Search
Keyword: browser hijacker
}.13.155:443 Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet Explorer Zone Settings. Other Details This Backdoor requires the existence of the following files to properly
{hardcoded string 1}{hardcoded string 2}{type identifier byte: "1"=recv, "2"=send}{random string or encrypted user data} Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet
{hardcoded string 1}{hardcoded string 2}{type identifier byte: "1"=recv, "2"=send}{random string or encrypted user data} Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet
64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Web Browser Home Page and Search Page Modification This Trojan
The default value data of the said registry entry is {random values} .) Information Theft This spyware steals the following information: User name User Password Credit card information Web browser
string 1}{hardcoded string 2}{type identifier byte: "1"=recv, "2"=send}{random string or encrypted user data} Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet Explorer
\Microsoft\ {random key} Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details This spyware connects to the following possibly malicious
infected system: Capture Screenshots Download and execute files Get passwords from browsers and messengers List and kill processes Manage files Open URL in a browser Perform DOS attack Reboot Send pop-up
also utilize malware and browser attacks in the past to steal cookies. They do this to impersonate users on the websites they frequent, ‘fooling’ the website into automatically providing the compromised
\Microsoft\ Windows\CurrentVersion\policies\ system EnableLUA = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects NoExplorer = "1" Dropping Routine This Trojan
arbitrary file [UDP] - Starts UDP Flooding [OpenURL] - Opens a URL using a hidden browser [SYN] Sends a SYN Flood [Get] Sends GET floods [Post] Sends POST floods Other Details This backdoor uses the following
in a hidden browser version: Print bot version speedtest: Perform speed test stop: Stop specific thread quit: Terminate itself dle: Download and execute a file (parameter: {URL} {filename for saving}
following websites to send and receive information: http://17{BLOCKED}12.130:80 http://17{BLOCKED}12.130:443 http://info.ne{BLOCKED}tal.net:80 Web Browser Home Page and Search Page Modification This Backdoor
afterward. Other System Modifications This Trojan Spy also creates the following registry entry(ies) as part of its installation routine: HKEY_CUURENT_USER\Software\WinRAR HWID = {Hex Data} Web Browser Home
Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone
automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\explorer\ browser Helper Objects\
HKEY_CURRENT_USER\Software\Microsoft\ Windows {random} = "{hex value}" Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details This spyware connects
\CurrentVersion\Explorer\ CLSID\{GUID}\ShellFolder Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Information Theft This spyware gathers the following
Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Download Routine This Trojan connects to the following website(s) to download and execute a malicious
\MostRecentApplication Name = "{Random Letter}.exe" Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Other Details This worm connects to the following possibly