Home / malware Trojan:Win32/Tracur.J
First posted on 13 April 2012.
Source: MicrosoftAliases :
Trojan:Win32/Tracur.J is also known as Trojan-Downloader.Win32.Agent.cyjk (Kaspersky), Downloader.Agent2.QBZ (AVG), TR/Dldr.Agent.cyjk (Avira), Win32/Kryptik.BIR (ESET).
Explanation :
Trojan:Win32/Tracur.J is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files.
Top
Trojan:Win32/Tracur.J is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files. InstallationWhen executed, Trojan:Win32/Tracur.J creates the following registry subkeys to register itself as a Browser Helper Object (BHO):If Firefox is installed in the system, Trojan:Win32/Tracur.J also installs itself as a Firefox extension by replacing the following files: %APPDATA%\Mozilla\Firefox\Profiles\install.rdf
- HKCR\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{061023E0-6DE2-430F-BA3B-C794A883CBF0}
- HKCR\CLSID\{061023E0-6DE2-430F-BA3B-C794A883CBF0}\InprocServer32\
%APPDATA%\Mozilla\Firefox\Profiles\chrome\xulcache.jar
%APPDATA%\Mozilla\Firefox\Profiles\chrome\chrome.manifest Payload Redirects user searches Trojan:Win32/Tracur.J redirects searches when the following engines are used:Searches to these sites are redirected to the IP address "69.31.80.182", which may contain other malware. As of this writing, the IP address is unavailable.
- AOL
- Ask
- Bing
- Yahoo!
Analysis by Tim LiuLast update 13 April 2012
