Search
Keyword: win32
73900 Total Search |
Showing Results : 1 - 20
ensure its automatic execution at every system startup by adding the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\win32 Type = "10" HKEY_LOCAL_MACHINE\SYSTEM
following copies of itself into the affected system: %System Root%\Win32\IExplorer.exe (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) It
\POSIX.dll %User Temp%\p2xtmp-{number}\auto\Win32API\File\File.dll %User Temp%\p2xtmp-{number}\auto\Win32API\Registry\Registry.dll %User Temp%\p2xtmp-{number}\auto\Win32\API\API.dll %User Temp%\p2xtmp-{number}
entries: HKEY_CURRENT_USER\Software\Win32 WTPYFN = "1764" HKEY_CURRENT_USER\Software\Win32 WTPYFN = "1268" HKEY_CURRENT_USER\Software\Win32 WTPYFN = "636" HKEY_CURRENT_USER\Software\Win32 WTPYFN = "772
This is a type of metamorphic virus that infects Win32 files. This virus disassembles the host file and integrates itself between the target file's codes. This virus then rebuilds the codes that
%System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.) It creates the following folders: %Application Data%\win32 (Note: %Application Data%
\Win32\Win32.exe (Note: %System% is the Windows system folder, which is usually C:\Windows\System32.) It creates the following folders: %System%\Win32 (Note: %System% is the Windows system folder, which is
%\win32\pic-5486.scr (Note: %System% is the Windows system folder, which is usually C:\Windows\System32.) It creates the following folders: %System%\win32 (Note: %System% is the Windows system folder,
\src %User Temp%\ocr1.tmp\src\win32 %User Temp%\ocr1.tmp\bin %User Temp%\ocr1.tmp\lib %User Temp%\ocr1.tmp\lib\ruby %User Temp%\ocr1.tmp\lib\ruby\gems %User Temp%\ocr1.tmp\lib\ruby\gems\1.8 %User Temp%
detected as TROJ_BTCCLIP.A %User Temp%\Win32DiskImager_0_9_5_install.exe -> Win32 Disk Imager installer (normal) NOTES: This is the Trend Micro detection for a trojanized Win32 Disk Imager installer.
CVE-2007-2219 Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an
\ Windows\CurrentVersion\Run Generic Host Process for Win32 Services = "ghsvc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunServices Generic Host Process for Win32 Services =
\ Windows\CurrentVersion\Run Generic Host Process for Win32 Services = "ghsvc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunServices Generic Host Process for Win32 Services =
This is the Trend Micro detection for Win32 Self-Extracting Cabinet files created by WORM_PROLACO.EK. The said file contains a copy of WORM_PROLACO.EK and an .EXE or .MSI file, which it finds in
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Win32 Service = "{malware path and file name}" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This spyware creates the following folders: %User Profile%\Application Data\win32
{0E05704B-07AB-41EB-8A17-F007AFBB5AA5}\ 1.0\0\win32 {default} = %system%\MediaP.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{C881E764-E445-4EAC-9480-898E25DAEE3B}\InprocServer32 {default} = %system%\MediaP.dll HKEY_LOCAL_MACHINE
itself into the affected system: %System Root%\win32\7D3B99B55BC.exe (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) It drops the following
{1EA4DBF0-3C3B-11CF-810C-00AA00389B71} HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib Version=1.1 HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\win32 (Default)=oleacc.dll
NOTES: This is the Trend Micro detection for Win32 Self-Extracting Cabinet files created by WORM_ACKANTTA.C. The said file contains a copy of WORM_ACKANTTA.C using the filename SnowFairye.EXE , and