MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - L » 

Windll32.exe

This file might be related to spyware. We advice you to scan your computer and eliminate possible threats.

The windll32.exe is related to worm W32.HLLW.Respan, pwsteal.trojan, TrojanProxy.Win32.Mitglieder.bi [Kaspersky], Backdoor.Traitor, Traitor-21.

When Trojan.Mitglieder.L is executed, it performs the following actions:

Copies itself to %System%\Windll32.exe.

Adds the value:

"windll32.exe"="%System%\windll32.exe"

to the registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the Trojan runs when you start Windows.

Creates the following registry entries:

HKEY_CURRENT_USER\SOFTWARE\Frame\pid=<Process ID>
HKEY_CURRENT_USER\SOFTWARE\Frame\uid=<Random value>
HKEY_CURRENT_USER\SOFTWARE\Frame\port=<Random value>

Attempts to end the following processes of various security and anti-virus products.

Attempts to contact a specific page on each of the following Web sites to send port information to the attacker:

raymondj.net, jimmuennich.web.aplus.net, ofallonzone.com, hostbasket.com, gorrrotory.com, hopptoron.com, worrtory.com, seat-xl.biz, testakk.org...

 

 

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.