Categories: Trojan,BHO,Backdoor,Hijacker,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
[Kaspersky]TrojanProxy.Win32.Agent.e;
[Panda]Bck/Ranck.E;
[Computer Associates]Backdoor/Hogle,Win32.Hogle.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll
How to detect Hogle:
Files:
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0aaf602e-72a1-45fe-bab1-06971e07eaa2}
HKEY_CLASSES_ROOT\clsid\{753aa023-02d1-447d-8b55-53a91a5abf18}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{753aa023-02d1-447d-8b55-53a91a5abf18}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0aaf602e-72a1-45fe-bab1-06971e07eaa2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{753aa023-02d1-447d-8b55-53a91a5abf18}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{753aa023-02d1-447d-8b55-53a91a5abf18}
Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing Hogle:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Becon Trojan Removal
No comments:
Post a Comment