Posts Tagged ‘HKCR’

ComLoad

Posted by FAV™ on February 13th, 2010

Created: DEC 2002
OS: Windows
Location: HKCR\Comload.loader\
HKCR\Comload.loader.1\
HKCR\Comload.loader2\
HKCR\Comload.loader2.1\
HKCR\dctl\
HKCR\CLSID\{9E1089BC-1AE8-4685-8D77-6721E5C318A8}\
HKCR\CLSID\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}\
HKCR\Interface\{19E91D82-7AD7-419F-866A-58C122DB1459}\
HKCR\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}\
HKCR\TypeLib\{266F948A-3DEE-4270-8F55-E79ACCD569FA}\

VN:F [1.8.3_1051]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.3_1051]
Rating: 0 (from 0 votes)
Read More »

BlueFire

Posted by FAV™ on January 2nd, 2010

Aliases: Backdoor.Win32.BlueFire.01, Backdoor.Win32.BlueFire.035, Backdoor.Win32.BlueFire.036, Backdoor.Win32.BlueFire.041, Backdoor.Win32.BlueFire.043, Backdoor.Win32.BlueFire.050
Variants: 0.1, 0.35, 0.36, 0.41, 0.43, 0.50
Port: 19191
Size: 11kb
Author: vinsa
Created: OCT 2001
OS: Windows
Location: HKCR\txtfile\shell\open\command\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Infection: tasksvc.exe, sysexpl.exe, bfhook.dll

VN:F [1.8.3_1051]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.3_1051]
Rating: 0 (from 0 votes)
Read More »

Blackhole

Posted by FAV™ on January 1st, 2010

Aliases: Backdoor.Singu.d, Backdoor.Singu.e, Backdoor.Singu.f, Backdoor.Singu.g, Backdoor.Singu.h, Backdoor.Singu.m, Backdoor.Singu.n, Backdoor.Singu.o, Backdoor.Singu.r, Backdoor.Singu.v, Backdoor.Win32.BlackHole.2005.k, Backdoor.Win32.BlackHole.2005.p, Backdoor.Win32.Mnets, Backdoor.Win32.Singu.a, Backdoor.Win32.Singu.m, Backdoor.Win32.Singu.n, Trojan-Spy.Win32.Spybox, TrojanDropper.Win32.Daoh
Variants: 2000, 2000 [OMEGE TEST], 2001, 2002, 2002 g & h, 2004 Build 20040712, 2004 Build 20040815, 2004 Build 20040915, 2004 Build 20041105, 2005 Enterprise Build 20050328, Titan
Port: 1050, 1122, 1144, 1415, 2000, 2001, 2002, 2004, 7788
Size: 208kb
Author: chengjingtao and lovejingtao
Created: SEP 2000
OS: Windows
Location: HKCC\Software\Microsoft\windows\CurrentVersion\Internet Settings\
HKCR\txtfile\shell\open\command\
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BLACK_HOLE2005_ENTERPRISE\0000\Control\
HKLM\SYSTEM\ControlSet001\Services\Black Hole2005 Enterprise\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLACK_HOLE2005_ENTERPRISE\
HKLM\SYSTEM\CurrentControlSet\Services\Black Hole2005 Enterpris\
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Infection: runwinvxd.exe, system.ini, services.exe, winservices.dll, findriv.dll, server.exe, xxxxx.exe, netbox.exe, abc.cfg, abc.exe

VN:F [1.8.3_1051]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.3_1051]
Rating: 0 (from 0 votes)
Read More »

Blacker

Posted by FAV™ on January 1st, 2010

Aliases: Trojan-PSW.Win32.LdPinch.nx, Trojan.Win32.Small.al
Variants: 1.1
Port: 23
Size: 13kb
Author: Black
Created: MAR 2005
OS: Windows
Location: HKCR\CLSID\{F741FAF7-07F9-49F2-9348-33A4C3A507B8}\
HKCU\Identities\{D4086F36-0b111C-4F8B-883F-F6A433830ADF}\Software\Microsoft\Internet Account Manager\
HKCU\Software\Far\
HKCU\Software\Ghisler\
HKCU\Software\Microsoft\Internet Account Manager\
HKCU\Software\Mirabilis\
HKCU\Software\RIT\
HKLM\SOFTWARE\Ghisler\
HKLM\SOFTWARE\Mirabilis\
HKLM\SOFTWARE\Miranda\
HKLM\SYSTEM\ControlSet002\.\
Infection: csrss.exe, dll.dll

VN:F [1.8.3_1051]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.3_1051]
Rating: 0 (from 0 votes)
Read More »

Black QQ Robber

Posted by FAV™ on January 1st, 2010

Aliases: IM-Worm.Win32.Lewor.ab, IM-Worm.Win32.Lewor.af, IM-Worm.Win32.Lewor.ag, IM-Worm.Win32.Lewor.ah, IM-Worm.Win32.Lewor.ai, Trojan-Downloader.Win32.Delf.aaa, Trojan-Downloader.Win32.Delf.ab, Trojan-Downloader.Win32.Delf.abj, Trojan-Downloader.Win32.Delf.abv, Trojan-Downloader.Win32.Delf.acv, Trojan-Downloader.Win32.Delf.aes, Trojan-Downloader.Win32.Delf.aex, Trojan-Downloader.Win32.Delf.alv, Trojan-Downloader.Win32.Delf.aog, Trojan-Downloader.Win32.Delf.axe, Trojan-Downloader.Win32.Delf.eoh, Trojan-Downloader.Win32.Delf.yj, Trojan-Downloader.Win32.Small.ddn, Trojan-Dropper.Win32.Agent.adu, Trojan-PSW.Win32.Delf.jj, Trojan-PSW.Win32.Delf.kl, Trojan-PSW.Win32.Delf.ln, Trojan-PSW.Win32.Delf.nx, Trojan-PSW.Win32.QQPass.gz, Trojan-PSW.Win32.QQPass.hu, Trojan-PSW.Win32.QQPass.ic, Trojan-PSW.Win32.QQPass.il, Trojan-PSW.Win32.QQPass.iv, Trojan-PSW.Win32.QQPass.jb, Trojan-PSW.Win32.QQPass.jh, Trojan-PSW.Win32.QQPass.jo, Trojan-PSW.Win32.QQPass.ju, Trojan-PSW.Win32.QQPass.jv, Trojan-PSW.Win32.QQPass.pa, Trojan-PSW.Win32.QQPass.qn, Trojan-PSW.Win32.QQPass.qs, Trojan-PSW.Win32.QQPass.rq, Trojan-PSW.Win32.QQPass.se, Trojan-PSW.Win32.QQPass.tb, Trojan-PSW.Win32.QQPass.uj, Trojan-PSW.Win32.QQPass.uv, Trojan-PSW.Win32.QQRob.16.ab, Trojan-PSW.Win32.QQRob.dm, Trojan-PSW.Win32.QQRob.fx, Trojan-PSW.Win32.QQRob.gl, Trojan-PSW.Win32.QQRob.hb, Trojan-PSW.Win32.QQRob.hj, Trojan-PSW.Win32.QQRob.jh, Trojan-PSW.Win32.QQRob.jn, Trojan-Spy.Win32.Delf.lw, Trojan-Spy.Win32.Delf.op,Trojan-PSW.Win32.QQRob.dc, Trojan.PSW.Win32.Delf.nx, Trojan.Win32.Agent.vz, Trojan.Win32.Qhost.kv
Variants: 1.0 Build1123, 1.0 Build0913, 1.0 Build0925, 1.0 Build1015, 1.1 Build1206, 1.1 Build1207, 1.1 Build1224, 1.2 Build0611, 1.2 Build1210, 1.2 Build1218, 1.2 Build1224, 1.2 Build1228, 1.3 Build0113, 1.3 Build0123, 1.3 Build0217, 1.3 Build0309, 1.3 Build0311, 1.3 Build0408, 1.3 Build0422, 1.3 Build0504, 1.3 Build0513, 1.3 Build0526, 1.3 Build0603, 1.4 Build0130, 1.4 Build0626, 1.4 Build0708, 1.4 Build0718, 1.4 Build0729, 1.4 Build0802, 1.4 Build0805, 1.4 Build0812, 1.4 Build0819, 1.4 Build0826, 1.4 Build1015, 1.5 Build0209, 1.5 Build0222, 1.5 Build0305, 1.5 Build0311, 1.6 Build0415, 1.6 Build0429, 1.6 Build0510, 1.6 Build0513, 1.7 Build0526, 1.7 Build0603, 1.7 Build0613, 1.7 Build0624, 1.7 Build0625, 1.8 Build0702, 1.8 Build0708, 1.8 Build0712, 1.8 Build0720, 1.8 Build0722, 1.8 Build0729, 1.8 Build0802, 1.8 Build0805, 1.8 Build0807, 1.8 Build0812, 1.8 Build0819, 1.8 Build0826, 1.8 Build0912, 1.8 Build0925, 1.9 Build1001, 1.9 Build1008, 1.9 Build1015, 1.9 Build1021, 2.0 Build0710, 2.0 Build1026, 2.0 Build1030, 2.0 Build1108, 2.0 Build1115, 2.0 Build1120, 2.0 Build1130, 2.0 Build1205, 2.0 Build1210, 2.0 Build1224, 3.0 Build0122, 3.0 Build0203
Size: 19kb
Author: tmhacker
Created: NOV 2005
OS: Windows
Location: HKCR\txtfile\shell\open\command\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
HKLM\SYSTEM\ControlSet001\Services\
Infection: aaykol.dll, aaykol.exe, adam.exe, ahwxvj.com, avp.com, avp.exe, conime.exe, dddrkn.dll, dddrkn.exe, dlbpdq.exe, elnnye.dll, elnnye.exe, fsplcv.exe, hx1.bat, IceSword.exe, impai.exe, iparmo.exe, iwaqio.exe, jxfcre.dll, jxfcre.exe, jycqmo.dll, jycqmo.exe, kabaload.exe, KRegEx.exe, KvDetect.exe, KVMonXP.kxp, KvXP.kxp, machineguid.txt, MagicSet.exe, mmsk.exe, msconfig.com, msconfig.exe, mshx.dll, mswosck.dll, nawrov.exe, ncyms.exe, ncyvms.dll, ngsbyt.exe, niw.exe, noruns.reg, nxlkno.dll, nxlkno.exe, PFW.exe, PFWLiveUpdate.exe, pncyqx.dll, pncyqx.exe, QQDoctor.exe, qqhx.dat, Ras.exe, Rav.exe, RavMon.exe, regedit.com, regedit.exe, runiep.exe, severe.exe, sfeojg.dll, sfeojg.exe, SREng.EXE, stillcap.exe, svohost.exe, tmbk.bak, tmbk.dll, tmdown.exe, tmdown1.exe, TrojDie.kxp, vjsnap.dll, vjsnap.exe, winscok.dll, wnilogon.exe, WoptiClean.exe, wuaclt.exe

VN:F [1.8.3_1051]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.3_1051]
Rating: 0 (from 0 votes)
Read More »
« Older Entries
download stepmom movie