Search
Keyword: winshell
copies of itself into the affected system: %System Root%\WinShell\WinSeven.exe %System Root%\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskhost.exe (Note: %System Root% is the Windows root
%System Root%\WinShell\WinSeven.exe (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.) Autostart Technique This worm adds the following
%System Root%\WinShell\WinSeven.exe (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.) Autostart Technique This worm adds the following
copies of itself into the affected system: %System Root%\WinShell\WinSeven.exe (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.) Autostart
\SYSTEM\ControlSet001\ Services\WinShell Description = "Provide Windows Shell Service" This report is generated via an automated analysis system. Backdoor:Win32/Winshell.G (Microsoft); BackDoor-TC.gen
%\dat1.tmp" HKEY_CURRENT_USER\_reg WinShell = "%System%\Rundll32.exe %System%\shell32.dll,Control_RunDLL %User Temp%\dat1.tmp" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run WinShell = "%System%\remote.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunServices WinShell = "%System%\remote.exe" Other
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Backdoor arrives on a system as a
This spyware is designed to steal system-related information and gather banking, social networking, email and instant messaging (IM) credentials. It is believed to be used in targeted attacks aimed