Search
Keyword: usoj_fakeav.smp7
This worm may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It drops copies of itself into network
Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It requires its main component to successfully perform its intended
\CLSID\{11347ACA-6019-BD37-83C6-A3C16253F96A} NHmoOnuxYPLxe = "kNWhsS`" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Licenses {IEE1F7440C4EA354A} = "7\x00\x00\x00" HKEY_LOCAL_MACHINE\SOFTWARE\Classes
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Autostart Technique This Ransomware adds
\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8
2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32-
and 8.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), 7 (32-bit), and 8 (32-bit), or C:\Program Files (x86)
smlx smn smp smpkg sms smwt smx smz sn1 sn2 sna snag snapshot snb snf sng snk snp sns snt snx so soi sp spb spd spdf speccy spf spg spj spk spl spm spml sppt spq spr sprt sprz sps spt spub spv sq sqb sqd
and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32-
sldm sldtm sldx sle slf slk SLL slm slp slt slx slz sm smc smd sme smf smh smi smlx smn smp smpkg sms smwt smx smz sn1 sn2 sna snag snapshot snb snf sng snk snp sns snt snx so soi sp spb spd spdf speccy
Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Other System Modifications This
This Ransomware arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
sme smf smh smlx smn smp sms smwt smx smz snb snf sng snk snp snt snx so soi spb spd spdf spk spl spm spml sppt spr sprt sprz sql sqlite sqlite3 sqlitedb sqllite sqx sr2 src srf srfl srs srt srw ssa ssh
slm slt slz sm smd sme smf smh smlx smn smp sms smwt smx smz snb snf sng snk snp snt snx so soi spb spd spdf spk spl spm spml sppt spr sprt sprz sql sqlite sqlite3 sqlitedb sqllite sqx sr2 src srf srfl
\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It drops the following
C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server
); C:\Users\{user name}\Desktop in Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)
); C:\Users\{user name}\Desktop in Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This