Search
Keyword: browser hijacker
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{random key} Other System
pagefile.sys swapfile.sys thumbs.db It avoids encrypting files with the following strings in their file path: \Program Files (x86) \Windows \ProgramData \Tor Browser \Local Settings \IETldCache \Boot \All Users
\Program Files (x86) \Windows \ProgramData \Tor Browser \Local Settings \IETldCache \Boot \All Users \Program Files It drops the following file(s) as ransom note: {encrypted files directory}\ANATOVA.TXT
\Software\{random characters} femjannacafe{random 2} = "{Hex Values}" Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer Zone Settings. Other Details This backdoor
its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {Random Characters} = %Windows%\{Random Characters}.exe Web Browser Home Page and
characters} = %Application Data%\Microsoft\{6 random character}.exe Web Browser Home Page and Search Page Modification This Ransomware modifies the Internet Explorer Zone Settings. Other Details This
on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Web Browser Home Page and Search
execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
0.9_rc,Mozilla Firefox 0.9.3,Mozilla Firefox 0.9.2,Mozilla Firefox 0.9.1,Mozilla Firefox 0.9 Apply associated Trend Micro DPI Rules. 1003670| 1003670 - Multiple Browser Certificate Regexp Parsing Heap Overflow
\icacls.exe" C:\KTKTM /remove administrators "C:\Windows\System32\icacls.exe" C:\KTKTM /inheritance:r Web Browser Home Page and Search Page Modification This Hacking Tool modifies the Internet Explorer Zone
64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Web Browser Home Page and Search Page Modification This Trojan modifies the Internet
\Application Data\{random1}\{random}.exe" Other System Modifications This spyware adds the following registry keys as part of its installation routine: HKEY_CURRENT_USER\Software\Microsoft\ {random} Web Browser
modify browser cookies Manipulate files Obtain various system information (i.e., local time, drive information, idle time) Perform distributed denial of service (DDoS) attack against a target site Resolve
\Application Data\{random1}\{random}.exe" Other System Modifications This spyware adds the following registry keys as part of its installation routine: HKEY_CURRENT_USER\Software\Microsoft\ {random} Web Browser
that force the browser to execute malicious APK. The malicious APK uses local privilege escalation vulnerability CVE-2013-6282 and CVE-2014-3153 to root the device and install a shell backdoor. The
usually C:\Windows\System32.) NOTES: This Trojan sets the system time to September 27, 2019, 09:04 AM. If there is an active Internet connection, it opens the browser to view the non-malicious URL
any propagation routine. Backdoor Routine This adware does not have any backdoor routine. NOTES: This is a browser extension for Mozilla, which is used to load the following URL: http://ff.{BLOCKED
HKEY_CURRENT_USER\Software\Microsoft\ {random key} Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Trojan:Win32/Malagent (Microsoft), Trojan.Zbot
name}\{random name}.exe,explorer.exe" {KEY}\Software\Microsoft\ Windows\CurrentVersion\RunOnce {random key} = "%All Users Profile%\Application Data\{random folder}\{random file name}.exe" Web Browser
name}\{random name}.exe,explorer.exe" {KEY}\Software\Microsoft\ Windows\CurrentVersion\RunOnce {random key} = "%All Users Profile%\Application Data\{random folder}\{random file name}.exe" Web Browser