Search
Keyword: ms04-011_microsoft_windows
99198 Total Search |
Showing Results : 1 - 20
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) Other System Modifications This
\amd64_microsoft-windows-i..onal-codepage-28594_31bf3856ad364e35_6.1.7600.16385_none_b172e054fdc6b179.exe %Windows%\winsxs\msil_taskscheduler_31bf3856ad364e35_6.1.7601.17514_none_170487c39d98ec89\msil_taskscheduler_31bf3856ad364e35_6.1.7601.17514_none_170487c39d98ec89.exe %Program Files%\Windows Photo
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file
Profile%\CryptnetUrlCache\MetaData %User Profile%\Microsoft\CryptnetUrlCache %User Profile%\CryptnetUrlCache\Content (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
\amd64_microsoft-windows-p..ommunicationsupport_31bf3856ad364e35_6.1.7600.16385_none_76e106400d5f9440 %Windows%\winsxs\x86_microsoft-windows-s..erexperience-common_31bf3856ad364e35_6.1.7600.16385_none_8eae698ab7e8d4d5 %System Root%\Program Files\Windows Journal\Templates %Application Data%\Microsoft
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
\index.dat %Application Data%\Microsoft\Media Player\CURREN~1.WMD %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML %User Profile%
%Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML %User Profile%\History.IE5\index.dat %Temporary Internet Files%\Content.IE5
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
\Users\{user name} on Windows Vista and 7.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Update='host.exe' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Windows
%Program Files%\Common Files\Adobe\ARM\1.0\READER~1.EXE %Program Files%\Common Files\Microsoft Shared\DW\DW20.EXE %Program Files%\Common Files\Microsoft Shared\DW\DWTRIG20.EXE %Program Files%\Common Files
Files%\Reference Assemblies\Microsoft\Framework\v3.5\SY0A90~1.DLL %Program Files%\Windows Media Player\custsat.dll %Program Files%\Windows Media Player\mpvis.dll %Program Files%\Windows Media Player
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce uSjBVNE = %Application Data%\sevnz.exe HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
system: %Application Data%\Microsoft\{6 random characters}.exe (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows