Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\iic326.exe
[%SYSTEM%]\cosmpobj.dll
[%SYSTEM%]\vfaxcom.dll
[%PROFILE_TEMP%]\iic326.exe
[%SYSTEM%]\cosmpobj.dll
[%SYSTEM%]\vfaxcom.dll
How to detect AdsInContext:
Files:
[%PROFILE_TEMP%]\iic326.exe
[%SYSTEM%]\cosmpobj.dll
[%SYSTEM%]\vfaxcom.dll
[%PROFILE_TEMP%]\iic326.exe
[%SYSTEM%]\cosmpobj.dll
[%SYSTEM%]\vfaxcom.dll
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1ea81140-e923-4875-a05f-27ec6dcd8921}
HKEY_CLASSES_ROOT\clsid\{2df623aa-c813-4442-b7b5-04aa303d4089}
HKEY_CLASSES_ROOT\clsid\{33011291-8f20-4501-96bb-4b2a16f0530d}
HKEY_CLASSES_ROOT\clsid\{81f0756d-1409-4dae-8df3-b35f517bf65c}
HKEY_CLASSES_ROOT\clsid\{adf6cbf2-6412-4150-a47f-aa9726b2c23a}
HKEY_CLASSES_ROOT\clsid\{d212259d-4648-4903-9fbd-02e88785d33c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1ea81140-e923-4875-a05f-27ec6dcd8921}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{adf6cbf2-6412-4150-a47f-aa9726b2c23a}
Removing AdsInContext:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Wantvi Trojan Removal instruction
Removing Rbot.aj Backdoor
No comments:
Post a Comment