Search
Keyword: W2KM_DLOADER.BVFO
fixed, removable and network drives. It executes the following command to terminate and delete itself: cmd.exe /C timeout 2 && Del /Q /F {malware directory}\{malware file name} It deletes the shadow volume
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
ReportServer$TPSAMA Zoolz 2 Service MSOLAP$TPS aphidmonitorservice SstpSvc MSExchangeMTA ReportServer$SYSTEM_BGC Symantec System Recovery UI0Detect MSExchangeSA MSExchangeIS ReportServer MsDtsServer110 POP3Svc
%User Temp%\smtmp\1 %User Temp%\smtmp\2 %User Temp%\smtmp\3 %User Temp%\smtmp\4 (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings
value data of the said registry entry is 2 .) Dropping Routine This Trojan drops the following files: %Program Files%\LP\0D2F\056.exe %Program Files%\LP\0D2F\1.tmp U L ACPI#PNP0303#2&da1a3ff&0\L\suianxvn
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\helpsvc Start = "4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
System Modifications This file infector modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "2" (Note: The default value data
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
\CurrentControlSet\ Services\{random characters} Start = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{random characters} ErrorControl = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{random
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses Windows Task Scheduler to create a scheduled
\Policies\ Microsoft\Windows\System DisableCMD = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon SFCScan = "0" It modifies the following registry entries: HKEY_CURRENT_USER
registry entries to disable the following system services: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\BITS Start = "4" (Note: The default value data of the said registry entry is 2 .)
333333 33333 3333 333 33 3 22222222 2222222 222222 22222 2222 222 22 2 11111111 1111111 111111 11111 1111 111 11 1 00000000 0000000 00000 0000 000 00 0987654321 987654321 87654321 7654321 654321 54321 4321
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a