Search
Keyword: browser hijacker
Details This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Web Browser Home Page and Search Page Modification This
checking installed browser applications, Adobe Reader plugin version, and user's operating system.
cmd.exe Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings.
crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." microsoft .net_framework
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. NOTES: Installation This Trojan drops the following files: {Default browser save path}
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. NOTES: Installation This Trojan drops the following files: {Default browser save path}
every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\
execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
\Software\Description\ Microsoft\Rpc\UuidTemporaryData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Windows
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
AudioSrv BDESVC BITS Browser CertPropSvc CryptSvc DHCP DMServer ERSvc EapHost EventSystem FastUserSwitchingCompatibility HidServ IKEEXT Ias Iprip Irmon LanmanServer LanmanWorkstation LogonHours MMCSS
issearch = "{malware path}\issearch.exe" It adds the following registry keys to install itself as a Browser Helper Object (BHO): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer
following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{F12C6330-5585-4DE6-8650-8C11285AA2C1} Other System Modifications This Trojan adds the
server by issuing the following HTTP request: http://{BLOCKED}.{BLOCKED}.228.178/painel/?add=1&inf=Browser Executando {Operating System} It monitors the browser activities of the affected system,
Browser Helper Object (BHO): HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{B0BEC94E-4D62-11D6-AF01-0010C6081DD0}\InprocServer32 Default = logs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\ Other System Modifications This Trojan adds the following registry keys: HKEY_CLASSES_ROOT\Trivela.ClsTrivela\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\ Other System Modifications This Trojan adds the following registry keys: HKEY_CLASSES_ROOT\Micronews.ClsMicronews\Clsid
\CurrentVersion\Explorer\ Browser Helper Objects\ERROR Other System Modifications This spyware adds the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ Ext\CLSID It
{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\