Home / malwarePDF  

BrowserModifier:Win32/Clodaconas


First posted on 15 December 2016.
Source: Microsoft

Aliases :

There are no other names known for BrowserModifier:Win32/Clodaconas.

Explanation :

Installation
This threat is installed into the following location:

  • %ProgramFiles%\DNS Unlocker\config.ini
  • %ProgramFiles%\DNS Unlocker\ConsoleApplication1.dll
  • %ProgramFiles%\DNS Unlocker\DNSLOCKINGTON.cer
  • %ProgramFiles%\ DNS Unlocker\dnslockington.exe
  • %ProgramFiles%\ DNS Unlocker\Info.rtf
  • %ProgramFiles%\ DNS Unlocker\License.rtf
  • %ProgramFiles%\ DNS Unlocker\LogoBlack.ico
  • %ProgramFiles%\ DNS Unlocker\LogoGreen.ico
  • %ProgramFiles%\ DNS Unlocker\LogoYellow.ico
  • %ProgramFiles%\ DNS Unlocker\Microsoft.Win32.TaskScheduler.dll
  • %ProgramFiles%\ DNS Unlocker\settings.ini
  • %ProgramFiles%\ DNS Unlocker\unins000.dat
  • %ProgramFiles%\ DNS Unlocker\unins000.exe
  • %ProgramFiles%\ DNS Unlocker\ZonaTools.XPlorerBar.dll


Uninstallation
This threat can be uninstalled from the Programs and Features
panel:

Payload
Displays ads that you can't control


This program can show you extra ads. These advertisements would not be shown if this program wasn't installed on your PC.



Modifies registry settings without your consent

This threat changes your PC's DNS settings in the following registry entries to inject ads, thereby affecting or interrupting your browsing experience.
  • In subkey: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\
    Sets value: "DhcpNameServer"
    With data: "82.163.143.144,82.163.142.146"
  • In subkey: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\
    Sets value: "DhcpNameServer"
    With data: "82.163.143.144,82.163.142.146"
  • In subkey: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\
    Sets value: "NameServer"
    With data: "82.163.143.144,82.163.142.146"

Creates scheduled tasks without your consent


This threat also adds a scheduled task to ensure it is always running.





Analysis by: Jody Koo

Last update 15 December 2016

 

TOP