Search
Keyword: usojanspy.win32.golroted.thaooeah2
81509 Total Search |
Showing Results : 1 - 20
This Trojan Spy arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
following applications: Spinter Cell Pandora Tomorrow Splinter Cell Chaos Theory Call of Duty Call of Duty United Offensive Call of Duty 2 Call of Duty 4 Call of Duty WAW Dawn of Warm Dawn of War - Dark
\Activision\Call of Duty United Offensive HKEY_LOCAL_MACHINE\Software\Activision\Call of Duty 2 HKEY_LOCAL_MACHINE\Software\Activision\Call of Duty 4 HKEY_LOCAL_MACHINE\Software\Activision\Call of Duty WAW
\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ SystemCertificates\AuthRoot
\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping Routine This Trojan Spy drops the following files: %User Temp%\holdermail.txt
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It steals sensitive information such as user names
\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
is 7 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping Routine This worm drops
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ SystemCertificates\AuthRoot\Certificates\ 4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C Blob = "{random values}" (Note: The default
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
2 .) Dropping Routine This Spyware drops the following files: %User Profile%\Application Data\process.exe %User Temp%\z136 %User Profile%\Application Data\pid.txt %User Profile%\Application Data
\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ SystemCertificates\AuthRoot
is 7 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping Routine This spyware drops
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file