Search
Keyword: browser hijacker
monitors the Internet browser of the affected system to steal user credentials form the following gaming sites: lineage.plaync.co.kr hangame.com aion.plaync.co.kr bm.ndoors.com pmang.com www.netmarble.net
HKEY_CLASSES_ROOT\Qjvuhsdv HKEY_CLASSES_ROOT\Qjvuhsdv\CLSID HKEY_CLASSES_ROOT\CLSID\{60972418-8A4B-B5CC-3C3D-0587F39623FF}\ ProgID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser
\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{C881E764-E445-4EAC-9480-898E25DAEE3B} Other System Modifications This backdoor adds the following registry keys: HKEY_CLASSES_ROOT
\ Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Schedule AtTaskMaxHours = "48" Other Details This Trojan connects to the following possibly
com.android.browser Adds browser bookmarks and sets the following as defaults aside from adding other bookmarks: {BLOCKED}d.{BLOCKED}jiao.cn {BLOCKED}2.{BLOCKED}o.cn {BLOCKED}g3.cn send text messages block text message
and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) Web Browser Home Page and Search Page Modification This potentially unwanted application
adds the following registry keys: HKEY_CURRENT_USER\SOFTWARE\AppDataLow\ {GUID} Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. NOTES: This
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings ProxyEnable = "1" (Note: The default value data of the said registry entry is user-defined .) Web Browser Home Page and Search Page
adds the following registry keys: HKEY_CURRENT_USER\SOFTWARE\AppDataLow\ {GUID} Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. NOTES: This
installs bogus browser plugins detected as JS_FEBUSER.AA. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This Trojan may arrive on a system by
\StandardProfile\GloballyOpenPorts\ List 6027:TCP = "6027:TCP:*:Enabled:TCP 6027" Web Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Other Details This
This spyware gathers the following data: IP address Computer name Browser Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: www.{BLOCKED
\ Configuration 03000000 = "{random values}" HKEY_CURRENT_USER\Software\Bit Torrent Application\ Configuration 00000000 = "{random values}" Web Browser Home Page and Search Page Modification This Trojan modifies
spyware modifies the following registry entries: HKEY_CURRENT_USER\Identities Identity Ordinal = "2" (Note: The default value data of the said registry entry is 1 .) Web Browser Home Page and Search Page
found running in the affected system's memory: chrome.exe firefox.exe Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Dropped by other malware,
its automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
URL(s) to send and receive commands from a remote malicious user: http://support.{BLOCKED}ization.org:443 However, as of this writing, the said sites are inaccessible. Web Browser Home Page and Search
}.exe" Web Browser Home Page and Search Page Modification This Backdoor modifies the Internet Explorer Zone Settings. Other Details This Backdoor connects to the following possibly malicious URL: {BLOCKED
characters} = %Application Data%\Microsoft\{6 random character}.exe Web Browser Home Page and Search Page Modification This Ransomware modifies the Internet Explorer Zone Settings. Other Details This
Program build Windows version Processor Architecture Anti-Virus Installed Default Browser Path Process list Temporary folder Process Image Path Download status Downloader.Win32.Agent.bvot (Kaspersky),