MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Logfile of HijackThis v1.98.2 - rtmanuel » 

systemse.exe

W32 / Rbot-BD is a member of the W32 / Rbot family of worms with backdoor capabilities. In order to run automatically when Windows starts up the worm copies itself to the file systemse.exe in the Windows system folder and adds the following registry entries pointing to this file:

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Microsoft Update Machine=systemse.exe
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ RunServices \
Microsoft Update Machine=systemse.exe
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Microsoft Update Machine=systemse.exe.

When run the worm attempts to connect to a remote IRC server. This connection is used as a control channel.

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.