Search
Keyword: ms07047 windows media player 936782
\mscorsvw.exe %System%\sppsvc.exe %System%\svchost.exe -k WerSvcGroup "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k NetworkService (Note: %User Temp% is the current
"Updates\bRsCHPZ" /XML "%User Temp%\tmpF7D5.tmp" {malware file path and name} "{path}" %System%\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k
"Updates\DqpdeKTFQmdEg" /XML "%User Temp%\tmp53BA.tmp" {malware file path and name} "{path}" %System%\sppsvc.exe %System%\lsass.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%
\System32.) It deletes the following files: %Program Files%\Windows Media Player\npdrmv2.zip %Program Files%\Windows Media Player\npds.zip %Windows%\Fonts\GLOBAL~1.COM %Windows%\Fonts\GLOBAL~2.COM %Windows%
(x64)\Microsoft Silverlight %Program Files% (x64)\Reference Assemblies %Program Files% (x64)\Microsoft.NET %Program Files% (x64)\Internet Explorer %Program Files% (x64)\Windows Media Player (Note:
Modifications This Trojan modifies the following files: %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD (Note: %Application Data% is the
Media Player\wmpnetwk.exe" %System%\svchost.exe -k netsvcs (Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.. %Windows% is the
%\qbnhkdmm.tmp %Program Files%\Outlook Express\iiejobca.tmp %System%\giibikcj.tmp %Program Files%\Windows Media Player\kpoadhjd.tmp %System%\ljgbieda.tmp %Program Files%\Outlook Express\kbklehko.tmp
\SOFTWARE\MediaPlayerV1alpha4017\ Components HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ Firefox\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\MediaPlayerV1\ Media Player HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\SOFTWARE\MediaPlayerV1alpha6918\ Components HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ Firefox\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\MediaPlayerV1\ Media Player HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k WerSvcGroup %Windows%\Device.exe (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions..
schtasks.exe /Create /TN "Updates\gulgjV" /XML "%User Temp%\tmpC6E6.tmp" %Windows%\Microsoft.NET\Framework\v4.0.30319\vbc.exe "{path}" %System%\sppsvc.exe "%System Root%\Program Files\Windows Media Player
\Windows Media Player\wmpnetwk.exe" %System%\sc.exe start w32time task_started %System%\sdclt.exe /CONFIGNOTIFICATION taskhost.exe SYSTEM %System%\wsqmcons.exe %System%\svchost.exe -k LocalService
%\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k WerSvcGroup (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows
\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k WerSvcGroup %System%\svchost.exe -k NetworkService (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all
%\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k WerSvcGroup (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows
LocalServiceAndNoImpersonation %Windows%\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe %System%\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %Windows%\SysWOW64\nextbased.exe --44190e76 (Note:
\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k WerSvcGroup %System%\svchost.exe -k NetworkService (Note: %System% is the Windows system folder, where it
%System Root%\Program Files\Windows Media Player\wmpnetwk.exe" %System%\svchost.exe -k NetworkService (Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows
\{username}:Interactive:[1] %All Users Profile%\hfdkbi\tgsdoow.exe %All Users Profile%\hfdkbi\tgsdoow.exe start2 %System%\sppsvc.exe "%System Root%\Program Files\Windows Media Player\wmpnetwk.exe"