Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\akvt.dll
[%WINDOWS%]\ddlzu.exe
[%WINDOWS%]\dmesjaziw.dll
[%WINDOWS%]\dzdoy.dll
[%WINDOWS%]\eoglha.dll
[%WINDOWS%]\mgpnwvs.dll
[%WINDOWS%]\mlgu.dll
[%WINDOWS%]\pkrpo.dll
[%WINDOWS%]\rswoibf.dll
[%WINDOWS%]\tnkg.dll
[%WINDOWS%]\vzuo.dll
[%WINDOWS%]\xazb.dll
[%WINDOWS%]\ykkesudl.dll
[%WINDOWS%]\yzct.exe
[%WINDOWS%]\akvt.dll
[%WINDOWS%]\ddlzu.exe
[%WINDOWS%]\dmesjaziw.dll
[%WINDOWS%]\dzdoy.dll
[%WINDOWS%]\eoglha.dll
[%WINDOWS%]\mgpnwvs.dll
[%WINDOWS%]\mlgu.dll
[%WINDOWS%]\pkrpo.dll
[%WINDOWS%]\rswoibf.dll
[%WINDOWS%]\tnkg.dll
[%WINDOWS%]\vzuo.dll
[%WINDOWS%]\xazb.dll
[%WINDOWS%]\ykkesudl.dll
[%WINDOWS%]\yzct.exe
How to detect JimmyHelp:
Files:
[%WINDOWS%]\akvt.dll
[%WINDOWS%]\ddlzu.exe
[%WINDOWS%]\dmesjaziw.dll
[%WINDOWS%]\dzdoy.dll
[%WINDOWS%]\eoglha.dll
[%WINDOWS%]\mgpnwvs.dll
[%WINDOWS%]\mlgu.dll
[%WINDOWS%]\pkrpo.dll
[%WINDOWS%]\rswoibf.dll
[%WINDOWS%]\tnkg.dll
[%WINDOWS%]\vzuo.dll
[%WINDOWS%]\xazb.dll
[%WINDOWS%]\ykkesudl.dll
[%WINDOWS%]\yzct.exe
[%WINDOWS%]\akvt.dll
[%WINDOWS%]\ddlzu.exe
[%WINDOWS%]\dmesjaziw.dll
[%WINDOWS%]\dzdoy.dll
[%WINDOWS%]\eoglha.dll
[%WINDOWS%]\mgpnwvs.dll
[%WINDOWS%]\mlgu.dll
[%WINDOWS%]\pkrpo.dll
[%WINDOWS%]\rswoibf.dll
[%WINDOWS%]\tnkg.dll
[%WINDOWS%]\vzuo.dll
[%WINDOWS%]\xazb.dll
[%WINDOWS%]\ykkesudl.dll
[%WINDOWS%]\yzct.exe
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{096b5129-d95f-4762-a560-70fa9f7d92a7}
HKEY_CLASSES_ROOT\clsid\{0b1dd3c6-bb64-4fe1-b8cb-c850f3360477}
HKEY_CLASSES_ROOT\clsid\{5ca7f2e3-fd21-4ab6-8e79-43788751df9a}
HKEY_CLASSES_ROOT\clsid\{aa2ec8f1-7e4e-495c-a497-8c84f8f9c0de}
HKEY_CLASSES_ROOT\clsid\{c04d27a0-ca6a-4a13-8978-15b279823a71}
HKEY_CLASSES_ROOT\clsid\{c70c21b1-0729-4cd8-b429-ff1c886a7d7c}
HKEY_CLASSES_ROOT\clsid\{de76b531-8318-4701-8240-86750d7b6711}
HKEY_CLASSES_ROOT\clsid\{f5b75795-68f9-4b5f-b7c7-31108f82b528}
HKEY_CLASSES_ROOT\clsid\{fc626b87-8f97-4a13-958f-f9c61be2047a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{096b5129-d95f-4762-a560-70fa9f7d92a7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0b1dd3c6-bb64-4fe1-b8cb-c850f3360477}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ca7f2e3-fd21-4ab6-8e79-43788751df9a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aa2ec8f1-7e4e-495c-a497-8c84f8f9c0de}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c04d27a0-ca6a-4a13-8978-15b279823a71}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c70c21b1-0729-4cd8-b429-ff1c886a7d7c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{de76b531-8318-4701-8240-86750d7b6711}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f5b75795-68f9-4b5f-b7c7-31108f82b528}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc626b87-8f97-4a13-958f-f9c61be2047a}
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing JimmyHelp:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Agent.gz Downloader Removal
Soclaip Trojan Removal instruction
Bancos.GJU Trojan Information
WarPigs.C Trojan Symptoms
Removing VBS.Generator Worm
No comments:
Post a Comment