• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware
Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

BHO malware used IE vulnerability for install

Myantispyware team March 26, 2006    

BHO malware used IE vulnerability for install. Sans reported

There are several sites that have been compromised and now contain the exploit code. These sites all run the exploit code and get a file called ca.exe which in turn gets a file called calc.exe and installs it. It is calc.exe that we want to focus on briefly.

This malware installs a dll that is used as a Browser Helper Object (BHO) and also runscopies itself to directory you see below as nm32.exe and runs as a process. The malware creates the following on install:

C:\WINNT\fyt\mn32.dll
C:\WINNT\fyt\nm32.exe
C:\WINNT\fyt\~ipcfg636
C:\WINNT\fyt\~start636
C:\WINNT\fyt\~tmp636
C:\WINNT\fyt\~view636

It also creates one called sub.txt when you surf the internet and records everything that it can about where you surf and do and any information.

Anyway, please keep your eyes and ears open for any new sites exploiting this vulnerability!

Don`t forget, you can block vulnerability, only disable Active Scripting support.

Exploits & Vulnerabilities

 Previous Post

How to remove SpywareQuake

Next Post 

How to disable Active Scripting support

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Brain Defender Review: Scam or Legit? What You Need to Know
scam alert
1AiD5twYNrWwEtN96YSA1CQ1CHzTkJXeAv Bitcoin Email Scam
HTC NE20 Bluetooth 5.4 Earphones Reviews, Scam or Legit, Uncovering the Truth!
Shape Burn Review, Scam or Legit? What You Need to Know
Pegasus Digital Income System Review, 3-step Phone Trick Scam

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to reset Internet Explorer settings to default
Best free malware removal tools
Best Free Malware Removal Tools 2025
search.yahoo.com
Remove Search.yahoo.com Redirect Virus ✅ (Quick & Easy) in 2024
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Guides

How to remove SpywareQuake
New rogue anti spyware Spyware Quake
100 confirmed sites now using the IE vulnerability
RealNetworks Products Multiple Buffer Overflow Vulnerabilities
New Internet Explorer vulnerability

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.