• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › BHO malware used IE vulnerability for install

BHO malware used IE vulnerability for install

Myantispyware team March 26, 2006     No Comment    

BHO malware used IE vulnerability for install. Sans reported

There are several sites that have been compromised and now contain the exploit code. These sites all run the exploit code and get a file called ca.exe which in turn gets a file called calc.exe and installs it. It is calc.exe that we want to focus on briefly.

This malware installs a dll that is used as a Browser Helper Object (BHO) and also runscopies itself to directory you see below as nm32.exe and runs as a process. The malware creates the following on install:

C:\WINNT\fyt\mn32.dll
C:\WINNT\fyt\nm32.exe
C:\WINNT\fyt\~ipcfg636
C:\WINNT\fyt\~start636
C:\WINNT\fyt\~tmp636
C:\WINNT\fyt\~view636

It also creates one called sub.txt when you surf the internet and records everything that it can about where you surf and do and any information.

Anyway, please keep your eyes and ears open for any new sites exploiting this vulnerability!

Don`t forget, you can block vulnerability, only disable Active Scripting support.

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Lilola Recliner Scam text
Lilola Recliner Scam Text Explained
goog.uthyforemplo.xyz malicious
Track Click Crystal pop-up redirect (Virus removal guide)
Datingsecret.top Click Allow Scam
Datingsecret.top Virus Removal Guide
SaveFrom Video Downloader
Is Savefrom.net Safe? Savefrom.net Virus Removal Guide
Pharmaddscompany.com Click Allow Scam
Pharmaddscompany.com Virus Removal Guide

Follow Us

Search

Useful Guides

How to reset Mozilla Firefox (Updated Apr. 2018)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
How to reset Google Chrome settings to default
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
This setting is enforced by your administrator (Removal guide)

Recent Posts

How to remove SpywareQuake
New rogue anti spyware Spyware Quake
100 confirmed sites now using the IE vulnerability
RealNetworks Products Multiple Buffer Overflow Vulnerabilities
New Internet Explorer vulnerability

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.