Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
CoolWebSearch.f0r0r Trojan Information

Name: CoolWebSearch.f0r0r
Category: Trojan
Advice: Remove
Risk: Severe Risk Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: f0r0r is a trojan horse that is usually hard to remove manually.

Infected computers tend to have their browser hijacked - usually to a site like: http://ssearch.biz/?wmid=1010

Also slow internet connections can be expected, interuppted browsing, and the loss of use of the back button in internet explorer.


A sign of infection is ppi.exe and dirote.exe running in the Task Manager's process list. The "%System%f0r0r" is an invisible folder that stayed invisible even when configuring the system to show hidden and system files. The directory could be viewed when booting the computer with a Linux start-up CD.

f0r0r is protected by an open source NT rootkit called Hacker Defender. Hacker Defender installs a device driver which hooks the Windows API. It allows it to hide a directory with a particular name while allowing files to exist there, hide open ports from a port scanner while allowing connections to and from that port, hide processes in memory from process managers along with other cute tricks.
Signatures: process: repcale.exe: MD5 Hash: c1612c37e650458837f... process: redroses.exe: MD5 Hash: 4f9957064ab54ac897a..
Type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.



Top Trojan Visited Pages:
Tro.Downloader.loadadv - 411 visits
Enable Regedit - 195 visits
Java.ClassLoader.Dummy.d - 187 visits
Trojan.BankerSpy - 179 visits
RBot.steam - 86 visits
Startup.NameShifter.Xgtray - 77 visits
Tro.Bagle.SP - 59 visits
LRPatch Trojan - 58 visits
Trojan.BHO.NameShifter.EZ - 55 visits
Tro.YourStartingPage - 54 visits

Random Trojan Pages:
Winny - Alias: Winny MFC
Tmp.UnspecifiedTrojans.02
Tro.Vcodec
Trojan.ANSI.Deloss
Trojan.BHO.NameShifter.AY
Magic Attachment
Win95.CIH - Alias: W32/CIH.1003.A
Parody Trojan - Alias: Bat/fro.dr, Trojan.Win32.Parody
Sentinel.5402 - Alias: Backdoor.Optix.Pro.11, HLL.DPOG.kit
Trojan.BHO.NameShifter.HM


 

© 2006-2008 spyware32.com - Privacy Policy