F-Secure
Tools
Trojan-Downloader:W32/ConHook.APX
| Name : | Trojan-Downloader:W32/ConHook.APX |
| Detection Names : |
Trojan-Downloader.Win32.ConHook.apx |
| Size: | 132096 |
| Category: | Malware |
| Type: | Trojan-Downloader |
| Platform: | W32 |
Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Details
Network Connections
Attempts to connect to:
• http://65.243.103.56/go/
• http://65.243.103.60/go/
• http://65.243.103.62/go/
• http://89.188.16.10/go/
• http://89.188.16.16/go/
• http://24.244.171.110/redirect/[...].php
Registry Modifications
Creates these keys:
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
• HKCR\CLSID\...\InprocServer32
Additional Details
Trojan-Downloader:W32/ConHook.APX captures keywords from searches and creates relevant popup windows and ads.
It may attempt to use its outbound connections to download additional malicious programs, or to send information.
ConHook.APX targets Web searches made on the following sites:
Trojan-Downloader.Win32.ConHook.apx is a component of Virtumonde.
Virtumonde (also known as Vundo) is adware that is heavily used to promote "rogue" applications.
See the Virtumonde description and the Rogue antispyware description for additional details.
It may attempt to use its outbound connections to download additional malicious programs, or to send information.
ConHook.APX targets Web searches made on the following sites:
• 7search.com
• alexa.com
• alltheweb.com
• ask.com/
• bbc.co.uk
• comcast.net
• destinationadult.com
• excite.co.jp
• findsearch.net
• gigablast.com
• goguides.org
• google
• hotbot.com
• infoseek.co.jp
• instafinder.com
• jayde.com
• kanoodle.com
• lb1.netster.com
• live.com
• lycos
• mamma.com
• mirago.co.uk
• mysearch.myway.com
• mywebsearch.com
• neon.org.uk
• netster.com
• query.nytimes.com
• recherche.aol.fr
• reference.com
• s.teoma.com
• search.about.com
• search.aol
• search.daum.net
• search.dmoz.org
• search.earthlink.net
• search.looksmart.com
• search.msn
• search.netscape.com
• search.netzero.net
• search.sympatico.msn.ca
• search.wanadoo.co.uk
• search.xtramsn.co.nz
• searchmiracle.com
• sensis.com.au
• uk.searchengine.com
• url.searchuk.com
• usseek.com
• vivisimo.com
• web altavista.com
• web.ask
• websearch.com
• wesearchall.com
• www.excite.co.jp
• yahoo
Trojan-Downloader.Win32.ConHook.apx is a component of Virtumonde.
Virtumonde (also known as Vundo) is adware that is heavily used to promote "rogue" applications.
See the Virtumonde description and the Rogue antispyware description for additional details.