Technical details:
Categories: BHO,Downloader
[Kaspersky]TrojanDownloader.Win32.BHO;
[Panda]Adware/NetPals FavoriteMan Files:
[%SYSTEM%]\ATPartners.dll
[%SYSTEM%]\favboot.dll
[%SYSTEM%]\favorite.dll
[%SYSTEM%]\mbr32.dll
[%SYSTEM%]\mpz300.dll
[%SYSTEM%]\emesx.dll
[%SYSTEM%]\f1.dll
[%SYSTEM%]\favman.dll
[%SYSTEM%]\gr02.dll
[%SYSTEM%]\lwz.dll
[%SYSTEM%]\n3tpa1p.dll
[%SYSTEM%]\ofrg.dll
[%SYSTEM%]\otw0i.dll
[%SYSTEM%]\sysldr.dll
[%WINDOWS%]\system\emesx.dll
[%WINDOWS%]\system\f1.dll
[%WINDOWS%]\system\favboot.dll
[%WINDOWS%]\system\favman.dll
[%WINDOWS%]\system\favorite.dll
[%WINDOWS%]\system\lwz.dll
[%WINDOWS%]\system\n3tpa1p.dll
[%WINDOWS%]\system\ofrg.dll
[%WINDOWS%]\system\sysldr.dll
[%SYSTEM%]\ATPartners.dll
[%SYSTEM%]\favboot.dll
[%SYSTEM%]\favorite.dll
[%SYSTEM%]\mbr32.dll
[%SYSTEM%]\mpz300.dll
[%SYSTEM%]\emesx.dll
[%SYSTEM%]\f1.dll
[%SYSTEM%]\favman.dll
[%SYSTEM%]\gr02.dll
[%SYSTEM%]\lwz.dll
[%SYSTEM%]\n3tpa1p.dll
[%SYSTEM%]\ofrg.dll
[%SYSTEM%]\otw0i.dll
[%SYSTEM%]\sysldr.dll
[%WINDOWS%]\system\emesx.dll
[%WINDOWS%]\system\f1.dll
[%WINDOWS%]\system\favboot.dll
[%WINDOWS%]\system\favman.dll
[%WINDOWS%]\system\favorite.dll
[%WINDOWS%]\system\lwz.dll
[%WINDOWS%]\system\n3tpa1p.dll
[%WINDOWS%]\system\ofrg.dll
[%WINDOWS%]\system\sysldr.dll
FavoriteMan Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA}
HKEY_CLASSES_ROOT\typelib\{ef100607-f409-426a-9e7c-cb211f2a9030}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000ef1-34e3-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA}
HKEY_CLASSES_ROOT\clsid\{00000ef1-34e3-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\clsid\{139d88e5-c372-469d-b4c5-1fe00852ab9b}
HKEY_CLASSES_ROOT\fone.organizer
HKEY_CLASSES_ROOT\fone.organizer.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{000000da-0786-4633-87c6-1aa7a4429ef1}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-34e3-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{139d88e5-c372-469d-b4c5-1fe00852ab9b}
HKEY_CLASSES_ROOT\typelib\{00000ef1-34e3-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9030}
HKEY_LOCAL_MACHINE\software\classes\clsid\{000000da-0786-4633-87c6-1aa7a4429ef1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{139d88e5-c372-469d-b4c5-1fe00852ab9b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-34e3-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{139d88e5-c372-469d-b4c5-1fe00852ab9b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b549456d-f5d0-4641-bced-8648a0c13d83}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\f1
FavoriteMan Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows
HKEY_CURRENT_USER\software\microsoft\windows
HKEY_CURRENT_USER\software\microsoft\windows
HKEY_CURRENT_USER\software\microsoft\windows
HKEY_CURRENT_USER\object
HKEY_CURRENT_USER\software\microsoft\windows
HKEY_CURRENT_USER\software\microsoft\windows
FavoriteMan indications of infection
This symptoms of FavoriteMan detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Adrem.Free.Remote.Console RAT Information
Bancos.ZZX Trojan Cleaner
Bancos.FTP Trojan Information
VB.eo Backdoor Removal instruction
ZKeylog Spyware Removal instruction
Posts
No comments:
Post a Comment