Keyword: ms04-11_microsoft_windows
100641 Total Search   |   Showing Results : 21 - 40
  Previous   Next  
Trojan.Win32.DOFOIL.USXVPK319
shadows /all /quiet Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
PUA.Win32.OPENCANDY.AE
%Program Files%\PDFCreator\languages %All Users Profile%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses %Application Data%\pdfforge\Images2PDF %Program Files%\PDFCreator\GS9.04\gs9.04 %Program
TROJ_DROPPR.TAK
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
TSPY_INJECTOR_CA082EBF.TOMC
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
PUA.Win32.SafeWatch.A
usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit),
WORM_VBNA.QQ
\Users\{user name} on Windows Vista and 7.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
TROJ_DELREGKEY.A
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) Other System Modifications This
Worm.MSIL.AUTOCOPY.A
\amd64_microsoft-windows-i..onal-codepage-28594_31bf3856ad364e35_6.1.7600.16385_none_b172e054fdc6b179.exe %Windows%\winsxs\msil_taskscheduler_31bf3856ad364e35_6.1.7601.17514_none_170487c39d98ec89\msil_taskscheduler_31bf3856ad364e35_6.1.7601.17514_none_170487c39d98ec89.exe %Program Files%\Windows Photo
Worm.Win32.AUTOSIPOC.AA
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file
TROJ_KILLAV.AZF
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
Ransom.Win32.CRYSIS.TIBGET
system: %all users profile%\microsoft\windows\start menu\programs\startup\{malware file name}.exe It adds the following processes: %User Temp%\51df5104274d5c31b9a8b421e75d48d981568ac2.exe %System%
Trojan.AutoIt.SONBOKLI.USXVPAE20
system versions.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion
RANSOM_HERMES.THCOHAH
\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Ransomware
HackTool.Win32.AutoKMS.GA
\cert\kmscertW8\ProfessionalN %Program Files%\KMSpico\cert\kmscert2010\Visio %All Users Profile%\Microsoft\Windows\Start Menu\Programs\KMSpico %Program Files%\KMSpico\cert\kmscertW81\ServerDatacenter
TROJ_INJECTO.CGN
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
WORM_VBNA.QL
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run E80D4DCF9A46877D76F199B95BD9BF9B4484CF1907CC818D = "%User Profile%\47275626C69675
PUA.Win32.FusionCore.SMBD2
\DVDVideoSoft\Free Image Convert and Resize\el-GR %Program Files%\DVDVideoSoft\Free Audio Converter\pl-PL %Program Files%\DVDVideoSoft\Free Dailymotion Download\imageformats %All Users Profile%\Microsoft\Windows
TROJ_KILLFILE.BL
\MICROS~1\INTERN~1\QUICKL~1\SHOWDE~1.SCF %System Root%DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\Windows\Themes\CUSTOM~1.THE %System Root%DOCUME~1\ADMINI~1\Cookies\index.dat %System Root%DOCUME~1\ADMINI~1\FAVORI~1
PUA.Win32.ShellBand.A
creates the following folders: %Program Files%\k52zip\data %Program Files%\k52zip %User Temp%\access %All Users Profile%\Microsoft\Windows\Start Menu\Programs\52\xe5\xa5\xbd\xe5\x8e\x8b %Program Files%
Ransom.MSIL.THANOS.FAIU
RaccineSettings.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F reg delete HKCU\Software\Raccine /F schtasks /DELETE /TN "Raccine Rules Updater" /F sc.exe config Dnscache start=