Search
Keyword: browser hijacker
screenshots %User Profile%\ApplicatiLocal\Temp\gcdata.txt - Browser Login Credentials (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings
Chrome Chromium ChromePlus Bromium Nichrome Comodo RockMelt K-Meleon Epic Browser FastStone Browser Stolen Information This spyware sends the gathered information via HTTP POST to the following URL:
Google Chrome Chromium ChromePlus Bromium Nichrome Comodo RockMelt K-Meleon Epic Browser FastStone Browser It uses the following list of user names and passwords to access password-protected locations
resources CPU core count CPU name RAM amount Number of threads Display resolution GPU driver List of running processes List of installed applications Screenshot of current display Browser data (e.g.
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{5AB454CD-4DB4-4E3C-AA96-F483433FBB87}
its automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\
\ Windows\CurrentVersion\Run {Random File Name 2}.exe = "%Application Data%\{Chosen Folder}\{Random File Name 1}.exe" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet
a URL using a hidden browser (POST): Send POST floods (QUIT): Terminate itself (SHELL EXEC): Execute shell command (SPEEDTEST): Check connection speed (STOP EXEC): Stop a specific thread (STOP GET):
its automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{DD66BE38-6BAB-494F-B960-4B2BCB0520FF}
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
browser plug-ins, and other malware.
file name 1}.exe" Other System Modifications This spyware adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ {random key} Web Browser Home Page and Search Page Modification This
Ordinal = "2" (Note: The default value data of the said registry entry is 1 .) Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details
installs bogus browser plugins detected as JS_FEBUSER.A. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This Trojan may arrive on a system by
= "{Random Hex Values}" Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Other Details This worm connects to the following possibly malicious
execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7}
following registry keys: HKEY_CURRENT_USER\Microsoft Internet Explorer It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Enable Browser Extensions = "no
[OpenURL] - Opens a URL using a hidden browser [SYN] - Sends a SYN Flood [Stop] - Stops a spcific command [Get] - Sends GET floods [Post] Sends POST floods [Speedtest] - check connection speed