|
Overview
As explained on the "guide"
page, a core group of "critical detections" was identified
and used for each round of tests. These "critical detections"
comprise a key subset of the larger collection of files and Registry
keys/values installed on the test PC.
What follows are tables summarizing the "critical detections"
used for each round of tests. See the Key
at the bottom of this page for an explanation of the symbols, colors, and
abbreviations used in these tables.
|
| "Critical"
Detections (Round 1: Oct. 2-4) |
| Unique ID |
File / Registy entry |
| 411
Ferret/ActiveSearch |
| 411F-01 |
C:\program files\411Ferret\toolbar.dll |
| 411F-02 |
HKEY_CLASSES_ROOT\BTB.IEToolbar |
| 411F-03 |
HKEY_CLASSES_ROOT\BTB.IEToolbar.1 |
| 411F-04 |
HKEY_CLASSES_ROOT\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7} |
| 411F-05 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{12F02779-6D88-4958-8AD3-83C12D86ADC7}" |
| 411F-06 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\MenuExt\&411 Ferret Toolbar search |
| 411F-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{12F02779-6D88-4958-8AD3-83C12D86ADC7}" |
| |
|
| AdRoar |
| ADR-01 |
C:\winnt\AdRoar.dll |
| ADR-02 |
HKEY_CLASSES_ROOT\AdRoar.Band |
| ADR-03 |
HKEY_CLASSES_ROOT\AdRoar.Band.1 |
| ADR-04 |
HKEY_CLASSES_ROOT\CLSID\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} |
| ADR-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} |
| ADR-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}" |
| ADR-07 |
C:\winnt\ARUpdate.exe |
| ADR-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"AdRoarUpdate" |
| |
|
| Altnet/BDE |
| ALTN-01 |
C:\program files\Altnet\Download
Manager\asmps.dll |
| ALTN-02 |
C:\program files\Altnet\Download
Manager\adm4.dll |
| ALTN-03 |
C:\program files\Altnet\Download
Manager\adm4005.exe |
| ALTN-04 |
C:\program files\Altnet\Download
Manager\admdata.dll |
| ALTN-05 |
C:\program files\Altnet\Download
Manager\admdloader.dll |
| ALTN-06 |
C:\program files\Altnet\Download
Manager\admfdi.dll |
| ALTN-07 |
C:\program files\Altnet\Download
Manager\admprog.dll |
| ALTN-08 |
C:\program files\Altnet\Download
Manager\asm.exe |
| ALTN-09 |
C:\program files\Altnet\Download
Manager\asmend.exe |
| ALTN-10 |
C:\program files\Altnet\Download
Manager\adm25.dll |
| ALTN-11 |
C:\program files\Altnet\Points
Manager\Points Manager.exe |
| ALTN-12 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"AltnetPointsManager" |
| ALTN-13 |
C:\program files\Altnet\Points
Manager\sysdetect.dll |
| |
|
| BroadcastPC
(BTV/BREG) |
| BTV-01 |
C:\program files\BTV\breg_inst.exe |
| BTV-02 |
C:\program files\BTV\btv.exe |
| BTV-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"BTV" |
| BTV-04 |
C:\program files\BTV\btvclean.exe |
| BTV-05 |
C:\program files\common files\java\breg.exe |
| BTV-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Breg" |
| |
|
| Cydoor |
| CYDR-01 |
C:\winnt\system32\cd_clint.dll |
| |
|
| Flashtrack/Flashenhancer
(XCPY/XCLEAN/XML) |
| FLTR-01 |
C:\program files\common
files\java\xclean.exe |
| FLTR-02 |
C:\program files\common files\java\Xcpy1.exe |
| FLTR-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Xcpy1" |
| FLTR-04 |
C:\program files\XML\xclean.exe |
| FLTR-05 |
C:\program files\XML\Xcpy1_inst.exe |
| FLTR-06 |
C:\program files\XML\XML.dll |
| FLTR-07 |
HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-479EA31DF969} |
| FLTR-08 |
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj |
| FLTR-09 |
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1 |
| FLTR-10 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{7CD20E91-1F31-41da-8379-479EA31DF969} |
| |
|
| Gator/GAIN/Claria |
| GATR-01 |
C:\program files\common
files\CMEII\CMEIIAPI.dll |
| GATR-02 |
C:\program files\common
files\CMEII\CMESys.exe |
| GATR-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CMESys" |
| GATR-04 |
C:\program files\common
files\CMEII\GAppMgr.dll |
| GATR-05 |
C:\program files\common
files\CMEII\GController.dll |
| GATR-06 |
C:\program files\common
files\CMEII\GDwldEng.dll |
| GATR-07 |
C:\program files\common
files\CMEII\GIocl.dll |
| GATR-08 |
C:\program files\common
files\CMEII\GIoclClient.dll |
| GATR-09 |
C:\program files\common
files\CMEII\GMTProxy.dll |
| GATR-10 |
C:\program files\common
files\CMEII\GObjs.dll |
| GATR-11 |
C:\program files\common
files\CMEII\GStore.dll |
| GATR-12 |
C:\program files\common
files\CMEII\GStoreServer.dll |
| GATR-13 |
C:\program files\common
files\CMEII\Gtools.dll |
| GATR-14 |
C:\program files\common
files\GMT\EGGCEngine.dll |
| GATR-15 |
C:\program files\common
files\GMT\egIEEngine.dll |
| GATR-16 |
C:\program files\common
files\GMT\EGIEProcess.dll |
| GATR-17 |
C:\program files\common
files\GMT\EGNSEngine.dll |
| GATR-18 |
C:\program files\common
files\GMT\GatorStubSetup.exe |
| GATR-19 |
C:\program files\common
files\GMT\GatorRes.dll |
| GATR-20 |
C:\program files\common files\GMT\GMT.exe |
| GATR-21 |
C:\Documents and
Settings\Administrator\Start Menu\Programs\Startup\GStartup.lnk |
| GATR-22 |
C:\winnt\FT1_01_0_279_GEPFAH.EXE |
| |
|
| MyWay/MyBar |
| MYWY-01 |
C:\program files\MyWay\myBar\1.bin\MY2NS.EXE |
| MYWY-02 |
C:\program files\MyWay\myBar\1.bin\MYBAR.DLL |
| MYWY-03 |
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} |
| MYWY-04 |
HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} |
| MYWY-05 |
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin |
| MYWY-06 |
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 |
| MYWY-07 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" |
| MYWY-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" |
| MYWY-09 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
"(Default)" |
| MYWY-10 |
C:\program
files\MyWay\myBar\1.bin\NPMYWAY.DLL |
| |
|
| SearchLocate/SideBar |
| SLOC-01 |
C:\program files\SearchLocate\sidebar.dll |
| SLOC-02 |
HKEY_CLASSES_ROOT\CLSID\{952EC978-4920-4F18-8237-91D69B54C580} |
| SLOC-03 |
HKEY_CLASSES_ROOT\MyToolBar.BandSidePanel |
| SLOC-04 |
HKEY_CLASSES_ROOT\MyToolBar.BandSidePanel.1 |
| SLOC-05 |
HKEY_CLASSES_ROOT\MyToolBar.TBar |
| SLOC-06 |
HKEY_CLASSES_ROOT\MyToolBar.TBar.1 |
| SLOC-07 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{952EC978-4920-4F18-8237-91D69B54C580}" |
| SLOC-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{952EC978-4920-4F18-8237-91D69B54C580}" |
| |
|
| Topsearch |
| TOPS-01 |
C:\program files\grokster\topsearch.dll |
| |
|
| TVMedia |
| TVM-01 |
C:\Documents and
Settings\administrator\application data\tvmknwrd.dll |
| TVM-02 |
C:\Documents and
Settings\administrator\application data\tvmcwrd.dll |
| TVM-03 |
C:\program files\TV Media\Tvm.exe |
| TVM-04 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"TV Media" |
| TVM-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"TV Media" |
| TVM-06 |
C:\program files\TV Media\TvmBho.dll |
| TVM-07 |
HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} |
| TVM-08 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}" |
| TVM-09 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}" |
| TVM-10 |
C:\program files\TV Media\TvmCore.dll |
| |
|
| VX2/ABetterInternet
(BELT/BI) |
| VX2A-01 |
C:\winnt\Belt.exe |
| VX2A-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Belt" |
| VX2A-03 |
C:\winnt\bi.dll |
| VX2A-04 |
HKEY_CLASSES_ROOT\CLSID\{000006B1-19B5-414A-849F-2A3C64AE6939} |
| VX2A-05 |
HKEY_CLASSES_ROOT\BiDll.BiDllObj.1 |
| VX2A-06 |
HKEY_CLASSES_ROOT\VX2.VX2Obj |
| VX2A-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939} |
| VX2A-08 |
C:\winnt\biprep.exe |
| VX2A-09 |
C:\winnt\downloaded program
files\payload2.inf |
| VX2A-10 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{20000273-8230-4DD4-BE4F-6889D1E74167} |
| |
|
| Web_CPR/TopMoxie |
| WCPR-01 |
C:\program files\Web_Cpr\disp2000.exe |
| WCPR-02 |
C:\program files\Web_Cpr\WebCpr0.exe |
| WCPR-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WebCpr0" |
| WCPR-04 |
C:\program files\Web_Cpr\WebCpr1.exe |
| |
|
| WebRebates/TopRebates |
| WEBR-01 |
C:\program files\Web_Rebates\disp1150.exe |
| WEBR-02 |
C:\program files\Web_Rebates\WebRebates0.exe |
| WEBR-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WebRebates0" |
| WEBR-04 |
C:\program files\Web_Rebates\WebRebates1.exe |
| WEBR-05 |
C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm |
| WEBR-06 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\MenuExt\Web Rebates |
| |
|
| Browser
Hijack |
| BHIJ-01 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main,Search Bar
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-02 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main,Search Page
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-03 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL
"http://www.topfivesearch.com/search.asp" |
| BHIJ-04 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL
"http://www.topfivesearch.com/search.asp" |
| BHIJ-05 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,Search Bar
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-06 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,Search Page
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-07 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search,(Default) "websearch.drsnsrch.com/q.cgi?q=" |
| BHIJ-08 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search,SearchAssistant
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-09 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch
"http://websearch.drsnsrch.com/sidesearch.cgi?id=" |
| BHIJ-10 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search,(Default) "websearch.drsnsrch.com/q.cgi?q=" |
| |
|
| Misc/Unknown |
| MISC-01 |
C:\winnt\smdat32m.sys |
| MISC-02 |
C:\winnt\smdat32a.sys |
| MISC-03 |
C:\winnt\SysRen.exe |
| MISC-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Sys Ren" |
| MISC-05 |
C:\winnt\wast2.exe |
| MISC-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Wast" |
| MISC-07 |
C:\winnt\system32\fwtukoog.exe |
| MISC-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ggvjttxfl" |
|
Return
to top...
|
| "Critical"
Detections (Round 2: Oct. 8-9) |
| Unique ID |
File / Registy entry |
| 180Solutions/nCase |
| 180S-01 |
C:\WINNT\salm.exe |
| 180S-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"salm" |
| 180S-03 |
C:\WINNT\salmbundle.exe |
| 180S-04 |
C:\WINNT\salmhook.dll |
| 180S-05 |
C:\WINNT\system32\180.dll |
| |
|
| Bargain Buddy |
| BARG-01 |
C:\Program Files\Bargain Buddy\bin\apuc.dll |
| BARG-02 |
C:\Program Files\Bargain Buddy\bin\bargains.exe |
| BARG-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Bargains" |
| BARG-04 |
C:\Program Files\Bargain Buddy\bin\cb.exe |
| BARG-05 |
C:\WINNT\bargain3.exe |
| BARG-06 |
C:\WINNT\dwcg2.exe |
| |
|
| Bundleware |
| BUND-01 |
C:\WINNT\Downloaded Program Files\BM2.dll |
| BUND-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} |
| |
|
| ClipGenie |
| CLIP-01 |
C:\WINNT\clipg.exe |
| |
|
| Downloadware/Network
Essentials |
| DOWN-01 |
C:\Program Files\DownloadWare\dw.exe |
| DOWN-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"DownloadWare" |
| DOWN-03 |
C:\Program Files\DownloadWare\Temp\rh.exe |
| |
|
| FunWeb/SmileyCentral |
| FUNW-01 |
C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf" |
| FUNW-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} |
| |
|
| GAIN DashBar |
| GAIN-01 |
C:\Program Files\DashBar\DashBar21.dll |
| GAIN-02 |
HKEY_CLASSES_ROOT\CLSID\{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} |
| GAIN-03 |
HKEY_CLASSES_ROOT\DashBarToolbar.SearchScoutBandObj |
| GAIN-04 |
HKEY_CLASSES_ROOT\DashBarToolbar.SearchScoutBandObj.1 |
| GAIN-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}" |
| GAIN-06 |
C:\Program Files\DashBar\DbAu.exe |
| |
|
| IBIS
Toolbar/Websearch |
| IBWS-01 |
C:\Program Files\Toolbar\common.dll |
| IBWS-02 |
C:\Program Files\Toolbar\IExploreSkins.exe |
| IBWS-03 |
C:\Program Files\Toolbar\PIB.exe |
| IBWS-04 |
C:\Program Files\Toolbar\TBPS.exe |
| IBWS-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"TBPS" |
| IBWS-06 |
C:\Program Files\Toolbar\toolbar.dll |
| IBWS-07 |
HKEY_CLASSES_ROOT\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} |
| IBWS-08 |
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\tpro |
| IBWS-09 |
HKEY_CLASSES_ROOT\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} |
| IBWS-10 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972} |
| IBWS-11 |
HKEY_CLASSES_ROOT\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} |
| IBWS-12 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{339BB23F-A864-48C0-A59F-29EA915965EC}" |
| IBWS-13 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{339BB23F-A864-48C0-A59F-29EA915965EC}" |
| IBWS-14 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} |
| |
|
| IBIS Toolbar/WinTools |
| IBWT-01 |
C:\Program Files\Common Files\WinTools\WSup.exe |
| IBWT-02 |
C:\Program Files\Common Files\WinTools\WToolsA.exe |
| IBWT-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WinTools" |
| IBWT-04 |
C:\Program Files\Common Files\WinTools\WToolsB.dll |
| IBWT-05 |
HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} |
| IBWT-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} |
| IBWT-07 |
C:\Program Files\Common Files\WinTools\WToolsS.exe |
| |
|
| IEPlugin/IMI
Toolbar |
| IEPL-01 |
C:\WINNT\extract.exe |
| IEPL-02 |
C:\WINNT\rgrt.exe |
| IEPL-03 |
C:\WINNT\systb.dll |
| IEPL-04 |
HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} |
| IEPL-05 |
HKEY_CLASSES_ROOT\IMIToolbar.imiTool |
| IEPL-06 |
HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1 |
| IEPL-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Extensions\{A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} |
| IEPL-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}" |
| IEPL-09 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} |
| IEPL-10 |
C:\WINNT\wdskctl.exe |
| IEPL-11 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"wdskctl" |
| IEPL-12 |
C:\WINNT\wupdt.exe |
| IEPL-13 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Win Server Updt" |
| IEPL-14 |
C:\WINNT\Downloaded Program Files\default.inf |
| IEPL-15 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{556DDE35-E955-11D0-A707-000000521958} |
| |
|
| Midaddle |
| MIDL-01 |
L:\TEMP\9.exe |
| MIDL-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"9.exe" |
| MIDL-03 |
L:\TEMP\9.dll |
| |
|
| MyTotalSearchBar |
| MYTO-01 |
C:\Program Files\MyTotalSearch\bar\1.bin\F3CJPEG.dll |
| MYTO-02 |
C:\Program Files\MyTotalSearch\bar\1.bin\F3REPROX.dll |
| MYTO-03 |
C:\Program Files\MyTotalSearch\bar\1.bin\F3RESTUB.dll |
| MYTO-04 |
C:\Program Files\MyTotalSearch\bar\1.bin\F3SCRCTR.dll |
| MYTO-05 |
C:\Program Files\MyTotalSearch\bar\1.bin\F3WPHOOK.dll |
| MYTO-06 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.dll |
| MYTO-07 |
HKEY_CLASSES_ROOT\CLSID\{094176F9-BF35-4bcb-B68A-108DFB8C3825} |
| MYTO-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{094176F9-BF35-4bcb-B68A-108DFB8C3825}" |
| MYTO-09 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSHTMMU.dll |
| MYTO-10 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.exe |
| MYTO-11 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MyTotalSearch Email Plugin" |
| MYTO-12 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"MyTotalSearch Email Plugin" |
| MYTO-13 |
C:\Documents and Settings\Administrator\Start
Menu\Programs\Startup\MyTotalSearch Email Plugin.lnk |
| MYTO-14 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEPLG.dll |
| MYTO-15 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSOESTB.dll |
| MYTO-16 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSOUTCN.dll |
| MYTO-17 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSPOPST.dll |
| MYTO-18 |
C:\Program Files\MyTotalSearch\bar\1.bin\MTSSKIN.dll |
| MYTO-19 |
C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll |
| |
|
| N-Lite |
| NLIT-01 |
L:\TEMP\svcmm32.exe |
| NLIT-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"USB controller" |
| |
|
| PrecisionTime |
| PREC-01 |
C:\Program Files\PrecisionTime\PrecisionTime.exe |
| PREC-02 |
C:\Documents and Settings\Administrator\Start
Menu\Programs\Startup\PrecisionTime.lnk |
| |
|
| Recommended
HotFix/Network Essentials |
| RECH-01 |
C:\Program Files\Recommended Hotfix - 421701D\v15\RH.dll |
| RECH-02 |
C:\Program Files\Recommended Hotfix - 421701D\v15\RH.exe |
| |
|
| SearchEXE |
| SEXE-01 |
C:\Program Files\se\v11\se.exe |
| SEXE-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Search-Exe" |
| SEXE-03 |
C:\Program Files\se\v11\se.dll |
| SEXE-04 |
HKEY_CLASSES_ROOT\CLSID\{00041A26-7033-432C-94C7-6371DE343822} |
| SEXE-05 |
HKEY_CLASSES_ROOT\WebCom.WebBho |
| SEXE-06 |
HKEY_CLASSES_ROOT\WebCom.WebBho.1 |
| SEXE-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{00041A26-7033-432C-94C7-6371DE343822} |
| |
|
| Spyblocs/eBlocs |
| SPYB-01 |
C:\WINNT\system32\antispy.exe |
| SPYB-02 |
C:\Documents and Settings\Administrator\Desktop\Remove Spyware.url |
| |
|
| TVMedia |
| TVM-01 |
C:\Documents and Settings\Administrator\Application Data\tvmcwrd.dll |
| TVM-02 |
C:\Documents and Settings\Administrator\Application Data\tvmknwrd.dll |
| TVM-03 |
C:\Documents and Settings\Administrator\Application Data\tvmuknwrd.dll |
| TVM-04 |
C:\Program Files\TV Media\Tvm.exe |
| TVM-05 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TV
Media" |
| TVM-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"TV Media" |
| TVM-07 |
C:\Program Files\TV Media\TvmBho.dll |
| TVM-08 |
HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} |
| TVM-09 |
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
"{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}" |
| TVM-10 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}" |
| TVM-11 |
C:\Program Files\TV Media\TvmCore.dll |
| TVM-12 |
C:\WINNT\tvmm.exe |
| |
|
| VX2/Favoriteman |
| VX2F-01 |
C:\WINNT\system32\mmview_101.dll |
| VX2F-02 |
C:\WINNT\Downloaded Program Files\bundle_101.inf" |
| VX2F-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} |
| |
|
| VX2/Look2Me |
| VX2L-01 |
C:\WINNT\system32\3dsdpi.dll |
| VX2L-02 |
C:\WINNT\system32\*.dll (Note: randomly named copy of
3dsdpi.dll) |
| |
|
| WildMedia |
| WILD-01 |
C:\Documents and Settings\Administrator\Local Settings\Temp\JkSv7l.dll |
| WILD-02 |
HKEY_CLASSES_ROOT\CLSID\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} |
| WILD-03 |
HKEY_CLASSES_ROOT\SearchHelp |
| WILD-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} |
| WILD-05 |
C:\WINNT\addit.exe |
| WILD-06 |
L:\TEMP\WildWinTracker.exe |
| WILD-07 |
L:\TEMP\clicks.dll |
| |
|
| WhenU/SaveNow |
| WUSA-01 |
C:\Program Files\Save\Save.exe |
| WUSA-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSave" |
| WUSA-03 |
C:\winnt\downloaded program files\WUInst.inf |
| WUSA-04 |
C:\winnt\downloaded program files\WUInst.dll |
| WUSA-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} "Installer" |
| |
|
| WhenU/Search |
| WUSE-01 |
C:\Program Files\WhenUSearch\search.dll |
| WUSE-02 |
C:\Program Files\WhenUSearch\Search.exe |
| WUSE-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSearch" |
| WUSE-04 |
C:\Program Files\WhenUSearch\whse.exe |
| WUSE-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSearchWHSE" |
| |
|
| WhenU/Weathercast |
| WUWE-01 |
C:\Program Files\WeatherCast\Weather.exe |
| WUWE-02 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"WeatherCast" |
| |
|
| Browser Hijack |
| BHIJ-01 |
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Bar
"http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn" |
| BHIJ-02 |
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-03 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-04 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,SearchAssistant
"http://www.websearch.com/ie.aspx?tb_id=50038" |
| BHIJ-05 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main,CustomizeSearch
"res://C:\PROGRA~1\Toolbar\toolbar.dll/sa" |
| BHIJ-06 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar
"http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn" |
| BHIJ-07 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-08 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search,SearchAssistant
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-09 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search,SearchAssistant
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-10 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch
"http://search.ieplugin.com/search.htm" |
| BHIJ-11 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\SearchURL,(Default)
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| BHIJ-12 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\SearchURL,(Default)
"http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=" |
| |
|
| HOSTS
File Hijack |
| HOST-01 |
Hosts: 69.20.16.183 auto.search.msn.com |
| HOST-02 |
Hosts: 69.20.16.183 search.netscape.com |
| HOST-03 |
Hosts: 69.20.16.183 ieautosearch |
| |
|
| Misc/Unknown |
| MISC-01 |
C:\WINNT\system\UpdInstall.exe |
| MISC-02 |
C:\WINNT\system32\sicon.dll |
| MISC-03 |
C:\WINNT\system32\svc.dll |
| MISC-04 |
C:\WINNT\system32\sysfile.dll |
|
Return
to top...
|
| "Critical"
Detections (Round 3: Oct. 13-15) |
| Unique ID |
File / Registy entry |
| 180Solutions/nCase |
| 180S-01 |
C:\winnt\180ax.exe |
| 180S-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"180ax" |
| 180S-03 |
C:\winnt\180axhook.dll |
| 180S-04 |
C:\winnt\bohafwt.exe |
| 180S-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"bohafwt" |
| 180S-06 |
C:\winnt\system32\180.dll |
| |
|
| BlazeFind/WinSync/WindUpdates |
| BLAZ-01 |
C:\Program Files\Windows
SyncroAd\CComm.dll |
| BLAZ-02 |
C:\Program Files\Windows
SyncroAd\SyncroAd.exe |
| BLAZ-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Windows SyncroAd" |
| BLAZ-04 |
C:\Program Files\Windows
SyncroAd\WinSync.exe |
| BLAZ-05 |
C:\winnt\downloaded program
files\ActiveX.inf |
| BLAZ-06 |
C:\winnt\downloaded program
files\SyncroAdX.dll |
| BLAZ-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6 |
| |
|
| ClickAlchemy |
| CLAL-01 |
C:\winnt\alchem.exe |
| CLAL-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"alchem" |
| |
|
| Effective Brand Games Toolbar |
| EBGT-01 |
C:\Program Files\Games\tbGame.dll |
| EBGT-02 |
HKEY_CLASSES_ROOT\CLSID\{02FFC86E-283E-4FAA-95D6-ADDCA024F30A} |
| EBGT-03 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{02FFC86E-283E-4FAA-95D6-ADDCA024F30A}" |
| EBGT-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{02ffc86e-283e-4faa-95d6-addca024f30a}" |
| EBGT-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Games toolbar" |
| EBGT-06 |
C:\winnt\games.exe |
| |
|
| eZula |
| EZUL-01 |
C:\Program Files\eZula\CHCON.dll |
| EZUL-02 |
C:\Program Files\eZula\eabh.dll |
| EZUL-03 |
C:\Program Files\eZula\mmod.exe |
| EZUL-04 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"eZmmod" |
| EZUL-05 |
C:\Program Files\eZula\seng.dll |
| EZUL-06 |
C:\winnt\eZinstall.exe |
| EZUL-07 |
C:\winnt\system32\ezStub.exe |
| |
|
| FunWeb |
| FUNW-01 |
C:\winnt\downloaded program
files\f3initialsetup1.0.0.8-2.inf |
| FUNW-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} |
| |
|
| MegaSearch Toolbar |
| MEGA-01 |
C:\winnt\downloaded program
files\megasear.dll |
| MEGA-02 |
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} |
| MEGA-03 |
HKEY_CLASSES_ROOT\megasear.MEGASEAR |
| MEGA-04 |
HKEY_CLASSES_ROOT\megasear.MEGASEARMenu
Button |
| MEGA-05 |
HKEY_CLASSES_ROOT\megasear.MEGASEARToggle
Button |
| MEGA-06 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}" |
| MEGA-07 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}" |
| MEGA-08 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} |
| MEGA-09 |
C:\winnt\system32\MegasearchBarSetup.exe |
| MEGA-10 |
C:\winnt\system32\megaV2Wbr.dll |
| |
|
| My Web Search Email Plugin |
| MWSE-01 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL |
| MWSE-02 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL |
| MWSE-03 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL |
| MWSE-04 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3REPROX.DLL |
| MWSE-05 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL |
| MWSE-06 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL |
| MWSE-07 |
C:\Program
Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL |
| MWSE-08 |
C:\Program
Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL |
| MWSE-09 |
C:\Program
Files\MyWebSearch\bar\1.bin\M3SKIN.DLL |
| MWSE-10 |
C:\Program
Files\MyWebSearch\bar\1.bin\MWSBAR.DLL |
| MWSE-11 |
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} |
| MWSE-12 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" |
| MWSE-13 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" |
| MWSE-14 |
C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE |
| MWSE-15 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MyWebSearch Email Plugin" |
| MWSE-16 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"MyWebSearch Email Plugin" |
| MWSE-17 |
C:\Documents and
Settings\Administrator\Start Menu\Programs\Startup\MyWebSearch Email
Plugin.lnk |
| MWSE-18 |
C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL |
| MWSE-19 |
C:\Program
Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL |
| |
|
| MyWebSearch Search Assistant |
| MWSS-01 |
C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL |
| MWSS-02 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\MenuExt\&Search |
| |
|
| My Daily Horoscope |
| MYDH-01 |
C:\Program Files\My Daily
Horoscope\MyDailyHoroscope.exe |
| MYDH-02 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MyDailyHoroscope"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MyDailyHoroscope" |
| |
|
| N-Lite |
| NLIT-01 |
L:\TEMP\svcmm32.exe |
| NLIT-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"USB controller" |
| |
|
| ShopAtHomeSelect |
| SAHS-01 |
C:\winnt\downloaded program
files\setup.inf |
| SAHS-02 |
C:\winnt\downloaded program
files\WEBInstaller.dll |
| SAHS-03 |
C:\winnt\system32\SahAgent.exe |
| SAHS-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"SAHAgent" |
| SAHS-05 |
C:\winnt\system32\sahagent1019.exe |
| SAHS-06 |
C:\winnt\system32\SahHtml.exe |
| SAHS-07 |
C:\winnt\system32\lsp.dll |
| SAHS-08 |
[Winsock LSP Hijack] |
| |
|
| Spyblocs/eBlocs |
| SPYB-01 |
C:\winnt\system32\antispy.exe |
| SPYB-02 |
C:\Documents and
Settings\Administrator\Desktop\Remove Spyware.url |
| SPYB-03 |
C:\Documents and
Settings\Administrator\Favorites\Delete Spyware and Stop Pops!\Delete Spyware, stop pops, fix your pc!.url |
| |
|
| TopConverting |
| TOPC-01 |
C:\Program
Files\TopConverting\pacman\pacman.exe |
| TOPC-02 |
C:\winnt\updatetc.exe |
| TOPC-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"tpcupdater" |
| TOPC-04 |
C:\winnt\downloaded program
files\loader2.ocx |
| TOPC-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} |
| |
|
| Twain-Tech |
| TWTE-01 |
C:\winnt\preInsTT.exe |
| TWTE-02 |
C:\winnt\twaintec.dll |
| TWTE-03 |
HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42} |
| TWTE-04 |
HKEY_CLASSES_ROOT\twaintecDll.twaintecDllObj.1 |
| TWTE-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42} |
| TWTE-06 |
C:\winnt\system32\polall1m.exe |
| |
|
| VX2/ABetterInternet |
| VX2A-01 |
C:\winnt\downloaded program
files\lotto.inf |
| VX2A-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167} |
| VX2A-03 |
C:\winnt\system32\arcg_exe |
| |
|
| VX2/Favoriteman |
| VX2F-01 |
C:\winnt\downloaded program
files\ATPartners.inf |
| VX2F-02 |
HKEY_CLASSES_ROOT\F1.Organizer |
| VX2F-03 |
HKEY_CLASSES_ROOT\F1.Organizer.1 |
| VX2F-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA} |
| VX2F-05 |
C:\winnt\downloaded program
files\bundle_101.inf |
| VX2F-06 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} |
| VX2F-07 |
C:\winnt\system32\ATPartners.dll |
| VX2F-08 |
HKEY_CLASSES_ROOT\CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA} |
| VX2F-09 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA} |
| VX2F-10 |
C:\winnt\system32\im64.dll |
| VX2F-11 |
C:\winnt\system32\mmview_101.dll |
| VX2F-12 |
HKEY_CLASSES_ROOT\CLSID\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} |
| VX2F-13 |
HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan |
| VX2F-14 |
HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan.1 |
| VX2F-15 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} |
| |
|
| VX2/Look2Me |
| VX2L-01 |
C:\winnt\system32\adctres.dll (Note: copy
of avsetupc.dll) |
| VX2L-02 |
C:\winnt\system32\avsetupc.dll |
| |
|
| WebRebates/TopMoxie |
| WEBR-01 |
C:\Program
Files\Web_Rebates\disp1150.exe |
| WEBR-02 |
C:\Program
Files\Web_Rebates\WebRebates0.exe |
| WEBR-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WebRebates0" |
| WEBR-04 |
C:\Program
Files\Web_Rebates\WebRebates1.exe |
| WEBR-05 |
C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm |
| WEBR-06 |
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\MenuExt\Web Rebates |
| WEBR-07 |
C:\winnt\system32\WebRebates_Auto_InstallSilent.exe |
| |
|
| WinAd |
| WINA-01 |
C:\winnt\system32\ide21201.vxd |
| |
|
| WhenU/ClockSync |
| WUCS-01 |
C:\Program Files\ClockSync\Sync.exe |
| WUCS-02 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"ClockSync" |
| |
|
| WhenU/SaveNow |
| WUSA-01 |
C:\Program Files\Save\Save.exe |
| WUSA-02 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSave" |
| WUSA-03 |
C:\winnt\downloaded program
files\WUInst.dll |
| WUSA-04 |
C:\winnt\downloaded program
files\WUInst.inf |
| WUSA-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} |
| |
|
| WhenU/Search |
| WUSE-01 |
C:\Program
Files\WhenUSearch\search.dll |
| WUSE-02 |
C:\Program
Files\WhenUSearch\Search.exe |
| WUSE-03 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSearch" |
| WUSE-04 |
C:\Program Files\WhenUSearch\whse.exe |
| WUSE-05 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WhenUSearchWHSE" |
| |
|
| HOSTS File Hijack |
| HOST-01 |
Hosts: 69.20.16.183 auto.search.msn.com |
| HOST-02 |
Hosts: 69.20.16.183 search.netscape.com |
| HOST-03 |
Hosts: 69.20.16.183 ieautosearch |
| |
|
| Misc/Unknown |
| MISC-01 |
C:\winnt\VT00.exe |
| MISC-02 |
C:\winnt\system32\bdlds.dll |
| MISC-03 |
C:\winnt\system32\fwtukoog.exe |
| MISC-04 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"bjejccjptkz" |
| MISC-05 |
C:\winnt\system32\scopenr.dll |
| MISC-06 |
C:\winnt\system32\sicon.dll |
| MISC-07 |
C:\winnt\system32\svc.dll |
| MISC-08 |
C:\winnt\system32\sysfile.dll |
|
Return
to top...
|
Key:
| Symbol |
Means... |
| BLUE
|
File |
| RED |
Executable file in memory |
| GREEN |
Registry key/value |
| BLACK |
HOSTS file entry |
| FUCHSIA |
Winsock LSP hijack |
Note: for detailed information on
each detection, see the "critical"
detections section above for each group of tests.
|
|
Return
to top...
|
