 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top 25 Spyware:
Glossary Latest Detections  |
 |
Trojan/Adware/Homepage Hijacker/DelFin Media ViewerAlias: Adware/DelFinMedia, DelFin Media Viewer
Description: An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data. When this program executes, the program performs a specific set of actions, usually working toward the goal of allowing the trojan to survive on a system and open up a backdoor. Threat type: Adware - Adware is a software application which displays advertisements on your computer. Advertisements can be displayed through pop-up / pop-under windows, additional bars or toolbars, underlined links or buttons that appear on a computer screen. Adware applications include additional code that delivers the ads. Adware authors earn money when users click on those ads. Occasionally, adware includes code that tracks user's site visits and passes it to third parties without the user's permission or knowledge. Homepage Hijacker - A Homepage Hijacker is a software application that takes control over your browser's settings. Usually it changes your home page and redirects it to some other site or modifies your search settings. It prevents you to change browser's settings. In such hijacks, your browser may operate normally, but be much slower. Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy. Detection: SpyNoMore detects Trojan/Adware/Homepage Hijacker/DelFin Media Viewer: Yes Threat risk: High Risk  Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans. Symptoms:
Running Process Signatures: N/A File Signatures: %WINDOWS%\system32\vmss\vmss.exe %WINDOWS%\windows\system32\wsxsvc\wsxsvc.exe %WINDOWS%\windows\system32\wsxsvc\uninstall.html %PROGRAM_FILES%\common files\remove_tools.html %WINDOWS%\windows\system32\wsxsvc\wsx.dll %PROFILE%\application data\picsvr\picsvr.inf %WINDOWS%\windows\system32\wsxsvc\wsx.ocx %WINDOWS%\windows\system32\vmss\vmss.exe %DESKTOPDIRECTORY%\wtsdfi.exe %WINDOWS%\system32\delfin.dll Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: %WINDOWS%\system32\wsxsvc %WINDOWS%\system32\nsvsvc %PROFILE%\local settings\temp\vmstmp %PROGRAM_FILES%\delfin %PROFILE%\application data\vmss %WINDOWS%\system32\vidctrl %PROGRAM_FILES%\common files\dpi %PROFILE%\application data\vidctrl %WINDOWS%\system32\wsxsvc.exe %PROFILE%\application data\wsxs Registry Signatures: HKLM\software\microsoft\windows\currentversion\uninstall\displayutility HKCR\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839} HKLM\software\vidctrl HKLM\software\firlnin HKLM\software\pcsv HKCR\vccpgdataaccess.pgdataaccessctrl.1 HKLM\software\microsoft\windows\currentversion\uninstall\pgtools HKCU\software\mvu HKCR\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865} HKLM\software\tat HKLM\software\mvu HKLM\software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073} HKLM\software\classes\interface\{41700749-a109-4254-af13-be54011e8783} HKLM\software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} SpyNoMore Collected Residual File Signatures: N/A
| | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||
|
||||
 |
|
 | ||