Search
Keyword: unixliona1
\ Internet Settings Security_HKLM_only = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\Security DisableSecuritySettingsCheck = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
Profile%\Remote\prtjyc.dll, UnregisterDll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{B044577A-C24A-4DBB-9428-12AB6C8C14E3} IsInstalled = "1" HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\HOOK_ID name = "{malware file name}" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\577f256b Type = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\577f256b
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be unknowingly
This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
\CurrentVersion\Image File Execution Options\ regedit.exe Debugger = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\CurrentVersion\ Internet Settings Security_HKLM_only = "1" HKEY_LOCAL_MACHINE
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
\Accounts\Active Directory GC LDAP Server ID = "0" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account
\ 5824CF32C3CC2A47443DB10A33BBE3AC8DE524E1 Blob = "{random values}" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" HKEY_LOCAL_MACHINE\SOFTWARE
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2
Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet
= "0" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server
\userinit.exe, .) Other System Modifications This Trojan adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableRegedit = "1" HKEY_LOCAL_MACHINE
\Policies\ Microsoft\Windows NT\SystemRestore It adds the following registry entries: HKEY_CURRENT_USER\Software\Policies\ Microsoft\Windows\System DisableCMD = "1" HKEY_CURRENT_USER\Software\Microsoft
\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager
\Jawego\ Params PCCP = 1 HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Plus TELNO = (844) 944-0918 HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Plus TELNOFR = 01.76.54.27.59 HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Plus TELNODE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ Puran Defrag_is1 NoModify = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ Puran Defrag_is1 NoRepair = 1
characters}" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate DisableOSUpgrade = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ OSUpgrade ReservationsAllowed =