Home / malware Trojan:Win32/Tracur.M
First posted on 13 April 2012.
Source: MicrosoftAliases :
Trojan:Win32/Tracur.M is also known as Win-Trojan/Xema.variant (AhnLab), W32/BZub.EAX (Norman), Trojan-Spy.Win32.Bzub (Ikarus), Adware/BHO (Panda), Trojan.Win32.Boaxxe.F (Sunbelt Software), Trojan.Vundo (Symantec), TROJ_VUNDO.KKY (Trend Micro).
Explanation :
Trojan:Win32/Tracur.M is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files.
Top
Trojan:Win32/Tracur.M is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files. InstallationWhen executed, Trojan:Win32/Tracur.M creates the following registry subkeys to register itself as a Browser Helper Object (BHO):If Firefox is installed in the system, Trojan:Win32/Tracur.M also installs itself as a Firefox extension by replacing the following files: %APPDATA%\Mozilla\Firefox\Profiles\install.rdf
- HKCR\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69AE3232-53EF-44B0-B1E1-0821A0EE4998}
- HKCR\CLSID\{69AE3232-53EF-44B0-B1E1-0821A0EE4998}\InprocServer32\
%APPDATA%\Mozilla\Firefox\Profiles\chrome\xulcache.jar
%APPDATA%\Mozilla\Firefox\Profiles\chrome\chrome.manifest Payload Redirects user searches Trojan:Win32/Tracur.M redirects searches when the following search engines are used: AOL
Ask
Bing
Yahoo! Searches to these sites are redirected to the IP address "74.50.117.107", which may contain other malware.
Analysis by Marian RaduLast update 13 April 2012
