Home Malware Programs Browser Hijackers IETray

IETray

Posted: March 28, 2006

IETray is a browser hijacker that changes the web browser's default search settings and sends the user to a search engine on the search-aide.com domain. If the user attempts to perform a search using different services IETray opens a pop-up message encouraging to use a specific sidebar already modified by the hijacker. The spyware runs on every Windows startup.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 csrss.exe
    2 iemsg.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTiempg.iempgobjHKEY_CLASSES_ROOTiempg.iempgobj.1HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMenuExt&DefineHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMenuExt&SearchTheWebHKEY_LOCAL_MACHINESOFTWARECLASSESiempg.iempgobjHKEY_LOCAL_MACHINESOFTWARECLASSESiempg.iempgobj.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncsrsss
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E7FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E8BD51AEC6-7991-4A60-94D6-D5FEBB655D10
Loading...