Search
Keyword: microsoft internet explorer
every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run sys = "%System%\List480.TXT.scr" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MSMSGS = "%Program
following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System It creates the following registry entry(ies) to disable Task Manager, Registry Tools and Folder Options:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Root%\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\csrss.exe %Windows%\csrss.exe (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run svchosta = "{malware path and file name}" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run svchost.exe = "
\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system ConsentPromptBehaviorAdmin = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE
\Software\Microsoft\ Windows Script\Settings HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ The Net\settings HKEY_CURRENT_USER\Software\Microsoft\ Visual Basic\6.0 It adds the following registry
\Microsoft\ GenericHost It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ GenericHost Policy = "{random characters}" Dropping Routine This worm drops the following files: %System%
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run tasks = "%Windows%\tasks.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run RegFixer = "%Windows
operating system is located.) Other System Modifications This worm adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion Run = "%Windows%\winlogon.eXe
adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS Service Manager = "%User Temp%
system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Microsoft Windows Adapter 5.1.3214 = "%User Profile%\Application Data\pzrtn.exe" This report is generated via an automated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "iexplore.exe" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run NEOWATCHLOG = "%Windows%\WUIknDnQWAgJ3o.exe" Other System Modifications This backdoor modifies the
\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" Dropping Routine This spyware drops the following
\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" Dropping Routine This spyware drops the following
enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoftctfmon = "%System Root%\ct.exe" Other System Modifications This spyware
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run kjhgf = "%Windows%\protected_01.03.2011_021400.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
%Program Files%\Common Files\Microsoft Shared\MSINFO\rejoice49.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) Other System Modifications This backdoor adds the
) Other System Modifications This Trojan adds the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ TermServMonitor It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE