Home Malware Programs Browser Hijackers AHomePagePark.com/security/xp/

AHomePagePark.com/security/xp/

Posted: October 17, 2008

AHomePagePark.com/security/xp/ is a browser hijacker that promotes rogue antispyware programs such as XPAntivirus and Micro Antivirus 2009. AHomePagePark.com/security/xp/ is linked to fake Flash Activex Object error messages and spam email messages. AHomePagePark.com/security/xp/ hijacker page pops up fake warning messages to trick users into purchasing the rogue anti-spyware programs. Trojan infections such as Trojan-Downloader.Win32, Zlob and Vundo use AHomePagePark.com/security/xp/ as one of their many hijacker pages to display on a computer user's desktop.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 gtawclv.dll
    2 icmntr.exe
    3 icthis.exe
    4 ictun.exe
    5 icun.exe
    6 isfmm.exe
    7 isfmntr.exe
    8 isfun.exe
    9 msmsgs.exe
    10 nvctrl.exe
    11 pmmon.exe
    12 spwoqbmv.exe
    13 VideoAccessCodecInstall.exe
    14 xbaqktfv.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}IExplorer Security Plug-inInternet Explorer Secure Bar
Loading...