Search
Keyword: browser hijacker
\FireFox Description = "FireFox Browser Driver" Dropping Routine This worm drops the following files: %System%\drivers\oreans32.sys (Note: %System% is the Windows system folder, which is usually C:\Windows
This malware checks the user's browser version. It targets Internet Explorer versions 7 and 8 on Windows XP. Some variants of this malware also targets Internet Explorer versions 8 and 9 on a 32-bit
their phone's browser and connect to the following URL: http://{BLOCKED}te.net/?u=848053 It then redirects users to the following URL: http://{BLOCKED}o.com/?u=http%3A%2F%2Fdlya-androida.org%2Fengine
disable the Task Manager: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = "1" Web Browser Home Page and Search Page Modification This Trojan lowers the
\Microsoft\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = "1" (Note: The default value data of the said registry entry is 0 .) Web Browser Home Page and Search Page Modification This Trojan modifies
user's browser with a vulnerable version of Adobe Flash loads a specially-crafted Adobe Flash file. This exploit Adobe Flash file allows remote arbitrary code to execute on the affected system. Thus,
\FeatureControl\ FEATURE_AJAX_CONNECTIONEVENTS svchost.exe = "1" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to
\Plugin.FlashPlayer\Clsid HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_CLASSES_ROOT\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies
are inaccessible. It deletes the initially executed copy of itself NOTES: This backdoor is capable of the following: Get system information Get cookies and browser profiles Get running process/services
\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_CLASSES_ROOT\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_CLASSES_ROOT\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Ext\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Details This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Web Browser Home Page and Search Page Modification This
}_lng.ini → dropped when the parameter "/savelangfile" is used upon execution Information Theft This Spyware gathers the following data: Website Web Browser Username Password Password Strength Username Field
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{F770522B-198D-4134-9D74-D30F41B3BA44}
{random extension}" Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer Zone Settings. Other Details This backdoor connects to the following possibly malicious
}.exe" Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details This spyware connects to the following possibly malicious URL: http://
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3}
component bundled with malware/grayware packages. Installation This Trojan drops the following file(s)/component(s): {malware path}\dlls.dll {malware path}\dll.dll {malware path}\sv.exe Web Browser Home Page
"rdatdll5.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies\ Explorer\Run Options3 = "r" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer
\ Internet Settings ProxyEnable = "1" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings.