Characteristics of the Trojan Brojack Virus
Trojan Brojack is a virus that can infect your computer through e-mail attachments, peer-to-peer file sharing networks or when visiting certain websites. Although not extremely dangerous this virus can still slow down performance of your computer, change registry entries, create new files, run and end system processes.
Other People Are Reading
-
Browser Hijacking
-
The first sign of the infection is browser hijacking, meaning that your browser's homepage is changed and you are redirected to websites that promote rogue anti-spyware products. Usually they offer a free computer scan and find numerous virus infections. However, both the scan and the "found" viruses are a scam luring your into buying a fake.
The virus can also monitor and track your browsing habits.
Pop-ups and Notifications
-
Another sign of the Trojan Brojack's presence on your PC might be the numerous pop-ups and notifications that inform you of spyware presence on your computer and offer a free scan. Once you agree to the scan the virus "finds" infection and tries to get you to buy an anti-spyware product, which is rogue, since the alerts and the found viruses are fake.
-
System Processes
-
This virus creates it's own system process, but also tries to end processes that contain the following: googletoolbarnotifier, googleupdater, searchprotection and ytbb.
Registry Entries
-
Trojan Brojack virus creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr
HKEY_CLASSES_ROOT\CLSID\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}
HKEY_CLASSES_ROOT\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKEY_CLASSES_ROOT\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKEY_CLASSES_ROOT\e405.e405mgr.1
HKEY_CLASSES_ROOT\e405.e405mgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}The virus also modifies these entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\"SearchURL" = "http://internetsearchservice.com"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" = "http://internetsearchservice.com"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Bar" = "http://internetsearchservice.com/ie6.html"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"SearchMigrated" = "00000001"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"SearchMigratedDefaultName" = "Search"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"SearchMigratedDefaultURL" = "http://internetsearchservice.com/search?q=[SEARCH TERMS]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" = "http://internetsearchservice.com"
New Files
-
Once the trojan infects your system it creates the following files:
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.js
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.xul
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\request.js
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\web_progress.js
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome.manifest
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\defaults\preferences\main.js
%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\install.rdf
%System%\[RANDOM NUMBER]\[RANDOM NUMBER].dll
Tracking of Browsing Habits
-
Trojan Brojack also creates the following extension: sotfone-tracker@sotfone.ru, that tracks all of the visited website links in your browser and then sends this information back to the developer.
-
