Satiloler.d is a trojan designed to steal user sensitive information. Once executed, the parasite silently installs itself to the system, overwrites essential system files with own copies, disables Windows essential tools and components, terminates some running antiviruses, firewalls, browsers and system utilities. Satiloler.d runs an integrated keylogger, which records various login names, passwords and e-mail profile details. It also tracks user Internet activity and logs all the data the user enters on banking web sites.
ctfmon.exelsass.exe userinit.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunctfmon.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunuserinitHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListpercentSystempercentuserinit.exeHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListpercentWindirpercentSystemctfmon.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSFCDisable=FFFFFF9DHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSFCScan=0HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystemHKEY_LOCAL_MACHINESOFTWARE vrHKEY_LOCAL_MACHINESOFTWAREMicrosoftd HKEY_LOCAL_MACHINESOFTWAREMicrosoftgold