thanks
windows\system32\soft.exe
Started by
dkstrader
, Feb 20 2005 12:40 AM
#1
Posted 20 February 2005 - 12:40 AM
thanks
#2
Guest_thatman_*
Posted 20 February 2005 - 08:53 AM
Hi dkstrader
Now why would you want to put Malware onto your system.
%sysdir%\soft.exe
Trojan Admincash.
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.
"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.
You Must Read This Before Posting A Hijackthis Log
Please post a new HJT.Log
Kc
Now why would you want to put Malware onto your system.
%sysdir%\soft.exe
Trojan Admincash.
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.
"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.
You Must Read This Before Posting A Hijackthis Log
Please post a new HJT.Log
Kc
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users