Home Malware Programs Malware PDF/Exploit-script

PDF/Exploit-script

Posted: September 26, 2011

PDF/Exploit-script is a malware threat which tries to exploit the vulnerability detected in PDF to execute harmful actions. PDF/Exploit-script can also use a malicious PDF file to corrupt a targeted computer. PDF/Exploit-script can be used to distribute annoying pop-up ads, redirect you to malicious websites, control your web browsing, etc. PDF/Exploit-script can cause corruption of system files and personal data loss. Therefore, delete PDF/Exploit-script immediately upon detection.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



c:\windows\system32\[RANDOM NAME].exe of PDF/Exploit-script File name: c:\windows\system32\[RANDOM NAME].exe of PDF/Exploit-script
Mime Type: unknown/exe of PDF/Exploit-script
%AppData%\%username%.task\.exe File name: %AppData%\%username%.task\.exe
File type: Executable File
Mime Type: unknown/exe
%Temp%\.exe of PDF/Exploit-script File name: %Temp%\.exe of PDF/Exploit-script
Mime Type: unknown/exe of PDF/Exploit-script
%Windir%\albasya.exe File name: %Windir%\albasya.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pdf.exe File name: %Windir%\pdf.exe
File type: Executable File
Mime Type: unknown/exe
%CommonAppData%\flash.exe File name: %CommonAppData%\flash.exe
File type: Executable File
Mime Type: unknown/exe
%CommonPrograms%\startup\start.exe File name: %CommonPrograms%\startup\start.exe
File type: Executable File
Mime Type: unknown/exe
%System%\execute.exe File name: %System%\execute.exe
File type: Executable File
Mime Type: unknown/exe
%LocalAppData%\.dll File name: %LocalAppData%\.dll
File type: Dynamic link library
Mime Type: unknown/dll

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Loading...