Search
Keyword: troj _ vundo
44738 Total Search |
Showing Results : 1 - 20
VUNDO is a family of Trojans, adware, and spyware first spotted in 2004. It usually arrives as a bundle of components, downloaded from malicious websites. VUNDO is multi-component, meaning it has
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: "%System%\cmd.exe" /c "_\_\_\_\_\_
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This spyware creates the following folders: %User Temp%\_$Df (Note: %User Temp% is
that creates the following specific mutex: .exeM_[0-9][0-9][0-9].*_ .exeM_[0-9][0-9][0-9][0-9].*_ uxJLpe1m Ap1mutx7
drops and executes the following files: %Windows%\Temp\_$Cf\osk.exe - detected as PE_COSVAR.A-O (Note: %Windows% is the Windows folder, which is usually C:\Windows.) It drops the following non-malicious
{garbage characters} open=bakredm.bat {garbage characters} shell\open\Command=hiudstenw.bat _ {garbage characters} shell\open\Default=1 shell\explore\Default=2 {garbage characters} shell\explore\Command
analysis system. Trojan:Win32/Tracur.AH, Trojan:Win32/Tracur.AH, Trojan:Win32/Tracur.AH, Trojan:Win32/Tracur.AH, Troj (Microsoft); [2.nsis]:Downloader-BMN.gen.i, [3.nsis]:Downloader-BMN.gen.i, [4.nsis
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: Executes "_\DeviceConfigManager.exe" if found
\dd_vcredistMSI5DA7.txt %User Temp%\dd_vcredistMSI6BB9.txt %User Temp%\dd_vcredistUI5DA7.txt %User Temp%\dd_vcredistUI6BB9.txt %User Temp%\Perflib_Perfdata_42c.dat %User Temp%\Perflib_Perfdata_740.dat %User Temp%\_$Df
\Windows on all Windows operating system versions.) It creates the following folders: %Windows%\M-{random numbers} {Removable Drive Letter}:\_ (Note: %Windows% is the Windows folder, where it usually is C:
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This backdoor deletes the following files: LMNOPQRSTUVWXYZ[\]^_
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This backdoor creates the following folders: %User Temp%\_$Df %User Temp%\DF51.tmp
%MpsXNpCnns.bin %Current%\_$sbinLop.bin %Current%\_$NosTsh.bin %Current%\Temp.bin (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %Temp%\_$Cf (Note: %Temp% is the Windows
to the file name of the encrypted files: {random}.satan_pro It drops the following file(s) as ransom note: _如何解密我的文件_.txt
to the file name of the encrypted files: {random}.evopro It drops the following file(s) as ransom note: _如何解密我的文件_.txt
the Windows system folder, which is usually C:\Windows\System32.) This report is generated via an automated analysis system. Trojan:Win32/Vundo.KAO (Microsoft); Vundo (McAfee); Packed.Generic.201
(Symantec); PAK:PECrypt32.Kila, PAK:ASPack, Trojan-Banker.Win32.Banker.etk, Trojan-Banker.Win32.Banker.etk, Troj (Kaspersky); Infostealer.Banpaes (Sunbelt); Trojan.Spy.Banker.ANV (FSecure)
Temp%\_$Df\DF6Wks.sib (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\
SYSTeM.io.sTREAMreADer($_ ,[TeXt.eNcODinG]::Ascii ) }).readTOeND()" TrojanDownloader:O97M/Powdow.ARJ!MTB (Microsoft); RDN/Generic Downloader.x (NAI); VBA/TrojanDownloader.Agent.SFS trojan (NOD32)