Threat Information for "Winstall Desktop Changer"
| Summary | Top |
- Name: Winstall Desktop Changer
- Aliases:
- Date Discovered: 2006-12-12
- Protection Added: 2006-12-19
| Description | Top |
-- Ease of Removal 1: Consistently named 2: Consistent file contents 3: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Disables administrator tools -- Damage/Intrusion/Annoyance 1: Creates new files 2: Modifies non-critical registry entries -- Propagation/Saturation 1: Infects with other exploitation method
| Technical Details | Top |
- Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\System - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\ActiveDesktop - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer - Added Registry Value:
Key: HKLM\Software\Microsoft\Internet Explorer\Desktop\General Value: WallpaperLocalFileTime - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\Desktop\General Value: WallpaperLocalFileTime - Added Registry Value:
Key: HKLM\Software\Microsoft\Internet Explorer\Desktop\General Value: WallpaperFileTime - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\Desktop\General Value: WallpaperFileTime - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %ROOTDRIVE%winstall.exe
