Categories: BHO,Toolbar,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Trojans-downloaders downloads and installs new malware or adware on the computer.
[Kaspersky]TrojanDownloader.Win32.Braidupdate.c;
[McAfee]Adware-BrowserAid;
[Panda]Adware/BrowserAid
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
How to detect Adware.BrowserAid:
Files:
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{85c2c2a1-3f20-4ead-adc3-bd3217391543}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_CLASSES_ROOT\typelib\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_LOCAL_MACHINE\software\classes\clsid\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_LOCAL_MACHINE\software\classes\clsid\{85c2c2a1-3f20-4ead-adc3-bd3217391543}
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing Adware.BrowserAid:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Removing Osmosis RAT
Remove Zlob.Fam.Video ActiveX Object Trojan
NetZero Trojan Removal instruction
ScreenView RAT Symptoms
WM.Daniel Trojan Cleaner
No comments:
Post a Comment