Home / malware SoftwareBundler:Win32/Qiwmonk
First posted on 24 September 2016.
Source: MicrosoftAliases :
There are no other names known for SoftwareBundler:Win32/Qiwmonk.
Explanation :
Installation
This program is a software bundler that installs unwanted software on your PC at the same time as the software you are trying to install.
Payload
Installs unwanted software
This threat can be installed on your PC when you download other software from third-party websites. We usually see it arrive purporting to be installers for software that would otherwise need to be paid for. For example, some of the file names we see it arrive as include:
- Microsoft Office 2010 官方简体ä¸æ–‡ç‰ˆ_54@64361.exe
- 360safe+105720+n32542bff9_8100000379737067280.exe
- 全国计算机ç‰çº§è€ƒè¯•å…¨çœŸæ¨¡æ‹Ÿè€ƒè¯•è½¯ä»¶_一级计算机基础åŠMSOffice应用_1@8850.exe
- PS+CS6@25_40856.exe
- WPS PowerPoint 2014 PPT 简体ä¸æ–‡å…费完整版_54@85416.exe
When these installers are run, they will offer to install additional programs and modify your browser settings.
Modifies your browser settings without your consent
This threat will modify your browser shortcuts to include a command-line argument to override your browser homepage choice. For example, it will modify your Internet Explorer browser shortcuts to append the following website to the command, which overrides your homepage configuration:
- “iexplorer.exe” https://hao.360.cn/?src=lm?ls=
For example, if you examine the properties of your browser shortcuts on your desktop or pinned to your task bar it may look like the following:
Analysis by Geoff McDonaldLast update 24 September 2016
