Search
Keyword: browser hijacker
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}
\Software\Microsoft\ Internet Explorer\Main Enable Browser Extensions = "no" Backdoor Routine This backdoor connects to the following URL(s) to send and receive commands from a remote malicious user: server.
\ Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Schedule AtTaskMaxHours = "48" Other Details This Trojan connects to the following possibly
This spyware monitors an infected user's browser for a list of Korean gaming sites and steals sensitive user login information. To get a one-glance comprehensive view of the behavior of this Spyware,
Browser Home Page and Search Page Modification This spyware modifies the Internet Explorer Zone Settings. Download Routine This spyware connects to the following URL(s) to download its configuration file:
This backdoor queries the default web browser by accessing the following registry entry: HKEY_CLASSES_ROOT\http\shell\open\command This backdoor does not have rootkit capabilities. This backdoor does not
files Open event logs Open hidden browser Perform remote desktop Search files (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on
execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
\ Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Schedule AtTaskMaxHours = "48" Other Details This Trojan connects to the following possibly
{random1}\{random}.exe" Other System Modifications This spyware adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ {random} Web Browser Home Page and Search Page Modification This
Backdoor Routine This Trojan does not have any backdoor routine. Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Download Routine This Trojan
Data%\LolClient\Local Store\cache9410.exe" Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer Zone Settings.
Unusual Info Debug" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Tracing\ Microsoft\{random value}\traceIdentifier Guid = "{GUID}" Web Browser Home Page and Search Page Modification This
value 2} = "{hex values}" Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer Zone Settings. Other Details This backdoor connects to the following possibly
\CLSID\{CLSID 1} #cert = "{hex value}" HKEY_CURRENT_USER\Software\Classes\ CLSID\{CLSID 1} #cert = "{hex value}" HKEY_CLASSES_ROOT\CLSID\{CLSID 2} {CLSID 3} = "{hex value}" Web Browser Home Page and Search
Data%\{random1}\{random}.exe" Other System Modifications This spyware adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ {random} Web Browser Home Page and Search Page Modification
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings WarnonBadCertRecving = "0" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings EnableSPDY3_0 = "0" Web Browser
"5841:TCP:*:Enabled:TCP 5841" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to the following possibly malicious
Webssearches It displays the following installation options: It will download and execute the said application setups. After installation, it will display ads in browser and display this window. a variant of
removable drives. These dropped copies use the names of the folders located on the said drives for their file names. Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer