Search
Keyword: microsoft internet explorer
\SOFTWARE\Microsoft\ Security Center UACDisableNotify = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" Dropping Routine This Trojan drops the following
\Software\Microsoft\ Direct3D\MostRecentApplication It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Direct3D\MostRecentApplication Name = "{malware file name}" Dropping Routine
every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run System Service = "%Windows%\smss.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Rising Driver
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Windows Service = {random file name}.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Service = {random file name}.exe
Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It drops the following copies of itself into the affected system: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run
%Program Files%\Common Files\Microsoft Shared\MSINFO\µçÐżÓËÙ.exe (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.) Dropping Routine This backdoor drops the following
Files.) Other System Modifications This Trojan adds the following registry keys as part of its installation routine: HKEY_CURRENT_USER\Software\FileKen\ settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run ImapiService = %User Profile%\LocalSettings\ImapiService.exe Other
\bisoft It adds the following registry entries as part of its installation routine: HKEY_CURRENT_USER\Software\bisoft frstrunn = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\Security Center\Svc
adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Driver Control Manager v5.6 = "%User Temp%
automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Ecagiwuhuqerofi = "rundll32.exe "%Windows%\{Random File Name}.dll",Startup" Other System
C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.) Other System Modifications This Trojan adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows
detection for an infected Microsoft Excel file. It checks for open Microsoft Excel workbooks on the affected computer. It then checks if a Sheet17 exists in the open workbooks. If not, it creates a hidden
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MSPetServ = "%System Root%\PET32.EXE" Other System Modifications This worm adds the following registry keys: HKEY_LOCAL_MACHINE
\Microsoft\ Active Setup\Installed Components\{FP34BIEY-AM0E-A2OU-VUXN-IN7HHSUWQ7ID} StubPath = %Application Data%\wuauclt.exe Other System Modifications This Trojan adds the following registry keys:
adding the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\zbpmpa Description = Microsoft .NET Framework TPM HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\zbpmpa
\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" Dropping Routine This Trojan drops the following
\Software\Microsoft\ Direct3D\MostRecentApplication It adds the following registry entries: HKEY_CLASSES_ROOT CLSID\{F70F0434-37C0-44E2-1EB4-54DEA10CCE69} = "Ebopo Isibe Gageca Class" HKEY_CURRENT_USER
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Driver Control Manager v5.7 = "%User Temp%\tridesee.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Driver Control Manager v5.7 = "%User
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random} = %User