Search
Keyword: os2
This malware employs a new autostart mechanism and removes users' privileges in viewing the registry’s content. As such, users won’t be able to suspect that their systems are already infected. To get
" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge DisplayName = "Google Update" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge Start = "2" It adds the following registry entries to enable its
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
CVE-2010-1119 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows
XP Windows 5.0 OS information (Architecture, Caption, CSDVersion) CPU Information (Name) Memory Information User Accounts Installed Programs Installed Services IP Configuration Network Information
not have any downloading capability. Information Theft This Trojan gathers the following data: MAC Address IP Address Computer name OS version CPU and GPU name Stolen Information This Trojan sends the
/appScreen/progress_bg.png {BLOCKED}nstaller.appspot.com /install/first_time?session_id={session ID}&app_id={id}&offer_id={value}&os_version={Mac OS X Version} &install_version={value}&r={value}&disable_dynamic_update={value
system. As of this writing, the said sites are inaccessible. Information Theft This spyware gathers the following data: OS Version Computer Name Stolen Information This spyware sends the gathered
FirewallDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center\Svc AntivirusDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "2
\ Advanced Hidden = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies NoDispCPL = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies DisableCMD = "1
{BLOCKED}q.com.plenty{filename of each textfile} Information Theft This Ransomware gathers the following data: Data from text files (files with .txt extension) in all directories Username PC name OS name OS
AIBATOOK variants are known for data theft or stealing banking account information. It may also gather infected system's information such as its MAC Address, operating system (OS) version, and it
\CurrentControlSet\ Services\W32Time Objectname = "LocalSystem" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\W32Time Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\W32Time Type = "20
AIBATOOK variants are known for data theft or stealing banking account information. It may also gather infected system's information such as its MAC Address, operating system (OS) version, and it
}&s1={string}&s2={value}&s3={value}&s4={value}&s5={value}&cid={value}&uac={value}&randid={value} It gathers the following information and reports it to its servers: OS Version Country Code Default
cmdagent.exe dwengine.exe dwservice.exe jpf.exe jpfsrv.exe oasrv.exe oaui.exe op_mon.exe It gathers the following data: UID OS version OS architecture (32bit/64bit) Default language GMT Summary of installed
\NetworkPlatform\ Location Awareness LastBackup = {Hex Values} Information Theft This Trojan gathers the following data: OS version Host Name Other Details This Trojan connects to the following website to send and
routines of the downloaded files are exhibited on the affected system. Information Theft This Trojan retrieves the following information from the affected system: Computer Name OS Version OS Service Pack
Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge ImagePath = "%Windows%\{random file name}.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\ge DisplayName = "Google Update
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a