Locator

Posted: March 28, 2006

Locator is an additional Internet Explorer toolbar that provides a web search service and links to certain Internet resources. Locator changes web browser's default home and search pages without asking for user permission. Moreover, it can download from the Internet and run arbitrary files. The threat is able to silently update itself. Locator must be manually installed. It runs every time the user starts Internet Explorer.

File System Modifications

The following files were created in the system:

# File Name

1 locators.dll

2 lupdtr.exe

#	File Name
1	locators.dll
2	lupdtr.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareLocatorstoolbarToolbarHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerLocatorsToolbarHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchAssistant=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchUrl=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREClassesLocatorS.LocatorBarHKEY_LOCAL_MACHINESOFTWAREClassesLocatorS.LocatorBar.1HKEY_LOCAL_MACHINESOFTWAREClassesLocatorS.LocatorLinksHKEY_LOCAL_MACHINESOFTWAREClassesLocatorS.LocatorLinks.1HKEY_LOCAL_MACHINESOFTWAREClasseslocatorstoolbar.LOCATORSTOOLBARHKEY_LOCAL_MACHINESOFTWAREClasseslocatorstoolbar.LOCATORSTOOLBARMenuButtonHKEY_LOCAL_MACHINESOFTWAREClasseslocatorstoolbar.LOCATORSTOOLBARToggleButtonHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallLocatorsToolbar
The following CLSID's were detected:
HKEY..\..\{CLSID Path}A26ABCF0-1C8F-46e7-A67C-0489DC21B9CCB4F8E732-4793-4F90-B40A-829331861D54AB88FC82-FCDC-4062-BCC4-887F0D73EC1DE720B458-B65A-438C-9FF3-B1DF65D7DB3FE720B458-B65A-438C-9FF3-B1DF65D7DB3E4E7BD74F-2B8D-469E-92B0-A921F8D5E22F4E7BD74F-2B8D-469E-92B0-A921F8D5E22E4E7BD74F-2B8D-469E-92B0-A921F8D5E230

Locator

File System Modifications

Registry Modifications

Related Posts

Leave a Reply