Home / malware BrowserModifier:Win32/CNNIC
First posted on 15 February 2019.
Source: MicrosoftAliases :
BrowserModifier:Win32/CNNIC is also known as Adware.CDN-8, Win32/Adware.CDN, Adware-CDNHelper, W32/CNNIC.A, ADW_BDSEARCH.OV, Adware.CDNHelper.B.
Explanation :
BrowserModifier:Win32/CNNIC enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC (China Internet Network Information Center). This program is often installed as part of a shareware or freeware program, with or without user consent. BrowserModifier:Win32/CNNIC also contains a kernel driver that protects its files and registry settings from being modified or deleted. The program also includes automatic self-update functionality. InstallationBrowserModifier:Win32/CNNIC may create the following files during installation: %USERPROFILE%local settings empsetup.exe
%USERPROFILE%local settings empsetupcdn.dll
%USERPROFILE%local settings empsetupcdndet.dll
%USERPROFILE%local settings empsetupcdnglo.dll
%USERPROFILE%local settings empsetupcdnins.dll
%USERPROFILE%local settings empsetupcdnprh.dll
%USERPROFILE%local settings empsetupcdnprot.sys
%USERPROFILE%local settings empsetupcdnspie.dll
%ProgramFiles%cnniccdncdn.dll
%ProgramFiles%cnniccdncdnaux.dll
%ProgramFiles%cnniccdncdncmd.dll
%ProgramFiles%cnniccdncdncol.dll
%ProgramFiles%cnniccdncdnctr.exe
%ProgramFiles%cnniccdncdndet.dll
%ProgramFiles%cnniccdncdndrag.dll
%ProgramFiles%cnniccdncdnforie.dll
%ProgramFiles%cnniccdncdnglo.dll
%ProgramFiles%cnniccdncdnins.dll
%ProgramFiles%cnniccdncdnns.dll
%ProgramFiles%cnniccdncdnprh.dll
%ProgramFiles%cnniccdncdnprot.sys
%ProgramFiles%cnniccdncdnrenew.exe
%ProgramFiles%cnniccdncdnsign.dll
%ProgramFiles%cnniccdncdnspie.dll
%ProgramFiles%cnniccdncdnswp.exe
%ProgramFiles%cnniccdncdntdns.dll
%ProgramFiles%cnniccdncdnuc.exe
%ProgramFiles%cnniccdncdnunins.exe
%ProgramFiles%cnniccdncdnup.exe
%ProgramFiles%cnniccdncdnuplib.dll
%ProgramFiles%cnniccdnclient.dll
%ProgramFiles%cnniccdnidnconv.dll
%ProgramFiles%cnniccdnidnconvs.dll
%ProgramFiles%cnniccdniesrch.dll
%ProgramFiles%cnniccdnimaconv.dll
%ProgramFiles%cnniccdnimaoe.dll
%ProgramFiles%cnniccdnimaol.dll
%ProgramFiles%cnniccdn
btnhtm.cab
%ProgramFiles%cnniccdnupdatecdndet.dll
%ProgramFiles%cnniccdnupdatecdnforie.dll
%ProgramFiles%cnniccdnupdatecdnglo.dll
%ProgramFiles%cnniccdnupdatecdnprh.dll
%ProgramFiles%cnniccdnupdatecdnprot.sys
%ProgramFiles%cnniccdnupdatecdnrenew.exe
%ProgramFiles%cnniccdnupdatecdnspie.dll
%ProgramFiles%cnniccdnupdatecdntdns.dll
%ProgramFiles%cnniccdnupdatecdntran.sys
%ProgramFiles%cnniccdnupdatecdnup.exe
%ProgramFiles%cnniccdnupdatecdnuplib.dll
%ProgramFiles%cnniccdnupdateimaoe.dll
%ProgramFiles%cnniccdnupdatewmhlpr.dll
%ProgramFiles%cnniccdncdnctr.exe The following files may also be dropped to the Windows system folder:
cdn.dll
cdnns.dll
driverscdnprot.sys
driverscdntran.sys
BrowserModifier:Win32/CNNIC may create the following registry entries: HKEY_LOCAL_MACHINESoftwareClassesCdn.CdnObj
HKEY_LOCAL_MACHINESoftwareMicrosoftCode Store DatabaseDistribution Units{9A578C98-3C2F-4630-890B-FC04196EF420}
HKEY_LOCAL_MACHINESoftwareClassesMailParserSvr.MailParser.1
HKEY_LOCAL_MACHINESoftwareClassesclsid{461A86F7-A29D-460A-80D5-52979AA6C46D}
HKEY_LOCAL_MACHINESoftwareClassesclsid{8CDCBBA0-4BE1-4199-8389-1B19ED41D3E8}
HKEY_LOCAL_MACHINESoftwareClassesclsid{F5824EFB-728A-4726-A5A5-85A68B20EDC3}
HKEY_CURRENT_USERSoftwareCNNIC
HKEY_LOCAL_MACHINESoftwareClassesWMHlpr.WMEvtSink.1
HKEY_LOCAL_MACHINESoftwareClassesclsid{35980F6E-A137-4E50-953D-813BB8556899}
HKEY_LOCAL_MACHINESoftwareClassesCndnIEHelper.Alive
HKEY_LOCAL_MACHINESoftwareClassesCndnIEHelper.CndnIEHlprObj.1
HKEY_LOCAL_MACHINEClassesclsid{F411F2F2-8D8F-41B1-B9D3-4D849ADFE38A}
HKEY_LOCAL_MACHINESoftwaremicrosoftwindowscurrentversionuninstallCdnClient
HKEY_LOCAL_MACHINESoftwareClassesWMHlpr.WMHlprObj
HKEY_LOCAL_MACHINESoftwareClassesclsid{9A578C98-3C2F-4630-890B-FC04196EF420}
HKEY_LOCAL_MACHINESoftwareClassesMailParserSvr.InspectorHandler.1
HKEY_LOCAL_MACHINESoftwareClassesCndnIEHelper.CndnIEHlprObj
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensionsCmdMapping {35980F6E-A137-4E50-953D-813BB8556899}
HKEY_LOCAL_MACHINESoftwareClassesWMHlpr.WMHlprObj.1
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{35980F6E-A137-4E50-953D-813BB8556899}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun CdnCtr
HKEY_LOCAL_MACHINESoftwareClassesWMHlpr.WMEvtSink
HKEY_LOCAL_MACHINESoftwareClassesCdnForIE.IEHlprObj.1
HKEY_LOCAL_MACHINESoftwareClassesclsid{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINESoftwareClassesieupbho.bho
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun SearchNet_Up
HKEY_LOCAL_MACHINESoftwareClassesCndnIEHelper.Alive.1
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35980F6E-A137-4E50-953D-813BB8556899}
HKEY_LOCAL_MACHINESoftwareClassesMailParserSvr.MailParser
HKEY_LOCAL_MACHINESoftwareClassesMailParserSvr.InspectorHandler
HKEY_LOCAL_MACHINESoftwareClassesCdn.CdnObj.1
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun renewup
HKEY_LOCAL_MACHINESoftwareCNNIC
HKEY_LOCAL_MACHINESystemCurrentControlSetServicescdnprot
HKEY_LOCAL_MACHINESystemCurrentControlSetServicescdntran
HKEY_LOCAL_MACHINESystemcontrolset001servicescdnprot
HKEY_LOCAL_MACHINESoftwareClassesclsid{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_LOCAL_MACHINESoftwareClassesieupbho.bho.1
HKEY_CURRENT_USER SOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINESoftwareClassesCdnForIE.IEHlprObj
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35980F6E-A137-4E50-953D-813BB8556899}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F5824EFB-728A-4726-A5A5-85A68B20EDC3}Last update 15 February 2019
