#malwareMustDie - Trojan Win32/Fareit Steal List｜Mar 5 2013

1. #MalwareMustDie! Fareit Steal List - Infection Match 5th 2013 | @unixfreaxjp
2. ---
3.  
4. My Documents
5. AppData
6. Local AppData
7. Cache
8. Cookies
9. History
10. My Documents
11. Common AppData
12. My Pictures
13. Common Documents
14. Common Administrative Tools
15. Administrative Tools
16. Personal
17. Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
18. IsWow64Process
19. Software\Far\Plugins\FTP\Hosts
20. Software\Far2\Plugins\FTP\Hosts
21. Software\Far Manager\Plugins\FTP\Hosts
22. Software\Far\SavedDialogHistory\FTPHost
23. Software\Far2\SavedDialogHistory\FTPHost
24. Software\Far Manager\SavedDialogHistory\FTPHost
25. Password
26. HostName
27. User
28. Line
29. wcx_ftp.ini
30. \GHISLER
31. InstallDir
32. FtpIniName
33. Software\Ghisler\Windows Commander
34. Software\Ghisler\Total Commander
35. \Ipswitch
36. Sites\
37. \Ipswitch\WS_FTP
38. \win.ini
39. .ini
40. WS_FTP
41. DIR
42. DEFDIR
43. CUTEFTP
44. QCHistory
45. Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
46. Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
47. Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
48. Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
49. Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
50. Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
51. \GlobalSCAPE\CuteFTP
52. \GlobalSCAPE\CuteFTP Pro
53. \GlobalSCAPE\CuteFTP Lite
54. \CuteFTP
55. \sm.dat
56. Software\FlashFXP\3
57. Software\FlashFXP
58. Software\FlashFXP\4
59. InstallerDathPath
60. path
61. Install Path
62. DataFolder
63. \Sites.dat
64. \Quick.dat
65. \History.dat
66. \FlashFXP\3
67. \FlashFXP\4
68. \FileZilla
69. \sitemanager.xml
70. \recentservers.xml
71. \filezilla.xml
72. Software\FileZilla
73. Software\FileZilla Client
74. Install_Dir
75. Host
76. User
77. Pass
78. Port
79. Remote Dir
80. Server Type
81. Server.Host
82. Server.User
83. Server.Pass
84. Server.Port
85. Path
86. ServerType
87. Last Server Host
88. Last Server User
89. Last Server Pass
90. Last Server Port
91. Last Server Path
92. Last Server Type
93. FTP Navigator
94. FTP Commander
95. ftplist.txt
96. \BulletProof Software
97. .dat
98. .bps
99. Software\BPFTP\Bullet Proof FTP\Main
100. Software\BulletProof Software\BulletProof FTP Client\Main
101. Software\BPFTP\Bullet Proof FTP\Options
102. Software\BulletProof Software\BulletProof FTP Client\Options
103. Software\BPFTP
104. LastSessionFile
105. SitesDir
106. InstallDir1
107. .xml
108. \SmartFTP
109. Favorites.dat
110. History.dat
111. addrbk.dat
112. quick.dat
113. \TurboFTP
114. Software\TurboFTP
115. installpath
116. Software\Sota\FFFTP
117. CredentialSalt
118. CredentialCheck
119. Software\Sota\FFFTP\Options
120. Password
121. UserName
122. HostAdrs
123. RemoteDir
124. Port
125. HostName
126. Port
127. Username
128. Password
129. HostDirName
130. Software\CoffeeCup Software\Internet\Profiles
131. Software\FTPWare\COREFTP\Sites
132. Host
133. User
134. Port
135. PthR
136. SSH
137. profiles.xml
138. \FTP Explorer
139. Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
140. Buttons
141. Software\FTP Explorer\Profiles
142. Password
143. PasswordType
144. Host
145. Login
146. Port
147. InitialPath
148. FtpSite.xml
149. \Frigate3
150. .ini
151. \VanDyke\Config\Sessions
152. \Sessions
153. Software\VanDyke\SecureFX
154. Config Path
155. UltraFXP
156. \sites.xml
157. \FTPRush
158. RushSite.xml
159. Server
160. Username
161. Password
162. FtpPort
163. Software\Cryer\WebSitePublisher
164. \BitKinex
165. bitkinex.ds
166. Hostname
167. Username
168. Password
169. Port
170. Software\ExpanDrive\Sessions
171. \ExpanDrive
172. \drives.js
173. "password" : "
174. Software\ExpanDrive
175. ExpanDrive_Home
176. Server
177. UserName
178. Password
179. _Password
180. Directory
181. Software\NCH Software\ClassicFTP\FTPAccounts
182. FtpServer
183. FtpUserName
184. FtpPassword
185. _FtpPassword
186. FtpDirectory
187. SOFTWARE\NCH Software\Fling\Accounts
188. Software\FTPClient\Sites
189. Software\SoftX.org\FTPClient\Sites
190. .oxc
191. .oll
192. ftplast.osd
193. \GPSoftware\Directory Opus
194. \SharedSettings.ccs
195. \SharedSettings_1_0_5.ccs
196. \SharedSettings.sqlite
197. \SharedSettings_1_0_5.sqlite
198. \CoffeeCup Software
199. leapftp
200. unleap.exe
201. sites.dat
202. sites.ini
203. \LeapWare\LeapFTP
204. SOFTWARE\LeapWare
205. InstallPath
206. DataDir
207. Password
208. HostName
209. UserName
210. RemoteDirectory
211. PortNumber
212. FSProtocol
213. Software\Martin Prikryl
214. \32BitFtp.ini
215. NDSites.ini
216. \NetDrive
217. PassWord
218. Url
219. UserName
220. RootDirectory
221. Port
222. Software\South River Technologies\WebDrive\Connections
223. ServerType
224. FTP CONTROL
225. FTPCON
226. .prf
227. \Profiles
228. ftp://
229. opera
230. wand.dat
231. _Software\Opera Software
232. Last Directory3
233. Last Install Path
234. Opera.HTML\shell\open\command
235. wiseftpsrvs.bin
236. \AceBIT
237. Software\AceBIT
238. MRU
239. SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
240. SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
241. wiseftpsrvs.ini
242. wiseftp.ini
243. FTPVoyager.ftp
244. FTPVoyager.qc
245. \RhinoSoft.com
246. nss3.dll
247. NSS_Init
248. NSS_Shutdown
249. NSSBase64_DecodeBuffer
250. SECITEM_FreeItem
251. PK11_GetInternalKeySlot
252. PK11_Authenticate
253. PK11SDR_Decrypt
254. PK11_FreeSlot
255. sqlite3.dll
256. sqlite3_open
257. sqlite3_close
258. sqlite3_prepare
259. sqlite3_step
260. sqlite3_column_bytes
261. sqlite3_column_blob
262. mozsqlite3.dll
263. sqlite3_open
264. sqlite3_close
265. sqlite3_prepare
266. sqlite3_step
267. sqlite3_column_bytes
268. sqlite3_column_blob
269. profiles.ini
270. Profile
271. IsRelative
272. Path
273. PathToExe
274. prefs.js
275. signons.sqlite
276. signons.txt
277. signons2.txt
278. signons3.txt
279. SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
280. Firefox
281. \Mozilla\Firefox\
282. Software\Mozilla
283. ftp://
284. ftp.
285. fireFTPsites.dat
286. SeaMonkey
287. \Mozilla\SeaMonkey\
288. Flock
289. \Flock\Browser\
290. Mozilla
291. \Mozilla\Profiles\
292. Software\LeechFTP
293. AppDir
294. LocalDir
295. bookmark.dat
296. SiteInfo.QFP
297. Odin
298. Favorites.dat
299. WinFTP
300. sites.db
301. CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
302. servers.xml
303. \FTPGetter
304. ESTdb2.dat
305. QData.dat
306. \Estsoft\ALFTP
307. Internet Explorer
308. WininetCacheCredentials
309. MS IE FTP Passwords
310. DPAPI:
311. Software\Microsoft\Internet Explorer\IntelliForms\Storage2
312. Microsoft_WinInet_*
313. ftp://
314. Software\Adobe\Common
315. SiteServers
316. SiteServer %d\Host
317. SiteServer %d\WebUrl
318. SiteServer %d\Remote Directory
319. SiteServer %d-User
320. SiteServer %d-User PW
321. %s\Keychain
322. SiteServer %d\SFTP
323. DeluxeFTP
324. sites.xml
325. Web Data
326. Login Data
327. SQLite format 3
328. table
329. CONSTRAINT
330. PRIMARY
331. UNIQUE
332. CHECK
333. FOREIGN
334. logins
335. origin_url
336. password_value
337. username_value
338. ftp://
339. \Google\Chrome
340. \Chromium
341. \ChromePlus
342. Software\ChromePlus
343. Install_Dir
344. \Bromium
345. \Nichrome
346. \Comodo
347. \RockMelt
348. K-Meleon
349. \K-Meleon
350. \Profiles
351. Epic
352. \Epic\Epic
353. Staff-FTP
354. sites.ini
355. \Sites
356. \Visicom Media
357. .ftp
358. \Global Downloader
359. SM.arch
360. FreshFTP
361. .SMF
362. BlazeFtp
363. site.dat
364. LastPassword
365. LastAddress
366. LastUser
367. LastPort
368. Software\FlashPeak\BlazeFtp\Settings
369. \BlazeFtp
370. .fpl
371. FTP++.Link\shell\open\command
372. GoFTP
373. Connections.txt
374. 3D-FTP
375. sites.ini
376. \3D-FTP
377. \SiteDesigner
378. SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
379. EasyFTP
380. \NetSarang
381. .xfp
382. .rdp
383. TERMSRV/*
384. password 51:b:
385. username:s:
386. full address:s:
387. TERMSRV/
388. FTP Now
389. FTPNow
390. sites.xml
391. SOFTWARE\Robo-FTP 3.7\Scripts
392. SOFTWARE\Robo-FTP 3.7\FTPServers
393. FTP Count
394. FTP File%d
395. Password
396. ServerName
397. UserID
398. InitialDirectory
399. PortNumber
400. ServerType
401. fMY
402. Software\LinasFTP\Site Manager
403. Host
404. User
405. Pass
406. Port
407. Remote Dir
408. \Cyberduck
409. .duck
410. user.config
411. <setting name="
412. value="
413. Software\SimonTatham\PuTTY\Sessions
414. HostName
415. UserName
416. Password
417. PortNumber
418. TerminalType
419. NppFTP.xml
420. \Notepad++
421. Software\CoffeeCup Software
422. FTP destination server
423. FTP destination user
424. FTP destination password
425. FTP destination port
426. FTP destination catalog
427. FTP profiles
428. FTPShell
429. ftpshell.fsi
430. Software\MAS-Soft\FTPInfo\Setup
431. DataDir
432. \FTPInfo
433. ServerList.xml
434. NexusFile
435. ftpsite.ini
436. FastStone Browser
437. FTPList.db
438. \MapleStudio\ChromePlus
439. Software\Nico Mak Computing\WinZip\FTP
440. Software\Nico Mak Computing\WinZip\mru\jobs
441. Site
442. UserID
443. xflags
444. Port
445. Folder
446. .wjf
447. winex="
448. \Yandex
449. My FTP
450. project.ini
451. .xml
452. {74FF1730-B1F2-4D88-926B-1568FAE61DB7}
453. NovaFTP.db
454. \INSoftware\NovaFTP
455. .oeaccount
456. Salt
457. <POP3_Password2
458. <SMTP_Password2
459. <IMAP_Password2
460. <HTTPMail_Password2
461. \Microsoft\Windows Live Mail
462. Software\Microsoft\Windows Live Mail
463. \Microsoft\Windows Mail
464. Software\Microsoft\Windows Mail
465. Software\RimArts\B2\Settings
466. DataDir
467. DataDirBak
468. Mailbox.ini
469. Software\Poco Systems Inc
470. Path
471. \PocoSystem.ini
472. Program
473. DataPath
474. accounts.ini
475. \Pocomail
476. Software\IncrediMail
477. EmailAddress
478. Technology
479. PopServer
480. PopPort
481. PopAccount
482. PopPassword
483. SmtpServer
484. SmtpPort
485. SmtpAccount
486. SmtpPassword
487. account.cfg
488. account.cfn
489. \BatMail
490. \The Bat!
491. Software\RIT\The Bat!
492. Software\RIT\The Bat!\Users depot
493. Working Directory
494. ProgramDir
495. Count
496. Default
497. Dir #%d
498. SMTP Email Address
499. SMTP Server
500. POP3 Server
501. POP3 User Name
502. SMTP User Name
503. NNTP Email Address
504. NNTP User Name
505. NNTP Server
506. IMAP Server
507. IMAP User Name
508. Email
509. HTTP User
510. HTTP Server URL
511. POP3 User
512. IMAP User
513. HTTPMail User Name
514. HTTPMail Server
515. SMTP User
516. POP3 Port
517. SMTP Port
518. IMAP Port
519. POP3 Password2
520. IMAP Password2
521. NNTP Password2
522. HTTPMail Password2
523. SMTP Password2
524. POP3 Password
525. IMAP Password
526. NNTP Password
527. HTTP Password
528. SMTP Password
529. Software\Microsoft\Internet Account Manager\Accounts
530. Identities
531. Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
532. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
533. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
534. Software\Microsoft\Internet Account Manager
535. Outlook
536. \Accounts
537. identification
538. identitymgr
539. inetcomm server passwords
540. outlook account manager passwords
541. identities
542. Thunderbird
543. \Thunderbird
544. FastTrack
545. ftplist.txt