Trojan . Desktop Hijacker (Summary)
Software Name: Desktop Hijacker
Company Name:
Product Name: Desktop Hijacker
Classification: Trojan
Website:
Brief:
Silenlty installed program that changes desktop wallpaper to a spyware warning message. May also download files in the background.
IMPORTANT!
Some of the Trojan.Desktop Hijacker components
are listed below. The list is compiled as a reference. The list might
not be complete and it doesn't represent instructions for manual removal.
We DO NOT recommend manual removal. Incorrect removal
of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.
If you suspect that you have an unwanted instance of Desktop Hijacker
installed on your computer we recommend a free
audit of your system with INAC Anti Spyware.
Desktop Hijacker might create following folders (and inject its files inside
the folders):
n/a
Desktop Hijacker might create following files (some of the files might be
loaded in memory while the software is running):
- %WINDOWS%\desktop.html
- %WINDOWS%\ssico.ico
- %DESKTOP%\! Protect Your Data.url
- %FAVORITES%\! Smart Security.url
- %PROFILE%\Recent\! Smart Security.url
- %STARTMENU%\! Secure Yourself.url
- %SYSTEMDRIVE%\r.exe
- %SYSTEM%\spoolsrv32.exe
- %SYSTEM%\srpcsrv32.dll
- %SYSTEM%\txfdb32.dll
- %WINDOWS%\Web\desktop.html
- %WINDOWS%\popup.html
- %WINDOWS%\screen.html
- %SYSTEM%\hookdump.exe
- %SYSTEMDRIVE%\secure32.html
- %system%\intell321.exe
Desktop Hijacker is often accompanied by the following tracking cookies:
n/a
Desktop Hijacker might create following registry keys (and inject subkeys
and values):
n/a
Desktop Hijacker might create following registry values:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Srv32 spool service
- HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\RunOnce|Srv32 spool service
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tbi
- HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Run|Tbi
- HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Run|Intel system tool
Desktop Hijacker might create registry values with following data:
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|Source|*\desktop.html
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|SubscribedURL|*\desktop.html
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|FriendlyName|security
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|CurrentState|1073741825
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|Flags|24578
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|*|*\WINDOWS\screen.html
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|*|Security info*
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|*|Security info*
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|CurrentState|1073741825
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|Flags|24578
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|FriendlyName|security
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|Source|*\desktop.html
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components{RD_DISPLAY}|SubscribedURL|*\desktop.html
- HKEY_USERS\*\Software\Microsoft\Internet Explorer\Desktop\Components|*|*\WINDOWS\screen.html
Desktop Hijacker might insert following entries in the HOSTS file:
n/a
Click
here to scan your computer for Desktop Hijacker free of charge
|
