Search
Keyword: unixliona1
CVE-2010-3000 Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
inject the malicious codes to the following processes: %User Temp%\RegSvcs.exe String 1 can be any of the following: dhcp upnp tcp udp saas iss smtp dos dpi pci scsi wan lan nat imap nas ntfs wpa dsl agp
\Session0000 SessionHash = "8w\xcd\xd9\xce\xbcx\xb7\xddY5\x85\x08\x8e\x8fqq\xb3p\xd0*b\x99q\x86`Io\x8e\xa3q!" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft
\xfb'\x97K=\xde\x7f_\xdf\xea]\xdb\xd1P\xf3d\x08'4\xc0{\x08\xc6\x0fU\x80W\xe2" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft
Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).) It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\Paramter NewInstalled = "1
\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" Dropping Routine This Potentially Unwanted Application
\ CLSID\{Generated ID-5}\ToolboxBitmap32 (Default) = %System%\KOALCS~1.OCX, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{Generated ID-5}\MiscStatus (Default) = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\
" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ OneStepSearch Src = "onestep" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ OneStepSearch Initial = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ OneStepSearch ShowToolbarButton = "0
" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\6825245b Type = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\6825245b ErrorControl = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\6825245b Start = "1
\ Windows NT\CurrentVersion\Winlogon SFCScan = "0" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced HideFileExt = "1" (Note: The
" HKEY_LOCAL_MACHINE\SOFTWARE\qI9nJ Vsevu3l = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Fseytdc.Ariaqudok {Default} = "Ariaqudok Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Fseytdc.Ariaqudok\CLSID {Default} = "
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
URLInfoAbout = ".." HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ sidego_is1 NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ sidego_is1 NoRepair
NoUnsafeTypeCautionForSCR = "1" HKEY_CURRENT_USER\Software\Nico Mak Computing\ WinZip\caution NoUnsafeTypeCautionForEXE = "1" HKEY_LOCAL_MACHINE\SOFTWARE\KHATRA\ Startup_List restart_run = "%System Root%\cwsandbox_manager
This spyware may be downloaded by other malware/grayware/spyware from remote sites. It connects to certain websites to send and receive information. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
"1" Dropping Routine This Trojan drops the following files: taskmgr.exe %Temporary Internet Files%\Content.IE5\ZDGZNKA5\f8[1] %Temporary Internet Files%\Content.IE5\BVLBNMKH\h1[1] %Temporary Internet
\WindowsUpdate DisableOSUpgrade = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ OSUpgrade ReservationsAllowed = "0" HKEY_LOCAL_MACHINE\SOFTWARE\qanz ltpxeirzlt = "eGwRgMVrVTpfkg==