Technical details:
Categories: Adware,Hijacker
[Kaspersky]AdWare.Win32.Baigoo.a;
[Other]W32/BHO.H!tr.dldr,Win32/Adware.Toolbar.Baigoo application Baigoo Folders:
[%PROGRAM_FILES%]\baigoo
Baigoo Files:
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
Baigoo Registry Keys:
HKEY_CLASSES_ROOT\appid\{40ef7ccc-71fe-4615-a0ca-d373f8c2ac88}
HKEY_CLASSES_ROOT\bgoobho.status
HKEY_CLASSES_ROOT\bgoobho.status.1
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser.1
HKEY_CLASSES_ROOT\clsid\{18439a22-67a7-4a82-abb6-82977555ac9b}
HKEY_CLASSES_ROOT\interface\{0bfd5815-6072-41d8-bca5-7768ed97a079}
HKEY_CLASSES_ROOT\interface\{32cfa498-08be-4bb7-b362-85ee3bed4617}
HKEY_CLASSES_ROOT\interface\{5cd25f44-7f74-432d-aa30-4031fe28c326}
HKEY_CLASSES_ROOT\typelib\{6b01a4af-1ab1-47fe-bf1b-1d1583d2b2c0}
HKEY_CLASSES_ROOT\baigooex.update
HKEY_CLASSES_ROOT\baigooex.update.1
HKEY_CLASSES_ROOT\baigoopm.bhohelper
HKEY_CLASSES_ROOT\baigoopm.bhohelper.1
HKEY_CLASSES_ROOT\baigoopm.browserobject
HKEY_CLASSES_ROOT\baigoopm.browserobject.1
HKEY_CLASSES_ROOT\clsid\{7905958a-18c2-4139-9957-ae6f2b754818}
HKEY_CLASSES_ROOT\clsid\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_CLASSES_ROOT\clsid\{808eaf87-61b8-4eea-8b85-27480d1bdbee}
HKEY_CLASSES_ROOT\clsid\{8816ea7a-5944-4277-b98e-2c0a46fb36e9}
HKEY_CLASSES_ROOT\interface\{427263c1-fe45-4ef7-8765-318395f7d795}
HKEY_CLASSES_ROOT\interface\{73d898cc-32ae-4c08-a4ba-2142fccdb9ce}
HKEY_CLASSES_ROOT\interface\{a20b50fb-d4b9-4637-83db-72253a2e3d53}
HKEY_CLASSES_ROOT\typelib\{9dc44a38-b772-47f8-a406-054f842ec7c5}
HKEY_CURRENT_USER\software\baigoo
HKEY_LOCAL_MACHINE\software\baigoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8465d755-afe0-40ef-bc5e-2290d2c1f31f}
Baigoo Registry Values:
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
Baigoo indications of infection
This symptoms of Baigoo detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
PSW.QQMusic Trojan Information
Posts
No comments:
Post a Comment