Subscribe
The Trojan, which is installed as a Browser Helper Object, can perform a range of actions, including:
- collecting data on the sites visited by the user
- displaying pop-up advertisements. The advertising material is drawn from an archive which is downloaded from the Internet by other Trojan programs.
- downloading files via the Internet without the user
- Run regsvr32/u
This Trojan is a Windows DLL file. It is written in C . The file size may vary.
InstallationThe program is installed when the Trojan DLL file is registered. The Trojan registers itself in the system as a Browser Helper Object, and creates the following registry keys:
[HKCR\NaviPromo.EGNaviScoring] [HKCR\NaviPromo.EGNaviScoring.1] [HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}] [HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}] [HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE614603-6320-4046-A7A7-6A69CEC26F14}]Payload
- Run regsvr32/u
Hot Articles