Search
Keyword: W2KM_DLOADER.BVFO
entry is 98053 .) HKEY_CURRENT_USER\Identities Identity Ordinal = "2" (Note: The default value data of the said registry entry is 1 .) Dropping Routine This spyware drops the following files: %User
\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft
\Tcpip\Parameters TcpMaxDupAcks = "2" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters LargeBufferSize = "c8" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters
\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager Server ID =
Explorer\International W2KLpk = 1 It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
\SessionInformation ProgramCount = "1" (Note: The default value data of the said registry entry is 2 .) HKEY_CURRENT_USER\SessionInformation ProgramCount = "2" (Note: The default value data of the said registry entry
Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
\Tcpip\Parameters SackOpts = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters DefaultTTL = "4" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters TcpMaxDupAcks = "2
TcpMaxDupAcks = "2" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters LargeBufferSize = "c8" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Tcpip\Parameters AllowUserRawAccess = "1
\SYSTEM\ControlSet001\ Services\wscsvc Start = "3" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Direct3D\MostRecentApplication Name = "1.tmp"
Settings\ Zones\1 1609 = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\ Zones\2 1609 = "0" (Note: The
This spyware arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It attempts to steal sensitive online banking information, such as user names and
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It
This worm arrives by connecting affected removable drives to a system. It arrives via peer-to-peer (P2P) shares. It may be unknowingly downloaded by a user while visiting malicious websites. It drops
This Trojan attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the