Home / malware BrowserModifier:Win32/NavExcel
First posted on 26 February 2019.
Source: MicrosoftAliases :
BrowserModifier:Win32/NavExcel is also known as not-a-virus:AdWare.Win32.NavExcel.h, W32/NavExcel.EF, Adware/NavHelper, NavExcel Search Toolbar, SecurityRisk.NavHelper, Adware_.79F13464.
Explanation :
BrowserModifier:Win32/NavExcel is an application that installs an Internet Explorer Browser Helper Object (BHO) or plug-in. It allows a user to conduct searches by typing keywords directly into the browser's address bar. It may also install its own search toolbar. Win32/NavExcel checks for updates for itself. It may send information about the system to a certain Web site without the user's knowledge. InstallationBrowserModifier:Win32/NavExcel may arrive bundled with other applications. When executed, it may create the following folders and files: %ProgramFiles%Navexcel search toolbarfile0001
%ProgramFiles%Navexcel search toolbarfile0001.lzc
%ProgramFiles%Navexcel search toolbarNavexcelbar.dll
%ProgramFiles%Navexcel search toolbarsettings.dat %ProgramFiles%NavexcelNavhelperv1.0
helper.dll
%ProgramFiles%NavexcelNavhelperv1.0
helper.htm
%ProgramFiles%NavexcelNavhelperv1.0
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv1.0
hupdater.exe
%ProgramFiles%NavexcelNavhelperv1.0v1.cab %ProgramFiles%NavexcelNavhelperv2.0.2
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.2
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.2
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.2
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.2v2.0.2.cab %ProgramFiles%NavexcelNavhelperv2.0.3
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.3
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.3
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.3
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.3v2.0.3.cab %ProgramFiles%NavexcelNavhelperv2.0.4
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.4
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.4
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.4
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.4v2.0.4.cab %ProgramFiles%NavexcelNavhelperv2.0.4a
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.4a
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.4a
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.4a
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.4av2.0.4a.cab %ProgramFiles%NavexcelNavhelperv2.0.4b
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.4b
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.4b
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.4b
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.4bv2.0.4b.cab %ProgramFiles%NavexcelNavhelperv2.0.4c
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.4c
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.4c
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.4c
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.4cv2.0.4c.cab %ProgramFiles%NavexcelNavhelperv2.0.4d
avapp.exe
%ProgramFiles%NavexcelNavhelperv2.0.4d
helper.dll
%ProgramFiles%NavexcelNavhelperv2.0.4d
helper.htm
%ProgramFiles%NavexcelNavhelperv2.0.4d
huninstaller.exe
%ProgramFiles%NavexcelNavhelperv2.0.4d
hupdater.exe
%ProgramFiles%NavexcelNavhelperv2.0.4dv2.0.4d.cab BrowserModifier:Win32/NavExcel may also add the following registry entries and subkeys as part of its installation routine: Adds subkeys:
HKLMSOFTWARENavExcelNavHelper
HKLMSOFTWAREClassesAppIDNHelper.DLL
HKLMSOFTWAREClassesNavExcel.NavHelper
HKLMSOFTWAREClassesNavExcel.NavHelperCLSID
HKLMSOFTWAREClassesAppID{710BCB5B-8C6C-483E-A4F5-FAF083B13184}
HKLMSOFTWAREClassesCLSID{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKLMSOFTWAREClassesInterface{20F36AF3-3486-4BB6-8BCB-F1F8ABE74D07}
HKLMSOFTWAREClassesTypeLib{FA4DE133-D3C3-4ED4-92D1-CD4DDE839AB3} Adds value: "DisplayName"
With data: "Navhelper"
To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallNavHelper Analysis by Jireh SanicoLast update 26 February 2019
