Search
Keyword: browser hijacker
Browsers Gecko Based Browsers FTP Clients: FileZilla Messaging Applications: Telegram VPN: ProtonVPN NordVPN OpenVPN Others: Discord Steam Browser Extensions: Autofill data Browser data (login information,
information from the following application: Firefox Orbitum MapleStudio Chrome Chromium Chedot Kometa Epic Privacy Browser Elements Browser Opera 7Star Vivaldi CentBrowser Iridium Uran Citrio Coowon liebao
a Browser Helper Object (BHO): HKEY_CLASSES_ROOT\CLSID {DC888631-57F5-4AF4-86B3-BDE5F854DCBF} = HKEY_CLASSES_ROOT\Interface {5ECDAA08-B706-41C6-8F09-C69D1C45C66A} = HKEY_CLASSES_ROOT
\Roaming\Browser %User Profile%\Browser\Updater (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:
website and run when a user accesses the said website. Information Theft This spyware retrieves the following information from the affected system: Adobe Flash Version Java Version Web Browser Extension:
Threat Diagram shown below. This spyware may be downloaded by other malware/grayware from remote sites. It acts as a Browser Helper Object (BHO) that monitors a user's Internet-browsing habits. It attempts
packages. It acts as a Browser Helper Object (BHO) that monitors a user's Internet-browsing habits. It requires its main component to successfully perform its intended routine. Arrival Details This adware
does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects user's browser to the following sites: https://{BLOCKED}t.ly/3GtaxPN
does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects user's browser to the following sites: https://{BLOCKED}i.com/BXnvRO
does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects user's browser to the following sites: https://{BLOCKED
It drops AUTORUN.INF file to enable the automatic execution of the main executable file whenever infected drives are accessed. This worm may be dropped by other malware. It acts as a Browser Helper
clicking on malicious links on Facebook . It displays specific graphical user interface (GUI) in the web browser of affected system. Once installed, it displays fake scanning results and shows random alerts
%Application Data%\Torch\User Data\Default\Extensions\kogigcidldglhfklkcdmkcakmnjlfjhe\2.1 %Application Data%\Chromatic Browser %Application Data%\Chromatic Browser\User Data %Application Data%\Chromatic Browser
%Application Data%\Torch\User Data\Default\Extensions\mejcdoaglpoedcbbnlediiicoljhiilc\3.9 %Application Data%\Chromatic Browser %Application Data%\Chromatic Browser\User Data %Application Data%\Chromatic Browser
NOTES: This backdoor queries the default web browser by accessing the following registry entry: HKEY_CLASSES_ROOT\http\shell\open\command It then launches a hidden web browser process such as IEXPLORE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{460B4F43-12E1-474C-9103-54855F10C1E2} Other System Modifications This Trojan adds the following registry keys:
malware/grayware packages. Autostart Technique This adware adds the following registry keys to install itself as a Browser Helper Object (BHO): HKEY_CLASSES_ROOT\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
CVE-2013-0073 This patch addresses a vulnerability found in the .NET Framework. Once users view a specially crafted webpage via a web browser running in XAML Browser Applications, it can allow
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{D5DD563F-B087-480A-A596-DC372BA3B191}
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following images to lure the user and redirect their browser to a malicious link: It redirects