Home Malware Programs Adware ESDIexplorr

ESDIexplorr

Posted: March 28, 2006

ESDIexplorr is an adware spyware that shows an excessively large amount of unsolicited pop-up advertisements. It also silently downloads from the Internet and executes arbitrary potentially malicious files. ESDIexplorr is installed by some advertising-supported software or several spywares. The threat works as an Internet Explorer add-on and therefore runs every time the user launches the web browser.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 iexplorr[XVS].dll
    2 install.exe
    3 windowsie.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREClassesIExplorr[XVS].clsDWHKEY_LOCAL_MACHINESOFTWAREClassesIExplorr[XVS].clsISHKEY_LOCAL_MACHINESOFTWAREClassesWindowsIEHKEY_LOCAL_MACHINESOFTWAREClassesWindowsIE.clsISHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWindowsIE
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}D6862A20-1DD6-11D3-BB7C-444553540000B224AFF4-0561-4B35-A91A-6F339152A48222CBCB4C-E9DF-4D25-86BC-FFDA4DF8FC061620D17D-F2B5-43BE-8ED4-6B22E321D2A3FC385F81-0109-4FA8-AAD0-53B4A9A5DD2BE41774F1-63E7-44ED-A03A-FF8422F9AFF0CBD7E8BE-0E1E-441D-B133-E26F5636CCCFB4450075-9717-43B1-BA10-4B9FD7325FD5943F44C0-44DA-40D5-98D7-9AAC4C15C6037FB04DE1-4340-4002-9D9E-3B6913AE69534B191B11-A44C-4D42-B4AC-6FCD5F61587C338F1D89-A419-4C40-96E3-C29C978A7DF622EB8F60-F99B-4E29-8376-E8BC417148FD0B60CEF5-2431-4F92-82CF-03FEE5BDC762EB6D8BAA-704A-415B-BC0A-3468BFAE924EDA3609D1-3E96-4726-A17F-30F46AE89726BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32AA76066C9-941B-4209-9D96-0AC80501100D6B12DABB-0B7C-44FA-B0B3-4BAFF37902564CEBBC6B-5CEE-4644-80CF-38980BAE93F643E2DBE5-8C8A-4519-9684-8CD7F39A514739AF31DD-EAFC-45EA-A56C-385B52E25CC02E12B523-3D4C-4FAC-9B04-0376A8F5E879236826B1-8FDB-4D3C-8F70-E154F874703D
Loading...