What does this registry value?

Today, I found a couple of old files on my computer containing information on Zeus.  The files refer to the following registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

The information I have indicates that a computer infected with Zeus can take the following values in the registry, but it does not say how those values.  I tried to do a search on Google, but all I get is loads and loads of sites containing log files HijackThis that does give me no information that are of no real use.

In general - not only specific to Zeus - what these registry values actually do?

Thanks for any help you can offer.

-Tom

Its probably something to do with the ip address of people. Looks like malware.trace also uses or puts NT\CurrentVersion\Network\UID HKEY_LOCAL_MACHINE in the registry. Infostealer Trojan also adds this key in the registry

Tags: Windows

Similar Questions

  • 62/4MEM/40000000: 0X84321b98 what does this error message mean?

    62/4MEM/40000000: 0X84321b98 what does this error message mean?

    It of a memory error, what are you are having problems.

  • My wife has an i5 to 2.3 GHz MacBook Pro early 2011 and it worked like a slug.  Ran disk utility and verified that the disk needs repair using recovery HD.  What does this lead and what is the risk of losing all the data is there?

    My wife has an i5 to 2.3 GHz MacBook Pro early 2011 and it worked like a slug.  Ran disk utility and verified that the disk needs repair using recovery HD.  What does this lead and what is the risk of losing all the data is there?

    Even if it is very slow, you must make a return upwards before the race "repair disk". The risk of data loss is minimal, but do it anyway: Save and run to repair the disk.

    As for what it implies - most of the time nothing more than simply sitting and waiting to do his thing.

  • Your version of Intel Active Management Technology is not compatible with this version of Windows. What does this mean?

    my pc is hp compaq dc 7800 small form factor.

    I installed win vista Business 64-bit

    After installition, I get this message

    "Your version of Intel Active Management Technology is not compatible with this version of Windows."

    What does this mean?

    Thank you

    Hello

    I suggest you send the question in this forum and check if it helps;

    http://social.technet.Microsoft.com/forums/en-us/itprovistasetup

    It will be useful.

  • Windows Defender does not turn and I can't access it. I get the error Code is 0x800106ba. What does this error code mean?

    I can't turn on Windows Defender, nor can I open it upwards. The error code that is displayed is 0x8800106ba. What does this code mean?

    Hi, tonytiger34.

    The usual solution to this error is to make sure that the service is automatic. Oferror message when you run Windows Defender: 'Error 0x800106ba Code' :

    "To resolve this issue, follow these steps:

    1. Set the Windows Defender service on Automatic rather than Manual or disabled . To do this, follow these steps:

      1. Click Start

        The collapse of this image enlarge this image

        type services in the Start Search box, and then clickServices in the programs list.

        The collapse of this image enlarge this image

        If you are prompted for an administrator password or for confirmation, type your password or clickcontinue .

      2. Double-click the Windows Defender service and then in the Startup type box, clickAutomatic .
      3. Click OK . »

    If the automatic commissioning does not resolve the problem, try reinstalling Windows Defender.  Note, however, if you have installed Microsoft Security Essentials, Windows Defender disabled installation because MSE includes anti-spyware protection.

    Additional steps are available in the article referenced in the Knowledge Base.  Please let us know how make you out.

    Corrine, Microsoft MVP (consumer security)
    My Blog: Security garden

    This announcement is in my opinion and does not necessarily reflect the opinion or the opinion of Microsoft, its employees or other MVPS and is provided without warranty and not an entitlement.

  • error code: 214750037 what does this mean and how do I? in the game adera

    I was downloading DLC to adera and it downloads fine, but when it installs it said error of mapping content an unexpected error occurred during content acquisition. Please refer to the error code: 214750037 what does this mean and how do I?

    I have the same problem with the second episode of the Adera. No change to my Surface either I have no antivirus running on this unit I just got this Friday.

  • SHARED-UNKNOWN-ERROR: 22-What does this mean? can not post the site that this error when I try.

    SHARED-UNKNOWN-ERROR: 22-What does this mean? can not post the site that this error when I try.

    Hello

    Please sign of Muse and identify yourself again and try to publish.

    You have the option of disconnecting help > Sign Out

    In the case that do not fix the issue made me know.

    Concerning

    Vivek

  • What does this message and how I can fix? "There is no disk in the drive. Please insert

    What does this message and how I can fix? Thank you.

    "There is no disk in the drive. Please insert the floppy into \Device\Harddisk2\Dr2.

    Hiking Abes

    Important information... what version of Premiere Elements you are using and on what computer operating system is running.

    If your question is really tied to SmartSound installation, then...

    It considerations important installation first elements 11 Smartsound

    http://helpx.Adobe.com/premiere-elements/KB/installing-SmartSound.html

    It when you enter the program

    http://www.SmartSound.com/support/link.php?ID=308

    I do not see these links included in John T. Smith link towards a solution, so I am supplementing with the foregoing.

    Please let us know the result.

    RTA

  • What does this query? Am I wrong?

    Select AVG (NTC)

    de)

    Select DriverID, cast (COUNT (9) as float) cnt

    of myTEST2 one

    where exists (select 1 from myTEST2

    where DriverID = a.DriverID

    and layout = "guilty".

    )

    DriverID group

    ) x

    I think that his calculation of the average number of people with the provision of a culprit.

    Hello

    If a subquery in a WHERE clause clause refers to a value of the Super-requete, then the subquery is called a correlated subquery, and it runs a separate period for each line of the great query of.  This is the query you posted, reformatted to make it more understandable:

    Select AVG (NTC)

    de)

    Select DriverID

    , NTC cast (COUNT (9) as float)

    of myTEST2 - Alias defined here

    where is (-beginning of correlated subquery)

    Select 1

    of myTEST2

    where DriverID = a.DriverID - Alias a used here

    and layout = "guilty".

    ) - End of subquery to correlated

    DriverID group

    ) x

    ;

    The average subquery (i.e. the query with the GROUP BY clause) has a WHERE clause, so every time a line is located in the table mytest2, that where clause gets evaluated and the results of this condtion say whether the line should be included or not.  Oracle has found a line with driverid = 1 in the table mytest2 and then decides if it will use this line.  What does exactly to decide?  He runs the EXISTS subquery and sees if the subquery produces all lines or not.  When it ends with the line that is driverid = 1, there may be a lines with driverid = 2, rerun the query EXISTS Tahina, see if the subquery produces all lines and use it to decide if the line is stored.  The computer could pick the other row with driverid = 2 and repeat the process.

    Using a table alias told Oracle that the subquery EXISTS is a correlated subquery and it also says there that the values of the Super-requete to use.  Therefore, in the scenario I described earlier, when the Super-requete is to decide whether to keep the line with driverid = 1, it executes the equivalent of this EXISTS subquery:

    Select 1

    of myTEST2

    where DriverID = 1 - because a.DriverID = 1

    and layout = "guilty".

    Then, when he is to decide whether to include one of the lines with driverid = 2, it executes the equivalent of

    Select 1

    of myTEST2

    where DriverID = 2 - because a.DriverID = 2

    and layout = "guilty".

    There is nothing magical about the alias one.  This is an identifier arbitrariness that is defined in the Super-requete of and can be used in the subquery.  You need some type of alias in this case because the EXISTS subquery can be based on the exact same table that its users of subquery, which is mytest2.  Using your 2 copies of the same table, similar to the way you have 2 copies of the same book, open on different pages.  If you do not have an alias, no column name could make reference to the copy of mytest2 in the subquery EXISTS, or to the copy used in the Super request and by default is that it means the copy in the subquery.

  • What does this code on my 2012 MBAir: 4BAT/6 / 40000005:ox898F7790

    MBAir i7 end 2012 does not work out of the battery. Instantly died. Works with power cord only. Battery shows fully charged. The battery shows as good. 5979 mAh 6700.

    A ran the test phase and got this code: 4BAT/6 / 40000005:ox898F7790

    What does that mean? A new battery will solve the problem?

    Or it means something else?

    Thank you

    This error code indicates a problem with the battery.  Your best option is to make an appointment at an Apple store genius bar for a FREE evaluation.  They should be able to determine if the MBA requires a new battery or if there is a problem with the internal connection.

    Ciao.

    Addendum: Try a SMC reset:

    https://support.Apple.com/en-us/HT201295

  • Just a simple question, what does this number Red?

    Premise: my LAN works fine, no problem between my airports.

    The point is: what does the Red number next my average of Lan components?

    Thanks to you all.

    Marco M.

    This means in this case that there is an update for your wireless devices.

    Click on the device and the connection if necessary. It should say updated to do this, click this button to update.

    See this Apple info:

    https://support.Apple.com/downloads/

  • What does this statement?

    Hi all

    I have a chance to understand what made this statement, please find the code below.

    It consumes 99,28% CPU at point and extends to 1285 seconds, "says the plan" shows that it is run with "complete access table".

    Other instructions work hardly because the system is overloaded.

    I'm not sure, I can change it because it's not mine, but at least I could advice to defer to another part of the day.

    But first, I need to know what does do to describe it to my boss. Does show planned work or what?

    Help me please, thanks in advance.

    WITH pm_retention AS

    (

    SELECT 'x' x,

    pm_snapshot_retention_days quest_ppcm_collector.get_ppcm_parameter ("PM_SNAPSHOT_RETENTION_DAYS")

    OF THE DOUBLE

    ),

    pm_job AS

    (

    SELECT 'x' x,

    owner,

    job_name,

    CAST (start_date DATE) start_date,

    Last_start_date, CAST (last_start_date AS date).

    Next_run_date, CAST (next_run_date AS date).

    repeat_minutes (start_date, repeat_interval) quest_ppcm_collector.get_job_repeat_minutes.

    activated

    OF dba_scheduler_jobs

    WHERE owner (IN)

    SELECT SYS_CONTEXT ('USERENV', "SESSION_USER")

    OF THE DOUBLE

    UNION

    SELECT table_owner

    Of user_synonyms

    WHERE synonym_name = 'QUEST_PPCM_SNAPSHOT')

    AND job_name = "QUEST_PPCM_JOB_PM_" | SYS_CONTEXT ('USERENV', 'INSTANCE')

    UNION ALL

    SELECT 'x' x,

    owner of priv_user,

    Job_name to_char (employment),

    start_date last_date,

    last_date last_start_date,

    next_date next_run_date,

    repeat_minutes quest_ppcm_collector.get_job_interval_minutes (interval),

    If broken case = 'Y', then 'FALSE' end else 'TRUE' enabled

    FROM dba_jobs

    Priv_user WHERE I (N)

    SELECT SYS_CONTEXT ('USERENV', "SESSION_USER")

    OF THE DOUBLE

    UNION

    SELECT table_owner

    Of user_synonyms

    WHERE synonym_name = 'QUEST_PPCM_SNAPSHOT. '

    )

    AND instance = SYS_CONTEXT ('USERENV', 'INSTANCE')

    AND what = ' BEGIN quest_ppcm_collector.take_snapshot ("h"); END; »

    )

    SELECT Master job_name, start_date, last_start_date, next_run_date, ROUND (repeat_minutes, 2) repeat_minutes, enabled,

    pm_snapshot_retention_days

    OF pm_retention JOIN pm_job ON (pm_retention. X = pm_job. X(+))

    It seems that you have installed TOAD, or maybe in light. You had better remove it, or take it with Quest. I would like to tell the boss to get rid if it.

  • What does this line mean

    Hello

    Can someone explain this line for me - I know what he does: it displays VM and store data that they are in but what happen exactly when the code is executed - not sure what this part means to all @{N = "Datastore"; E={$_ | Get-Datastore

    Get - VM | Select Name, @{N = "Datastore"; E={$_ | Get-Datastore}}

    This construction is called 'calculated property'.

    As its name suggests, instead of any reference to a property that is present on the object passed to the Select-Object cmdlet, a calculated property to create a new property.

    The name, or part N sets the name of this new property.

    Part E or an Expression defines a block of code that defines how you calculate the value of the new property.

    In part E, one can refer to the object that was passed to the Select-Object cmdlet with the variable $_.

  • What does this code mean?

    Hello

    The following are based in methods/classes/transitions (I don't know what exactly they are)?

    Mx.transitions import. *;

    Import mx.utils.Delegate;

    ------------------------------------------------------------------------------------------ ---------------------------------------------

    What he say/do in the following code, which is Red ?

    @param target Movieclip to resize

    @param areaW width of surface suitable for

    @param areaH height of box for

    Central image

    target._x = Math.round ((areaW - target. _width()2);

    target._y = Math.round ((areaH-cible. _hauteur)2);

    How it can be changed if I don't want to resize the area of the photo in a gallery?

    Thank you.

    Yes, the importation of two lines are built in classes.

    I don't see where you can change to avoid changing the area because it does not as it is.  The other lines are not resize anything, they're just centering an object identified as "target" in an area that has defined width and height values. The target object has its point of alignment (target._x, target._y) in the upper left corner, which explains why Math Subtract width/height of half the target width/height of half the area to focus.  Try to do this on paper to understand why it is done that way.

  • What does this start screen?

    13 "MacBook Air, purchased in November 2015.

    No previous question. Computer has been turned off, I've been carefully (or not) wipe the keyboard accidentally pressed the power button and goodness knows what that other keys. Computer does its usual power sound, then THIS screen came. I don't know what to do with it.

    Really, I would like to return to my usual startup/login screen. Can I just turn off again?

    I'm stupid on the functioning of computers... this form scares me. Help!

    Thank you.

    (I've updated El Capitan, but I don't know if I have the latest update).

    It's just the Manager start screen. If you hold down the Option key (⌥) at startup you get this screen where you can choose which drive start. You only have one option specified.

    How to choose a boot on your Mac - Apple Support drive

    It is enough to select Macintosh HD and continue and it will start normally.

Maybe you are looking for