Home / malwarePDF  

Trojan.Badabro


First posted on 19 December 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Badabro.

Explanation :

The Trojan may arrive on the compromised computer after being installed unintentionally through a download manager.

When the Trojan is executed, it creates the following files:
C:\Documents and Settings\All Users\Desktop\speed browser.lnkC:\Documents and Settings\All Users\Start Menu\Programs\speed browser\speed browser.lnkC:\Program Files\speed browser\Application\38.0.2125.19\37.0.2062.94.manifestC:\Program Files\speed browser\Application\38.0.2125.19\38.0.2125.19.manifestC:\Program Files\speed browser\Application\38.0.2125.19\chrome.dllC:\Program Files\speed browser\Application\38.0.2125.19\chrome_100_percent.pakC:\Program Files\speed browser\Application\38.0.2125.19\chrome_200_percent.pakC:\Program Files\speed browser\Application\38.0.2125.19\chrome_child.dllC:\Program Files\speed browser\Application\38.0.2125.19\chrome_elf.dllC:\Program Files\speed browser\Application\38.0.2125.19\d3dcompiler_46.dllC:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exeC:\Program Files\speed browser\Application\38.0.2125.19\Extensions\external_extensions.jsonC:\Program Files\speed browser\Application\38.0.2125.19\ffmpegsumo.dllC:\Program Files\speed browser\Application\38.0.2125.19\icudtl.datC:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrmstp.exeC:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrome.7zC:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exeC:\Program Files\speed browser\Application\38.0.2125.19\libegl.dllC:\Program Files\speed browser\Application\38.0.2125.19\libexif.dllC:\Program Files\speed browser\Application\38.0.2125.19\libglesv2.dllC:\Program Files\speed browser\Application\38.0.2125.19\Locales\am.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ar.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\bg.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\bn.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ca.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\cs.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\da.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\de.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\el.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\en-GB.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\en-US.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\es-419.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\es.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\et.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\fa.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\fi.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\fil.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\fr.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\gu.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\he.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\hi.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\hr.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\hu.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\id.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\it.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ja.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\kn.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ko.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\lt.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\lv.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ml.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\mr.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ms.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\nb.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\nl.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\pl.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\pt-BR.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\pt-PT.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ro.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ru.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\sk.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\sl.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\sr.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\sv.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\sw.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\ta.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\te.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\th.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\tr.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\uk.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\vi.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\zh-CN.pakC:\Program Files\speed browser\Application\38.0.2125.19\Locales\zh-TW.pakC:\Program Files\speed browser\Application\38.0.2125.19\metro_driver.dllC:\Program Files\speed browser\Application\38.0.2125.19\nacl64.exeC:\Program Files\speed browser\Application\38.0.2125.19\nacl_irt_x86_32.nexeC:\Program Files\speed browser\Application\38.0.2125.19\nacl_irt_x86_64.nexeC:\Program Files\speed browser\Application\38.0.2125.19\pdf.dllC:\Program Files\speed browser\Application\38.0.2125.19\resources.pakC:\Program Files\speed browser\Application\38.0.2125.19\secondarytile.pngC:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\logo.pngC:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\smalllogo.pngC:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\splash-620x300.pngC:\Program Files\speed browser\Application\browser.exeC:\Program Files\speed browser\Application\shortcut.exeC:\Program Files\speed browser\Application\VisualElementsManifest.xml
The Trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids\BrowserHTM: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}\id: "67fbb8efde374b22ba4edcabb2607266"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\: ""C:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\ServerExecutable: "C:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\: "CommandExecuteImpl Class"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\id: "67fbb8efde374b22ba4edcabb2607266"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\vp: "3.0.19141299"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\p: "141299"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ip: "141299"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ad: "getspeedbrowserp.com"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ns: "SPDB"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\v: "3.0.19"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\: "Browser HTML Document"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\URL Protocol: ""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\browser.exe\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\browser.exe\LocalizedString: 53 00 70 00 65 00 65 00 64 00 20 00 42 00 72 00 6F 00 77 00 73 00 65 00 72 00 00 00 08 00HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\ftp: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\http: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\https: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\irc: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\mailto: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\mms: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\news: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\nntp: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\sms: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\smsto: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\tel: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\urn: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\webcal: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\Startmenu\StartMenuInternet: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.htm: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.html: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.shtml: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.xht: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.xhtml: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.webp: "BrowserHTM"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\ReinstallCommand: ""C:\Program Files\speed browser\Application\browser.exe" --make-default-browser"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\HideIconsCommand: ""C:\Program Files\speed browser\Application\browser.exe" --hide-icons"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\ShowIconsCommand: ""C:\Program Files\speed browser\Application\browser.exe" --show-icons"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\IconsVisible: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationDescription: "Browser is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Browser."HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationIcon: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationName: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\StubPath: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Localized Name: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\IsInstalled: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Version: "24,0,0,0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe\: "C:\Program Files\speed browser\Application\browser.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe\Path: "C:\Program Files\speed browser\Application"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayName: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\UninstallString: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe" --uninstall --system-level"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\InstallLocation: "C:\Program Files\speed browser\Application"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayIcon: "C:\Program Files\speed browser\Application\browser.exe,0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\NoModify: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\NoRepair: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\Publisher: "Smart Applications"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\Version: "38.0.2125.19"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayVersion: "38.0.2125.19"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\InstallDate: "20141205"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\VersionMajor: 0x0000084DHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\VersionMinor: 0x00000013HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\speed browser: "Software\Clients\StartMenuInternet\speed browser\Capabilities"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\on-os-upgrade\CommandLine: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe" --on-os-upgrade --system-level --verbose-logging"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\on-os-upgrade\AutoRunOnOSUpgrade: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\CommandLine: ""C:\Program Files\speed browser\Application\browser.exe" --limited-install-from-webstore=%1"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\SendsPings: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\WebAccessible: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\RunAsUser: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\UninstallString: "C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\UninstallArguments: " --uninstall --system-level"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\name: "speed browser"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\oopcrashes: 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\pv: "38.0.2125.19"HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerResult: 0x00000000HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerError: 0x00000000HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerSuccessLaunchCmdLine: ""C:\Program Files\speed browser\Application\browser.exe""HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBrowser\ct: "ct3330500"HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBrowser\domain: "getspeedbrowserp.com"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\speed browser\Application\browser.exe: "C:\Program Files\speed browser\Application\browser.exe:*:Enabled:speed browser"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\speed browser\Application\browser.exe: "C:\Program Files\speed browser\Application\browser.exe:*:Enabled:speed browser"
The Trojan may modify the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\ddeexec\: ""%1",,-1,0,,,,"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\ddeexec\: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\ddeexec\: ""%1",,-1,0,,,,"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\ddeexec\: ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\ddeexec\: ""%1",,-1,0,,,,"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\ddeexec\: ""HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\: "chrome.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\: "browser.exe"
The Trojan installs a new default web browser.

The browser installed by the Trojan may perform the following actions:
Display ads on various websitesUnderline words and display ads when hovered over by the userDisplay pop-up windows falsely claiming to be from Norton technical support

Last update 19 December 2014

 

TOP