Home / malwarePDF  

BrowserModifier:Win32/NavExcel


First posted on 07 December 2009.
Source: SecurityHome

Aliases :

BrowserModifier:Win32/NavExcel is also known as not-a-virus:AdWare.Win32.NavExcel.h (Kaspersky), W32/NavExcel.EF (Norman), Adware/NavHelper (Panda), NavExcel Search Toolbar (Sunbelt Software), SecurityRisk.NavHelper (Symantec), Adware_.79F13464 (Trend Micro).

Explanation :

BrowserModifier:Win32/NavExcel is an application that installs an Internet Explorer Browser Helper Object (BHO) or plug-in. It allows a user to conduct searches by typing keywords directly into the browser's address bar. It may also install its own search toolbar.
Top

BrowserModifier:Win32/NavExcel is an application that installs an Internet Explorer Browser Helper Object (BHO) or plug-in. It allows a user to conduct searches by typing keywords directly into the browser's address bar. It may also install its own search toolbar. Win32/NavExcel checks for updates for itself. It may send information about the system to a certain Web site without the user's knowledge. InstallationBrowserModifier:Win32/NavExcel may arrive bundled with other applications. When executed, it may create the following folders and files:

  • %ProgramFiles%\Navexcel search toolbar\file0001
    %ProgramFiles%\Navexcel search toolbar\file0001.lzc
    %ProgramFiles%\Navexcel search toolbar\Navexcelbar.dll
    %ProgramFiles%\Navexcel search toolbar\settings.dat
  • %ProgramFiles%\Navexcel\Navhelper\v1.0\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v1.0\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v1.0\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v1.0\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v1.0\v1.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.2\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.2\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.2\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.2\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.2\v2.0.2.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.3\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.3\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.3\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.3\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.3\v2.0.3.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.4\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4\v2.0.4.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.4a\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4a\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4a\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4a\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4a\v2.0.4a.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.4b\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4b\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4b\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4b\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4b\v2.0.4b.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.4c\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4c\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4c\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4c\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4c\v2.0.4c.cab
  • %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\navapp.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\nhelper.dll
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\nhelper.htm
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\nhuninstaller.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\nhupdater.exe
    %ProgramFiles%\Navexcel\Navhelper\v2.0.4d\v2.0.4d.cab
    • BrowserModifier:Win32/NavExcel may also add the following registry entries and subkeys as part of its installation routine:
  • Adds subkeys:
    HKLM\SOFTWARE\NavExcel\NavHelper
    HKLM\SOFTWARE\Classes\AppID\NHelper.DLL
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper\CLSID
    HKLM\SOFTWARE\Classes\AppID\{710BCB5B-8C6C-483E-A4F5-FAF083B13184}
    HKLM\SOFTWARE\Classes\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
    HKLM\SOFTWARE\Classes\Interface\{20F36AF3-3486-4BB6-8BCB-F1F8ABE74D07}
    HKLM\SOFTWARE\Classes\TypeLib\{FA4DE133-D3C3-4ED4-92D1-CD4DDE839AB3}
  • Adds value: "DisplayName"
    With data: "Navhelper"
    To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavHelper


    • Analysis by Jireh Sanico

    Last update 07 December 2009

     

    TOP

    Malware :