Home / malwarePDF  

TrojanDropper:Win32/Helpeq.A


First posted on 18 January 2010.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Helpeq.A is also known as Trojan-Dropper.Win32.Agent.axgy (Kaspersky), Trojan.DR.Agent.NLBQ (VirusBuster), Trojan horse BHO.JFG (AVG), TR/BHO.vqo.1 (Avira), Trojan.PWS.FtpSpy.10 (Dr.Web), Win32/TrojanDropper.Agent.OFY (ESET), Trojan-Dropper.Agent (Ikarus), Trojan-Dropper.Win32.Agent.axgy (Kaspersky), Downloader-CAH (McAfee), Trojan.Clicker.Win32.Agent.erx (Rising AV), TROJ_DRPR.AH (Trend Micro).

Explanation :

TrojanDropper:Win32/Helpeq.A is a trojan that drops and installs a malicious Browser Helper Object (BHO), which redirects users into different search Web site results and advertisements.
Top

TrojanDropper:Win32/Helpeq.A is a trojan that drops and installs a malicious Browser Helper Object (BHO), which redirects users into different search Web site results and advertisements. Payload Drops and installs other malwareTrojanDropper:Win32/Helpeq.A drops the following files into the Windows system folder: xter.tlg QQDoctor.dll - detected as TrojanDownloader:Win32/Troxen!rts It then registers its dropped DLL file as a BHO (Browser Helper Object) by adding the following registry subkeys and their associated entries: Adds subkeys:
HKCR\CLSID\{562A7EC2-F862-463C-B06A-36969DCCFD2A}
HKLM\SOFTWARE\Classes\CLSID\{562A7EC2-F862-463C-B06A-36969DCCFD2A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{562A7EC2-F862-463C-B06A-36969DCCFD2A} The dropped DLL file may redirect users to the following Web sites, which may contain bogus search results and advertisements: 7797.net snsv.com valq.org

Analysis by Jireh Sanico

Last update 18 January 2010

 

TOP