Search
Keyword: unixliona1
\ WTool UninstallString = "%Program Files%\WTool\Uninstall.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ WTool NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
Profile%\Remote\ug5.dll, UnregisterDll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{25793E4A-9606-47DC-A041-19448E542D53} IsInstalled = "1" HKEY_LOCAL_MACHINE\SOFTWARE
%pplication Data%Java\?shimgvw?.exe,0 (Note: The default value data of the said registry entry is shimgvw.dll,3 .) HKEY_CURRENT_USER\Control Panel\Desktop AutoEndTasks = 1 (Note: The default value data of the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. It connects to
\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts
\ Internet Account Manager\Accounts\Active Directory GC LDAP Server ID = "0" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software
\ 5824CF32C3CC2A47443DB10A33BBE3AC8DE524E1 Blob = "{random values}" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" HKEY_LOCAL_MACHINE\SOFTWARE
GC LDAP Server ID = "0" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts
CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) It deletes the following registry keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\SafeBoot\Minimal\
\SOFTWARE 38997 = "Browser Guardian" HKEY_LOCAL_MACHINE\SOFTWARE\Browser Guardian SeenDate = "1403625069" HKEY_LOCAL_MACHINE\SOFTWARE\Browser Guardian Seen = "1" HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2
LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere
Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
DisableAntiSpyware = 1 (Note: The default value data of the said registry entry is 0 .) HKEY_LOCAL_MACHINE\Software\Policies\ Microsoft\Windows Defender DisableRoutinelyTakingAction = 1 (Note: The default value data
\smtmp\1 %User Temp%\smtmp\2 %User Temp%\smtmp\3 %User Temp%\smtmp\4 %Start Menu%\Programs\{OS Name} Restore (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings