|
Xrenoder Browser Plug-in Information
| Name: |
Xrenoder |
| Category: |
Browser Plug-in |
| Advice: |
Remove |
| Risk: |
Moderate Risk
Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. |
| Description:
|
Xrenoder is a multi faceted Trojan. It is an Internet Explorer-Toolbar, homepage and search hijacker which resets your browser's home page and search settings to point to other affiliate sites. Xrenoder also displays pornographic popup ads.
Xrenoder hijacks your search settings. It diverts your browser to search.xrenoder.com instead of the default auto.search.msn.com. It also displays pornographic ads. In addition, Xrenoder modifies hosts files to redirect searches to search.xrenoder.com and also changes the Internet Explorer homepage.
Xrenoder exists in the form of two variants.
ISTbar/AUpdate installs a TinyBar variant to implement its toolbar. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server.
ISTbar/XXXToolbar is an update based around porn. It uses its own toolbar code. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com. It installs other pests into your computer. Both variants install porn pop-up producer RapidBlaster/lp.
The AUpdate variant of Xrenoder is also known to install DownloadPlus and is known as SearchBarCash-Hijacker. The XXXToolbar variant opens pop-ups as directed by its controlling server. In AUpdate, the TinyBar component could be used to open pop-ups in the future.
Xrenoder is installed by ActiveX drive-by download on affiliate sites, typically porn advertisements. At least ISTbar/AUpdate is known to install using aggressive JavaScript (opening an error and retrying if you refuse the ActiveX download).
|
| Signatures:
|
process: adult_chat.exe: MD5 Hash: db53a2cd5b771a88f05...
process: istsvc.exe: MD5 Hash: b1b85898e8329b4397e...
process: istsvc[1].exe: MD5 Hash: 9c855da8adaf3d87497...
process: adult_chat.exe: MD5 Hash: .. |
| Type: |
Browser Plug-in - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well. |
Top Browser Plug-in Visited Pages:
3721.com Chinese Keywords - Alias: 3721.com Chinese Keywords browser Spyware - 75 visits
Sexxxpassport Plug-in - Alias: Sexxxpassport.com, SEXXXPASSPORT - 52 visits
FavoriteMan - Alias: TrojanDownloader.Win32.Rameh, Windows Help 4 Smart Browsing, F1Organizer, ATPartners - 43 visits
Netster SmartBrowse - Alias: Netster SmartBrowse Toolbar - 40 visits
MapQuest Toolbar - 39 visits
My Way Speedbar - Alias: MyWayToolbar, MyWay Search Bar - 39 visits
Trojan.BHO.NameShifter.T - 36 visits
Kugoo - 35 visits
EZSearch - Alias: ezSearching, ctavp - 34 visits
Esyndicate - Alias: Esyndicate.BHO - 32 visits
Random Browser Plug-in Pages:
BrowserAid.LetsSearch
ANWB Toolbar
AdultLinks.QBar - Alias: QaBar, QuickBar, QcBar
Trojan.BHO.NameShifter.O
Unclassified.Spyware.BHO.D
Give4Free - Alias: Give4Free Plugin
Quickflicks - Alias: Quickflicks Player
Search123
BrowserAid - Alias: BrowserAidToolbar, Cash Toolbar, LetsSearch, Findit Quick BrowserAid
Spyware.BHO.boln
|
