Search
Keyword: URL
{BLOCKED}ad.info/cfgzif2.bin Its configuration file contains the following information: URL to download an updated copy of itself URL to send stolen data list of targeted bank-related Web sites to monitor
does not have any downloading capability. Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the
file from a URL and execute it. Urlopen - Opens a URL through a browser Urlhide - Creates a HTTP GET request PCShutdown - Executes a shutdown command PCRestart - Executes a restart command PCLogoff -
font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} Users who click the embedded URL are
redirected to a site that provides a download link
with malicious code. These sites redirect the user to malicious websites where the malicious code is hosted. A new Gumblar attack has been given the name "Gumblar.8080," which originated from a URL
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: date guid Other Details This Trojan executes the
the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime
executed to relate the above-mentioned __EventConsumer to the __EventFilter. The malicious script connects to the following URL to notify a remote user of an infection: http://{BLOCKED
It may be dropped by TROJ_DROPPER.ZBB. It injects itself into specific processes as part of its memory residency routine. It connects to the following possibly malicious URL This Trojan may be
Windows XP and Server 2003.) NOTES: Backdoor Routine This Backdoor executes the following commands from a remote malicious user: Connects to another URL Downloads other files Executes a file named %System%
scon.exe It does the following: Posts information about the affected system to the URL http://{BLOCKED}.ha.cn:81/admin/count.php Posted information include: MAC address, PC type, antivirus name Executes the
information to a remote URL. It connects to a malicious URL in order to receive commands from a remote malicious user. This backdoor may be manually installed by a user. It connects to a website to send and
execStartApp - runs a package execDelete - uninstalls a package execOpenUrl - opens a URL The said commands are obtained from the following URL: http://{BLOCKED}h.gongfu-android.com:8511/search/getty.php It
URL http://{BLOCKED}.{BLOCKED}.35.133/1712us12/{computername}/-/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating system version Service
\AppData\Local\Temp\notepad.exe and C:\Users\{username}\AppData\Local\Temp\newnotepad.exe 002 - exit 003 - download from URL received and save to C:\Users\{username}\AppData\Local\Temp\notepad.exe 004 - save
{BLOCKED}b.org/gate.php It deletes itself after execution. NOTES: This Trojan connects to the URL http://api.ipify.org , which is possibly non-malicious. Trojan:Win32/Chanitor (Microsoft);
minutes) Download and execute arbitrary file Update and uninstall itself Visit URL It connects to the following websites to send and receive information: http://{BLOCKED}.{BLOCKED}.145.174:6667/{generated
url {BLOCKED}.{BLOCKED}.19.190 ): Ransomware Routine This Ransomware encrypts files with the following extensions: .bak .sql .backup .7z .rar .zip .tiff .jpeg .jpg .accdb .sqlite .dbf .1cd .mdb .cd .cdr