Search
Keyword: Mal_SageCrypt
This backdoor modifies registry entries to disable various system services. This action prevents most of the system functions to be used. It connects to a website to send and receive information.
This Trojan takes advantage of certain vulnerabilities. Other Details This Trojan takes advantage of the following vulnerabilities: Oracle Java SE and Java for Business 'MixerSequencer' Remote Code
This Backdoor may be dropped by TROJ_DLLSERV.AE. Its main component registers this malicious .DLL file as a service by creating registry entries. It opens Port 8883, where it listens for remote
This worm arrives by connecting affected removable drives to a system. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system.
This worm drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. Installation This worm drops the following copies of itself
This worm propagates by sending messages containing links to sites where it can be downloaded. It scans the infected system for email addresses and then sends the stolen information to a server via
This Trojan connects to a website to send and receive information. It also has rootkit capabilities, which enables it to hide its processes and files from the user. It deletes itself after execution.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan modifies certain registry entries. It connects to certain URL(s) to download its component file(s). It saves the files it downloads using certain file names. Trend Micro detects the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan adds certain registry entries to disable the Task Manager. This action prevents users from terminating the malware process, which can usually be done via the Task Manager. Installation
It drops a copy of itself. It also drops a .SYS file detected as BKDR_TDSS.OW. It creates files in the last sector of the disk. This Trojan may be dropped by other malware. It may be unknowingly
It displays a window upon execution. It sends ICMP PING requests to a series of IP addresses and scans for port 4899 to check if those IP addresses have RADMIN service running. Once successful, it
This worm drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. Installation This worm drops the following copies of itself
However, as of this writing, the said sites are inaccessible. It inserts an IFRAME tag that redirects users to certain URLs. Backdoor Routine However, as of this writing, the said sites are
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be dropped by other malware. It may be unknowingly downloaded by a user while
This Trojan may install itself on the affected system as a rogue antivirus using certain names. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It
This is a component of a malicious Java archive file (.JAR). When executed, it may connect to remote sites to download possibly malicious files. However, it requires other components in order to run
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %System%\{random filename}.exe (Note: %System% is the Windows