Elvdeng
Win32/Elvdeng.D is just one component of the browser hijacker Trojan Elvdeng. Win32/Elvdeng.D will indulge in typical browser hijacker behavior like creating pop-ups and changing your homepage, and may also place website shortcuts on your desktop. Win32/Elvdeng.D can attack many different popular and less popular browsers and infect native memory processes to avoid being detected. If you suspect that you have Win32/Elvdeng.D or one of Elvdeng's other components on your PC, waste no time in rebooting in Safe Mode and using appropriate anti-virus software.
Recognizing a Win32/Elvdeng.D Threat to Your PC
As a Trojan, Win32/Elvdeng.D will attempt to infect your PC without your realizing it; disabling scripts and keeping your web browser updated will help reduce possible Win32/Elvdeng.D attack vectors. Win32/Elvdeng.D and various components related to it may also be detected by other names depending on which anti-virus software you use to detect Win32/Elvdeng.D:
- Win32/Elvdeng.A
- Win32/Elvdeng.B
- Win32/Elvdeng.C
- Trojan.Win32.Generic.1277302B
- Backdoor.Agent.AAVE
- Trojan-Clicker.Win32.Agent.rug
- Trojan horse Clicker.AOPD
- TR/Click.Agent.rug.18
The most noticeable sign of a Win32/Elvdeng.D infection is the presence of a taobao.ico icon file on your desktop; 'Taobao' is a Chinese online shopping network (but not necessarily the website the icon is a shortcut for). Win32/Elvdeng.D may also create other shortcuts that you should avoid clicking on, since these shortcuts are very likely to direct you to malicious websites. Websites are also likely to be Chinese, like the xiazai189.com domain that's known to be affiliated with Win32/Elvdeng.D.
How Win32/Elvdeng.D Rips Control of Your Browser Away from You
Win32/Elvdeng.D will also engage in sophisticated browser hijacks that are accomplished by corrupting the Windows Registry. Additional commands entered into the Registry let Win32/Elvdeng.D launch itself whenever you use a popular web browser. Known web browsers that are vulnerable to Win32/Elvdeng.D attacks include popular applications like Internet Explorer, Chrome, Opera and Firefox, as well as more obscure ones like TheWorld, Maxthon and TTraveler.
Further Registry alterations will cause these browsers to display the homepage that Win32/Elvdeng.D is set to redirect you towards, regardless of what your homepage settings are within the browser itself. Although it's possible to remove these Registry entries manually, this isn't recommended except when all other methods fail, given the likelihood of Registry damage causing serious OS malfunctions.
To stop Win32/Elvdeng.D attacks and remove Win32/Elvdeng.D from your PC, reboot into Safe Mode, boot your OS from an external source, or reboot using a separately-installed OS. This will avoid the Registry entries that hook Win32/Elvdeng.D into your native processes, which will let you use your web browser and anti-virus programs to remove Win32/Elvdeng.D without hindrance.
Keeping updated software is critical to protect yourself from Win32/Elvdeng.D since Win32/Elvdeng.D was identified as a recent threat in May 2011.
File System Modifications
- The following files were created in the system:
# File Name 1 config.ini 2 hook.dll 3 scvhost.exe 4 sstatic.exe 5 sysinit.exe 6 taobao.ico 7 uninstall.dat 8 uninstall.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}Explorer\HKEY_LOCAL_MACHINE\SOFTWARE\ClassesHKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\SearchQUIEHelper.DNSGuardHKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.