Keyword: au
104705 Total Search   |   Showing Results : 481 - 500
  Previous   Next  
TROJ_AGENT_008122.TOMB
\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ InprocServer32
TROJ_HIDEFIL.DJ
"0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ x\z k = "5/31/2012" HKEY_CURRENT_USER\clsid\
WORM_VOBFUS.ALN
"0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ x\z k = "05-28-2012" HKEY_CURRENT_USER\clsid\
WORM_VOBFUS.LA
entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1
WORM_VOBFUS.SMCM
\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ x\z k = "6/4/2012" HKEY_CURRENT_USER\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ InprocServer32
WORM_VOBFUS.SMDL
entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1
TROJ_HIDEFIL.USBD30AVC
\WindowsUpdate\ AU NoAutoUpdate = "1" Other Details This Trojan connects to the following possibly malicious URL: http://howdy.{BLOCKED}n.com:60077/b.php This report is generated via an automated analysis system.
WORM_VOBFUS.SMD3
registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate
WORM_VOBFUS.PD
\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\Software\Microsoft\ DirectInput
WORM_VOBFUS.SM50
\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ InprocServer32 ThreadingModel = "Both" Dropping Routine This worm drops the following
WORM_VBNA.SMCY
\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" Dropping Routine This worm drops the following files: %User Profile%\html.html (Note: %User Profile% is the current user's profile
WORM_VOBFUS.SMJ6
MostRecentStart = "{random values}" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU
WORM_VOBFUS.SMIN
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER
WORM_VOBFUS.SMKK
" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ InprocServer32 ThreadingModel = "Both" Dropping Routine This
WORM_VOBFUS.SMCK
\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\.i8042prt Type = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\.i8042prt Start = "3
WORM_VOBFUS.SMIT
\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" It modifies the following registry entries to hide files with Hidden attributes: HKEY_CURRENT_USER\Software\Microsoft\ Windows
WORM_VOBFUS.SMIS
name}.exe /{random character}" Other System Modifications This worm adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" It
WORM_VOBFUS.SMLD
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced ShowSuperHidden = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER
WORM_VOBFUS.SM00
" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" HKEY_CURRENT_USER\Software\Microsoft\ DirectInput\MostRecentApplication Name = "MPBAN.EXE" HKEY_CURRENT_USER\Software
WORM_VOBFUS.USRP
entries as part of its installation routine: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate\ AU NoAutoUpdate = "1" It modifies the following registry entries to hide files with Hidden