Metafisher
Metafisher is a dangerous trojan distributed through bogus e-mail messages containing malicious links. Those messages can be either in English or in Spanish. Eeach of them contains a link leading to a web page hosting the WMF exploit. Once the user clicks on such link, the web browser opens a malicious site, which secretly installs Metafisher. Once installed, the trojan starts spying on the user. It logs user passwords and web sites visited, records MSN Explorer and Outlook Express account details. Metafisher also steals Windows passwords, PC network information, mail server details and other sensitive data. Gathered information is transferred to a predetermined remote host or uploaded to a predefined FTP server. The trojan can receive commands from the remote attacker. The intruder can remove all computer files in the root of the main hard disk and destroy installed software. Metafisher is able to bypass the Windows Firewall. It works as an Internet Explorer add-on and therefore runs every time the user launches the web browser.
File System Modifications
- The following files were created in the system:
# File Name 1 1.bat 2 form.txt 3 info.txt 4 installer.exe 5 msncps.dll 6 shot.html
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControlPanelloadcompidHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControlPanelloadformwasHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControlPanelloadhttpreportHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControlPanelloadwaspopupHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListC:ProgramFilesInternetExploreriexplore.exe=C:ProgramFilesInternetExploreriexplore.exe:*:Enabled:InternetExplorerext_install - The following CLSID's were detected:
HKEY..\..\{CLSID Path}78364D99-A640-4DDF-B91A-67EFF8373045
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.