Search
Keyword: mal_otorun1
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
= "0" (Note: The default value data of the said registry entry is 1 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\ SHOWALL CheckedValue = "0"
= "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced
DisallowRun = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ system DisallowRun = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\DisallowRun 1
Timeout = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows Script Host\Settings Enabled = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies
Settings enablehttp1_1 = "1" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\ zones\3 1601 = "0" (Note: The default value data of
\ Windows NT\CurrentVersion\Image File Execution Options\ regedit.exe debugger = "\notepad.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ TUX\Path 1 = "M68407" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ TUX\Path 2 =
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe" HKEY_CURRENT_USER\Software\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe" HKEY_CURRENT_USER\Software\Microsoft
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run csrcs = "%System%\csrcs.exe
value data of the said registry entry is {random values} .) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\Eventlog\Application\ ESENT CategoryCount = "1" (Note: The default value data of the said
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
creates the following registry entry(ies) to disable Task Manager, Registry Tools and Folder Options: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NofolderOptions = "1
said registry entry is 2 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced HideFileExt = "1" (Note: The default value data of the said registry entry is 1 .)
\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DRM\amty ilop = "1
This worm arrives via removable drives. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. Arrival Details This worm