Search
Keyword: browser hijacker
the following browsers: Bromium ChromePlus Chromium Comodo CoolNovo Epic Browser Flock Browser Google Chrome K-Meleon Mozilla Firefox MozSuite Nichrome RockMelt SeaMonkey Yandex NOTES: This backdoor
\CentBrowser\User Data\Default\CookiesCopy %AppDataLocal%\CocCoc\Browser\User Data\Default\WebDataCopy %AppDataLocal%\Slimjet\User Data\Default\CookiesCopy %AppDataLocal%\Comodo\Dragon\User Data\Default
is {user-defined} .) Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan encrypts files with the following extensions:
%AppDataLocal%\CocCoc\Browser\User Data\Default\CookiesCopy %All Users Profile%\AOVqGp2R\moz_cookies.db-shm %All Users Profile%\AOVqGp2R\moz_cookies.db %All Users Profile%\AOVqGp2R\Files\Browsers\_FileForms.txt
Password List.txt %AppDataLocal%\Chromium\User Data\Default\LoginDataCopy %AppDataLocal%\CocCoc\Browser\User Data\Default\CookiesCopy %AppDataLocal%\360Chrome\Chrome\User Data\Default\CookiesCopy %All Users
that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle
used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{2D891923-34B7-4186-9B47-752624535DC1} Other System
\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{EF4A79B4-070E-4645-B732-8A4935D18A11} It modifies the following registry entries to ensure it automatic execution at every system startup:
Mozilla Firefox SeaMonkey Flock Google Chrome Chromium ChromePlus Bromium Nichrome Comodo RockMelt K-Meleon Epic Browser FastStone Browser Stolen Information This spyware sends the gathered information via
the local host. However, it allows the connection to continue for specific websites and certain porn sites to which it connects to. It will then send the browser data to its main server via HTTP GET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{CLSID 1} Other System Modifications This adware adds the following registry keys: HKEY_CLASSES_ROOT\{random string}.
Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{0D23EE44-2319-4B6C-93D2-A572E0F5B0E0} Other System
}4.{BLOCKED}4.215.58 {BLOCKED}irus-groups.com {BLOCKED}n.rm6.org {BLOCKED}ir.no-ip.org {BLOCKED}o.3322.org www.{BLOCKED}4rt.org NOTES: It queries the default web browser by accessing the following
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{11F09AFE-75AD-4E52-AB43-E09E9351CE17} Other System Modifications This Trojan deletes the following files: %User Temp%\nsc1.tmp
{BLOCKED}ka-ww2.ru http://{BLOCKED}latker.ru http://{BLOCKED}axxlub.ru http://{BLOCKED}gay-formula.in Web Browser Home Page and Search Page Modification This file infector modifies Internet Explorer zone
{BLOCKED}i.com/blog/00/post.php As of this writing, the said sites are inaccessible. Web Browser Home Page and Search Page Modification This backdoor modifies the Internet Explorer Zone Settings. Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser
\CurrentVersion\Explorer\ Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects HKEY_LOCAL_MACHINE\System
registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} Other System Modifications This spyware deletes the
64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) It injects codes into the following process(es): User's default browser (except