Search
Keyword: usoj per cent5fmdropper per cent2ebh
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 3464ac9 = "%System Root%\3464ac90\3464ac90.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 715fbdb = "%System Root%\715fbdb7\715fbdb7.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run cb09bd6 = "%System Root%\cb09bd63\cb09bd63.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 3a07e12 = "%System Root%\3a07e12b\3a07e12b.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run d39f8c4 = "%System Root%\d39f8c43\d39f8c43.exe" HKEY_CURRENT_USER\Software
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 8bbab6f = "%System Root%\8bbab6f0\8bbab6f0.exe" HKEY_CURRENT_USER\Software
\Software\Microsoft\ Windows NT\CurrentVersion\Windows load = "%Windows%\rundl132.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Tracing\ Microsoft\Imapi LogSessionName = "stdout"
\Software\Microsoft\ Windows NT\CurrentVersion\Windows load = "%Windows%\rundl132.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Tracing\ Microsoft\Imapi LogSessionName = "stdout"
Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: %User Temp%
may be manually installed by a user. Installation This Potentially Unwanted Application adds the following folders: %User Temp%\in{random} %User Temp%\inH{random} %User Temp%\inH{random}\css %User Temp%
malicious sites. Installation This Potentially Unwanted Application drops the following files: %User Temp%\nsn{Random Hex}.tmp %User Temp%\nsc{Random Hex}.tmp\LuaBridge.dll %User Temp%\nsn{Random Hex}.tmp
Root%\DOCUME~1 %System Root%\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%/K1H1elo6MpUVCtTOjml\apps %User Temp%/K1H1elo6MpUVCtTOjml\skin %User Temp%/K1H1elo6MpUVCtTOjml\skin/res %User Temp
Root%\DOCUME~1 %System Root%\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%/LCBvgBOvsxRGEGppZvA\apps %User Temp%/LCBvgBOvsxRGEGppZvA\skin %User Temp%/LCBvgBOvsxRGEGppZvA\skin/res %User Temp
Temp%\sdbh.exe (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32-
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Temp%\~zm_
\FlashTopia\js %System Root%\Google %System Root%\Google\Chrome %System Root%\Google\Chrome\User Data %System Root%\Google\Chrome\User Data\Profile 1 %System Root%\Google\Chrome\User Data\Profile 2 %System Root
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan deletes the following files: %Temporary Internet Files%
Profile%\s-1-5-21-1645522239-1292428093-682003330-1003\nlqngmz.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and
following copies of itself into the affected system: %System%\winupdate.exe (Note: %System% is the Windows system folder, which is usually C:\Windows\System32.) Autostart Technique This Trojan adds the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan deletes the following files: %System Root%\ntldr %Windows%