Search
Keyword: mal_otorun1
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced HideFileExt = "1" (Note: The default value data of the said registry entry is 0 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This worm deletes registry entries, causing some applications and programs to not function properly. It drops copies of itself in all removable drives. It deletes itself after execution. Installation
\CurrentVersion\Explorer\ Advanced Hidden = "2" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0
This worm may be unknowingly downloaded by a user while visiting malicious websites. It drops copies of itself in all removable and physical drives found in the system. It drops an AUTORUN.INF file
= "0" (Note: The default value data of the said registry entry is 1 .) Propagation This worm drops copies of itself in all physical drives. Dropping Routine This worm drops the following files: %User
Temp%\blink.dll" Other System Modifications This worm adds the following registry entries as part of its installation routine: HKEY_CURRENT_USER {Default} = "1" It modifies the following registry entries
value data of the said registry entry is 1 .) Propagation This worm drops the following copy(ies) of itself in all removable drives: {removable drive letter}:\janka.vbs It drops an AUTORUN.INF file to
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF
This Trojan may be dropped by other malware. It automatically executes files when a user opens a drive. Arrival Details This Trojan may be dropped by other malware. Propagation The said .INF file
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NoFolderOptions = 1 It modifies the following registry entries to hide files with Hidden attributes: HKEY_CURRENT_USER\Software
folder to view files rundll32.exe setup{random numbers}.fon shell\open\command = rundll32.exe setup{random numbers}.fon Icon = %System%\shell32.dll,4 useautoplay = 1 (Note: %System% is the Windows system
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It
1 .) Propagation This worm drops the following copy(ies) of itself in all removable drives: fkpul.exe Passwords.exe Porn.exe Secret.exe Sexy.exe It drops an AUTORUN.INF file to automatically execute
This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following malware: WORM_PALEVO.SMGA NOTES: This is the Trend Micro detection for AUTORUN.INF files
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft
%System%\svchOst.DAT" Other System Modifications This worm adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced superhidden = "1" It modifies
This Trojan may be dropped by other malware. It automatically executes files when a user opens a drive. Arrival Details This Trojan may be dropped by other malware. Propagation The said .INF file
FirewallOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" Propagation This worm drops the following copy(ies) of itself in all removable drives: {drive letter}: