Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-Downloader:W32/ConHook.APX
[Summary] | [Details] | [Additional Details]

Name : Trojan-Downloader:W32/ConHook.APX
Detection Names : Trojan-Downloader.Win32.ConHook.apx
Size:132096
Type:Trojan-Downloader
Category:Malware
Platform:W32
Radar

Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Back to the Top

Details


Network Connections
Attempts to connect to:

  • http://65.243.103.56/go/
  • http://65.243.103.60/go/
  • http://65.243.103.62/go/
  • http://89.188.16.10/go/
  • http://89.188.16.16/go/
  • http://24.244.171.110/redirect/[...].php



Registry Modifications
Creates these keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  • HKCR\CLSID\...\InprocServer32
Back to the Top

Additional Details
Trojan-Downloader:W32/ConHook.APX captures keywords from searches and creates relevant popup windows and ads.

It may attempt to use its outbound connections to download additional malicious programs, or to send information.

ConHook.APX targets Web searches made on the following sites:

  • 7search.com
  • alexa.com
  • alltheweb.com
  • ask.com/
  • bbc.co.uk
  • comcast.net
  • destinationadult.com
  • excite.co.jp
  • findsearch.net
  • gigablast.com
  • goguides.org
  • google
  • hotbot.com
  • infoseek.co.jp
  • instafinder.com
  • jayde.com
  • kanoodle.com
  • lb1.netster.com
  • live.com
  • lycos
  • mamma.com
  • mirago.co.uk
  • mysearch.myway.com
  • mywebsearch.com
  • neon.org.uk
  • netster.com
  • query.nytimes.com
  • recherche.aol.fr
  • reference.com
  • s.teoma.com
  • search.about.com
  • search.aol
  • search.daum.net
  • search.dmoz.org
  • search.earthlink.net
  • search.looksmart.com
  • search.msn
  • search.netscape.com
  • search.netzero.net
  • search.sympatico.msn.ca
  • search.wanadoo.co.uk
  • search.xtramsn.co.nz
  • searchmiracle.com
  • sensis.com.au
  • uk.searchengine.com
  • url.searchuk.com
  • usseek.com
  • vivisimo.com
  • web altavista.com
  • web.ask
  • websearch.com
  • wesearchall.com
  • www.excite.co.jp
  • yahoo

Trojan-Downloader.Win32.ConHook.apx is a component of Virtumonde.

Virtumonde (also known as Vundo) is adware that is heavily used to promote "rogue" applications.

See the Virtumonde description and the Rogue antispyware description for additional details.
Back to the Top



F-Secure Corporation

Last Modified: September 16, 2008