Technical details:
Categories: Adware
[Kaspersky]AdWare.Win32.AdMedia.g;
[Panda]Adware/Dodoor;
[Other]Adware.IEhlpr DoDoor Folders:
[%PROGRAM_FILES%]\DoDoorRSSFinder
DoDoor Files:
[%COMMON_APPDATA%]\Microsoft\Crypto\bfnmgf.exe
[%PROGRAM_FILES%]\NetMeeting\conf.dll
[%PROGRAM_FILES%]\NetMeeting\netinit.dll
[%COMMON_APPDATA%]\Microsoft\Crypto\bfnmgf.exe
[%PROGRAM_FILES%]\NetMeeting\conf.dll
[%PROGRAM_FILES%]\NetMeeting\netinit.dll
DoDoor Registry Keys:
HKEY_CLASSES_ROOT\clsid\{8de0b272-74fa-1fd1-b7da-0ca0c9b348d6}
HKEY_CLASSES_ROOT\CLSID\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}
HKEY_CLASSES_ROOT\clsid\{cc0d9597-a6c0-48e5-84fa-f59d2d23cf6d}
HKEY_CLASSES_ROOT\CLSID\{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF}
HKEY_CLASSES_ROOT\clsid\{e7009873-0d40-45b1-8d59-5b9ae98c7d38}
HKEY_CLASSES_ROOT\htmlparser.htmlanalyzer
HKEY_CLASSES_ROOT\htmlparser.htmlanalyzer.1
HKEY_CLASSES_ROOT\iefilter.fltsetup
HKEY_CLASSES_ROOT\iefilter.fltsetup.1
HKEY_CLASSES_ROOT\iefilter.htmlfilter
HKEY_CLASSES_ROOT\iefilter.htmlfilter.1
HKEY_CLASSES_ROOT\interface\{999adfa2-8ad1-47ff-97fc-69fb847458f4}
HKEY_CLASSES_ROOT\typelib\{71c66461-9b21-47e0-8b45-c3c649cd67f8}
HKEY_CLASSES_ROOT\typelib\{998cae99-eb35-4c8e-a30a-bc061ad826f5}
HKEY_CLASSES_ROOT\typelib\{d8783a61-0431-4f03-a143-0dd5d8db1703}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D49D58D-5C84-4B50-8359-D9809BEB2B32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF}
HKEY_CLASSES_ROOT\activebandobject.activebho
HKEY_CLASSES_ROOT\activebandobject.activebho.1
HKEY_CLASSES_ROOT\clsid\{63c55a7f-6e29-8d4f-5c76-4f850f28d13a}
HKEY_CLASSES_ROOT\clsid\{999adfa2-8ad1-47ff-97fc-69fb847458f4}
HKEY_CLASSES_ROOT\clsid\{d424fe4e-caf9-4fdd-bc5f-e6e6b91d53bf}
HKEY_CLASSES_ROOT\clsid\{f5b3eced-9bf3-4f7e-882b-a6e75343c499}
HKEY_CLASSES_ROOT\interface\{ab6ec1fc-83b0-4ef2-a128-785bafc2a2b5}
HKEY_CLASSES_ROOT\interface\{d922591d-7893-412b-b801-c3b2f31be4c9}
HKEY_CLASSES_ROOT\typelib\{2f80a49b-9fa3-4fa0-a964-4689b0c1b30b}
HKEY_CLASSES_ROOT\typelib\{964ddeff-b16c-4113-8ff7-8e83b53c8ed8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d49d58d-5c84-4b50-8359-d9809beb2b32}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{63c55a7f-6e29-8d4f-5c76-4f850f28d13a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{721e6521-4cad-4a8d-a7f1-4e230b31ef19}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{999adfa2-8ad1-47ff-97fc-69fb847458f4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d424fe4e-caf9-4fdd-bc5f-e6e6b91d53bf}
DoDoor Registry Values:
HKEY_CLASSES_ROOT\clsid\{1d49d58d-5c84-4b50-8359-d9809beb2b32}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{1d49d58d-5c84-4b50-8359-d9809beb2b32}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
DoDoor indications of infection
This symptoms of DoDoor detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Removing Random.Text DoS
TrojanDownloader.Win32.Tooncom Trojan Information
Removing Veritas Downloader
SillyDl.CUM Trojan Information
WebLookUp Adware Removal
Posts
No comments:
Post a Comment