Search
Keyword: browser hijacker
chrome browser extension %Application Data%\hash.txt this file contains the hash of the original executable file of chrome %Application Data%\ok.txt this file indicates if server it connects to is still up
information such as user names, passwords, and hostnames from the following browsers: Bromium Chromium Comodo Dragon Epic FastStone Browser Flock Browser Google Chrome Internet Explorer K-Meleon Mozilla Firefox
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Desktop\*.url and then parses it also to aid in its malicious routines. It checks for the presence of a browser process in memory. It if finds one, it embeds a thread to it and connects to a certain
every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{417A43C1-DA36-4808-A3CD-BED54E9C19A1}
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects Dropping Routine This Trojan drops the following files: %User Temp%\Install_freezone_search_180_B.exe %System%\win7678s.dll (Note:
Modifications This backdoor adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MSConfig = "%User Profile%\{Random File Name}.exe" Web Browser Home Page and
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{B9E914B5-6B61-401f-A49F-9E84E547D3DD}
\FireFox Description = "FireFox Browser Driver" Other Details This Trojan connects to the following possibly malicious URL: http://www.{BLOCKED}ya.com/din.htm It deletes itself after execution. This report
\Microsoft.IE It deletes the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} HKEY_LOCAL_MACHINE
(Note: %Windows% is the Windows folder, which is usually C:\Windows.) It adds the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects
(Note: %Windows% is the Windows folder, which is usually C:\Windows.) It adds the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{AC7CF4D5-9B69-452F-A577-D5A39FDC57A5}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{7D61CFA5-725C-49D6-93C4-E4C20F3462BE}
Details This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Web Browser Home Page and Search Page Modification This
\FireFox Description = "FireFox Browser Driver" Other Details This Trojan connects to the following possibly malicious URL: http://www.{BLOCKED}ya.com/din.htm It deletes itself after execution. This report
Other System Modifications This spyware adds the following registry entries as part of its installation routine: HKEY_CURRENT_USER\Software\Microsoft\ SysInternal Web Browser Home Page and Search Page
NoSearchBox = 0 HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Enable Browser Extensions = yes Download Routine This Trojan accesses the following websites to download files:
\FireFox Description = "FireFox Browser Driver" Other Details This Trojan connects to the following possibly malicious URL: http://www.{BLOCKED}ya.com/din.htm It deletes itself after execution. This report