Search
Keyword: W2KM_DOXMAL
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This file infector arrives on a
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
fixed, removable and network drives. It executes the following command to terminate and delete itself: cmd.exe /C timeout 2 && Del /Q /F {malware directory}\{malware file name} It deletes the shadow volume
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
ReportServer$TPSAMA Zoolz 2 Service MSOLAP$TPS aphidmonitorservice SstpSvc MSExchangeMTA ReportServer$SYSTEM_BGC Symantec System Recovery UI0Detect MSExchangeSA MSExchangeIS ReportServer MsDtsServer110 POP3Svc
value data of the said registry entry is 2 .) Dropping Routine This Trojan drops the following files: %Program Files%\LP\0D2F\056.exe %Program Files%\LP\0D2F\1.tmp U L ACPI#PNP0303#2&da1a3ff&0\L\suianxvn
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\helpsvc Start = "4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
%User Temp%\smtmp\1 %User Temp%\smtmp\2 %User Temp%\smtmp\3 %User Temp%\smtmp\4 (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This