Security Hijack
Security Hijack is a browser hijacker that spread via rogueware such as My Security Shield and System Security. Security Hijack is especially designed to redirect a user to malicious websites even after removing the rogueware. Use a good malware removal tool to remove Security Hijack and associated threats.
File System Modifications
- The following files were created in the system:
# File Name 1 C:\Documents and Settings\[user]\Application Data\Dyfew\esemy.exe 2 C:\Documents and Settings\[user]\Application Data\Idviav\ogbi.exe 3 C:\Documents and Settings\[user]\Application Data\Microsoft\svchost.exe 4 C:\Documents and Settings\[user]\Application Data\Microsoft\Windows\shell.exe 5 C:\Documents and Settings\[user]\Local Settings\Temp\A3.exe 6 C:\Documents and Settings\[user]\Local Settings\Temp\dwm.exe 7 C:\Program Files\Microsoft\desktoplayer.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6535dce2-510c-5dd2-ae57-6353a36483c5}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{742ea7b6-7ef3-d456-3ddc-7c98e4890659}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.