Search
Keyword: usoj per cent5fmdropper per cent2ebh
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run e103e28 = "%System Root%\e103e288\e103e288.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 286bac8 = "%System Root%\286bac8f\286bac8f.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run edb7fb7 = "%System Root%\edb7fb7c\edb7fb7c.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run d288a88 = "%System Root%\d288a882\d288a882.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 9520c82 = "%System Root%\9520c82f\9520c82f.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run edb7fb7 = "%System Root%\edb7fb7c\edb7fb7c.exe" HKEY_CURRENT_USER\Software
entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run fbeea8d = "%System Root%\fbeea8d7\fbeea8d7.exe" HKEY_CURRENT_USER\Software
as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan Spy adds the following processes: %All Users Profile%
Application adds the following processes: "%User Temp%\is-9ADAD.tmp\{malware file name}.tmp" /SL5="$20170,732127,721408,{malware file path and name}" %User Temp%\is-JOQ77.tmp\Setup.exe "%User Temp%\is-A0R2L.tmp
Adware adds the following folders: %Program Files%\CDBurnerXP %User Temp%\is-{random}.tmp (Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003,
\CurrentVersion\Run {malware file name}.exe = "%System%\{malware file name}.exe" Other System Modifications This Trojan modifies the following file(s): %Program Files%\Microsoft Office\Office12\PUBWIZ\DVDHM.POC
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 63b7688 = "%System Root%\63b7688d\63b7688d.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run c102c72 = "%System Root%\c102c729\c102c729.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 289ab66 = "%System Root%\289ab66a\289ab66a.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 66239b9 = "%System Root%\66239b94\66239b94.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run afdaa6e = "%System Root%\afdaa6eb\afdaa6eb.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 14aac75 = "%System Root%\14aac75c\14aac75c.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run df159ce = "%System Root%\df159ced\df159ced.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run e9e6a01 = "%System Root%\e9e6a010\e9e6a010.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run ffa5e7f = "%System Root%\ffa5e7fa\ffa5e7fa.exe" HKEY_CURRENT_USER\Software