%\payday.hta HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 2baby = %Application Data%\payday.hta
its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run HKLM = "%System%\System32\mozill.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run office = "{malware path and file name} " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Windows folder, where it usually is C:\Windows on all Windows operating system versions.) It creates the following folders: %Windows%\ServiceProfiles\NetworkService\AppData\Local\Microsoft (Note: %Windows%
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Microsoft\Backups (Note:
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
%Application Data%\Microsoft\viFIYqeh.exe (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Helper.exe = "%Windows%\Helper.exe" Other System Modifications This backdoor adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft