Search
Keyword: W2KM_MONALIS
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
modifies the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wuauserv Start = "4" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SYSTEM
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP
\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software
\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. It deletes the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. It deletes the
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It does
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This file infector arrives on a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
HOSTS File Modification This Trojan overwrites the system's HOSTS files to prevent users from accessing the following websites: {BLOCKED}.253.22 008.wzhe123.cn {BLOCKED}.253.22 010389.com {BLOCKED
This worm arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be downloaded by other malware/grayware/spyware from remote sites. It may be dropped