Search
Keyword: W2KM_DLOADER.BVFO
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
It sends a GET request to the server to download encrypted data. The encrypted data contains information on its spamming routine. It sends spam mails containing links where other malware can be
This worm uses Remote Desktop Protocol (RDP) for its propagation routines. To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
\CurrentControlSet\ Services\googleupdate DisplayName = "Google Update Service" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\googleupdate Start = "2" It adds the following registry entries to enable its
\Software\Classes\ .dc9b HKEY_CURRENT_USER\Software\Classes\ .dc9b\E HKEY_CURRENT_USER\Software\Classes\ .dc9b\Q HKEY_CURRENT_USER\Software\Classes\ .dc9b\W It adds the following registry entries:
registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ services\wscsvc Start = "4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ services
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\mssecsvc2.0 ErrorControl = "1" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\mssecsvc2.0 Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It enables its automatic execution at every system
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It enables its automatic execution at every system
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires its main component to successfully perform
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It runs certain commands that it receives remotely
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER