Search
Keyword: usojan.sh.hadglider.tsd
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
This Worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
Playingona Programs Quota Reason Scroll Secret Simple Sms Source Step Teal Tsd Users Vdm Volume Vsip Wake Wallpaper Webcam Workflow Xian Zone It deletes the initially executed copy of itself
bears tabbtn cookies cloud tsd horz texas montana status wan attrib param srv dim pages cab searcha hid jpn sounds wfp string hexa ssps taupe bang hei system ftp layout build (Note: %System% is the
deep window xpath iowa orange starta volume pal fltr dynamic iwamreg bundle shlp bears tabbtn cookies cloud tsd horz texas montana status wan attrib param srv dim pages cab searcha hid jpn sounds wfp
wdi mso shl files deep window xpath iowa orange starta volume pal fltr dynamic iwamreg bundle shlp bears tabbtn cookies cloud tsd horz texas montana status wan attrib param srv dim pages cab searcha hid
scn loada leelaw compute ordered wdi mso shl files deep window xpath iowa orange starta volume pal fltr dynamic iwamreg bundle shlp bears tabbtn cookies cloud tsd horz texas montana status wan attrib
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. As of this writing, the said sites are inaccessible. Arrival Details This Trojan arrives
persistence: Path: /var/spool/cron/crontabs/ Schedule: Every 30 minutes Command: */30 * * * * sh /etc/newsvc.sh >/dev/null 2>&1 Disables Firewall Deletes the following user accounts: akay vfinder Stops
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It executes
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
/usr/bin/crontab /var/spool/cron/{user} crontab content: */10 * * * * sh (/etc/update.sh or /tmp/update.sh) >/dev/null 2>&1 disables SELINUX Clear PageCaches Renames the following files: /usr/bin/wgen to
/tmp/.vd/sslm.tgz min* {Current Directory}/min* /tmp/min* Process Termination This Trojan terminates the following processes if found running in the affected system's memory: rand rx rd tsm tsm2 haiduc a sparky sh
Modifications This Trojan modifies the following file(s): /etc/rc.local - adds "sh /usr/local/bin/npt" to run downloaded file on boot /var/spool/mail/{user} - contents replaced with "0" string /var/log/wtmp -
}/config.json It creates the following cron job to enable automatic execution of update.sh: Path: '/var/spool/cron/crontabs/'"$USER" Schedule: Every 30 minutes Command: */30 * * * * sh {directory}/update.sh