Exploit.winamp.pls
Winamp 5.12, a popular media player, has a critical vulnerability, which can be utilized by the Exploit.winamp.pls exploit. This threat installs widely spread spywares including SpySheriff and a variant of the CoolWebSearch hijacker to the compromised computer. The following manual removal instructions should be used in order to eliminate the spywares that Exploit.winamp.pls drops. To prevent the infection update to Winamp 5.13, which includes a fix for the vulnerability.
File System Modifications
- The following files were created in the system:
# File Name 1 [X1]32.exe 2 [X2].tmp.exe 3 [X3]32.dll 4 addas32.exe 5 atlya32.exe 6 desktop.html 7 f2install.exe 8 iepn32.exe 9 iesecurity.dll 10 javaee32.exe 11 mfcsp32.exe 12 netef32.exe 13 netrl.exe 14 ntbe.exe 15 ntxo32.exe 16 procmon.dll 17 sdkuk32.exe 18 spysheriff.exe 19 wallpaper.html 20 winstall.exe 21 x.pls
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSNInstallHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSpySheriffHKEY_CURRENT_USERSoftwareSpySheriffHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpySheriff - The following CLSID's were detected:
HKEY..\..\{CLSID Path}9CB4CE93-8CC7-9E03-1037-2DD837E3A52E7C43E35C-A398-7C5F-B1BA-7E87073BE150202B0EFD-2CB9-039B-2B11-A3579D6D56A3
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.