Search
Keyword: browser hijacker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{241AEB64-8376-4889-882D-349B03DEC7B8} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\nxd It adds the following
\ Bresenham\Recent File List HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\ Bresenham\Settings Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer
Modifications This spyware deletes the following files: %Cookies%\{files} (Note: %Cookies% is the Internet Explorer browser cookies folder, which is usually C:\Documents and Settings\{user name}\Cookies on
following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings ProxyServer = "http=127.0.0.1:8888;https=127.0.0.1:8888;" Web Browser Home Page and Search Page
2008; C:\Users\{user name}\AppData\Local\Microsoft\Windows\INetCache on Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), and Windows Server 2012.) Web Browser Home Page and Search Page
CVE-2009-3070 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash)
CVE-2010-1211 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and
existence of mutex Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file name: $recycle.bin $windows.~bt $windows.~ws boot google mozilla perflogs tor browser
files found in the following folders: $Recycle.Bin All Users AppData Boot Google Internet Explorer Mozilla Mozilla Firefox Opera Opera Software Program Files Program Files (x86) ProgramData Tor Browser
encryption parameter} Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file path: $recycle.bin $windows.~ws $windows.~bt google perflogs mozilla tor browser boot
login credentials to a malicious link: It redirects the browser to the following webpage after submitting the credentials: https://{BLOCKED}ic.com/sites/default/files/inline-images/Invoice%203.jpg It
\Classes\ CLSID\{CLSID}\InprocServer32 Default = "{malware path}\{malware filename}.dll" It adds the following registry keys to install itself as a Browser Helper Object (BHO): HKEY_CURRENT_USER\Software
Microsoft Silverlight , which could allow arbitrary code execution once users view a malicious Web page via a Web browser that runs XAML Browser Applications (XBAPs) or Silverlight applications. Users with
This Worm adds the following registry keys: HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\ Browser HKEY_CURRENT_USER
Trojan Spy gathers the following information on the affected computer: Browser data (e.g. cookies, credentials, autofills, credit card data) Google Chrome Chromium Kometa Amigo Torch Orbitum Comodo Dragon
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{A3EFBC64-0833-4676-8A5F-F8CAF70A8C03}
inaccessible. Other Details This backdoor deletes itself after execution. NOTES: It queries the default web browser by accessing the following registry entry: HKEY_CLASSES_ROOT\http\shell\open\command It then
keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} Other System Modifications This Trojan deletes the following
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{0ABAAB7A-6CAB-44F0-B17F-20A662477EC6}
is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} It registers as a