Search
Keyword: 2
Systems,Windows Server 2012 R2,Windows RT,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
Systems,Windows Server 2012,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2012
1,Windows Server 2008 R2 for Itanium-based Systems Service Pack 1,Windows 8 for 32-bit Systems,Windows 8.1 for 32-bit Systems,Windows RT,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
2012 R2,Windows RT,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation
Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**,Windows
Pack 2*,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*,Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based
2,Windows Server 2003 with SP2 for Itanium-based Systems,Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*,Windows Server 2008 for x64-based Systems and Windows
Windows Server 2008 for 32-bit Systems Service Pack 2*,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*,Windows Server 2008 for Itanium-based Systems
\2\Open.hta (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:
executable file that claims to be the update patch and bug fixes for Windows XP Service Pack 2 and 3. The executable file has a detection name of WORM_VB.GAW
Description Name: APT - Possible POISONIVY - TCP (Response) - Variant 2 .
Description Name: Possible IE Exploit - HTTP (Response) - Variant 2 .
\ SHOWALL CheckedValue = 0 (Note: The default value data of the said registry entry is 1 .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\mnmsrvc Start = 2 (Note: The default value data of the said
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
HKEY_CURRENT_USER\Software\{UID} HKEY_CURRENT_USER\Software\{UID}\ {random key} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA