Trojan.Win32.Favadd.d

tag:Trojans

0 0

This Trojan is a Windows PE EXE file approximately 67KB in size.

When installing itself to the system, it creates a file named crcspider.ico in the Windows root directory.

Once launched, Favadd.d causes the following dialogue box to be displayed on screen:

It then creates a new folder named 'cracks' in the Favourites directory, which contains the following links and comments:

! TheBUGS.ws - Security Related Portal
http://www.thebugs.ws
!! CrackSpider.NET - Cracks search engine
http://crackspider.net
allseek.info - The Underground portal
http://allseek.info
anyCracks.com - Keygens, patches, crack
http://anycracks.com
Astalavista - Cracks search engine
http://astalavista.thebugs.ws
bestserials.com - Best serials
http://bestserials.com
CrackPortal.com - Cracks, serial number
http://www.crackportal.com
CrackSpider.DE - Cracks search engine
http://www.crackspider.de
CrackSpider.US - Cracks search engine
http://www.crackspider.us
CrackWay.com - Since 2001 cracks arhive
http://www.crackway.com
iCracks.net - Keygens, patches, crackz.
http://icracks.net
KeyGen.US - Keygens, patches, crackz...
http://keygen.us
mscrack.com - Cracks, serial numbers...
http://mscracks.com

It also creates the following entries in the system registry:

[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"ButtonText"="Search cracks at CrackSpider.NET"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"MenuText"="Search cracks at CrackSpider.NET"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"MenuStatusBar"="Search cracks at CrackSpider.NET"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"ClSid"="(1FBA04EE-3024-11d2-8F1F-0000F87ABD16)"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Default Visible"="Yes"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Exec"="http://crackspider.net/"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"HotIcon"="<windows>\crcspider.ico"
[HKCU\Software\Microsoft\Internet Explorer\Extensions\(10954C80-4F0F-11d3-B17C-00C0DFE39736)]
"Icon"="<windows>\crcspider.ico"
[HKCU\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://crackspider.net/"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://crackspider.net/"

The Trojan adds a button which links to www.crackspider.com to the Internet Explorer toolbar.

It adds this link to Favorites, and changes the home page to www.crackspider.com

previous:Trojan.Win32.Favadd.m
previous:Trojan.Win32.FireAnvil

Virus Source from:

New articles

TROJ_FAKEAV.WKAThis Trojan may be downloaded from the following remote sites: http://{BLOCKED}ogle.info/tre/lena.exe/{random characters} This Trojan adds the foll...TROJ_RANSOM.QOWAThis Trojan may be unknowingly downloaded by a user while visiting malicious websites. This Trojan drops the following copies of itself into the affected sys...TapSnake.ATapSnake.A is a Trojan that affects mobile phones with an Android operating system. Once installed in the phone, it carries out the following actions: ...Trojan.Win32.FraudPack.bkheOnce launched, the program will display a message stating that the computer has been infected by malicious programs: The message is displayed even if there a...Trojan-Dropper.Win32.Agent.cxdOnce activated, the Trojan copies its body and saves it to the Windows system directory as "fvfj.sxo": %System%fvfj.sxo In order to ensure that th...

Hot Articles

Trojan.Win32.Favadd.d

Computer Virus Clounds