OrbitExplorer
OrbitExplorer is an Internet Explorer search toolbar that changes web browser's default home and search pages and adds multiple bookmars to the Favorites list. The threat silently downloads and installs several adware softwares without asking for user permission. It also can send a web browser to advertising web sites. OrbitExplorer has the ability to update itself via the Internet. The threat must be manually installed. It automatically runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 ad.exe 2 oeloader.dll 3 oeloader.exe 4 redirector.dll 5 search.dll 6 toolbar.dll 7 update.exe 8 view.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTOESearch.OESearchHookHKEY_CLASSES_ROOTOESearch.OESearchHook.1HKEY_CLASSES_ROOTSQLoader.LoaderHKEY_CLASSES_ROOTSQLoader.Loader.1HKEY_CLASSES_ROOTToolbar.BandHKEY_CLASSES_ROOTToolbar.Band.1HKEY_CLASSES_ROOTUpdate.RedirectorHKEY_CLASSES_ROOTUpdate.Redirector.1HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsage\%Windir%/DownloadedProgramFiles/oeloader.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsage\%Windir%/DownloadedProgramFiles/oeloader.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunoeloaderHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunorbitupdateHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunorbitviewHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDlls\%Windir%DownloadedProgramFilesoeloader.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDlls\%Windir%DownloadedProgramFilesoeloader.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallOrbit - The following CLSID's were detected:
HKEY..\..\{CLSID Path}0FDA4D2B-7975-405d-8D7C-F5E2247EAE80ECC4AB37-565F-4424-8802-E4BC7766BA58C3E17D0D-593A-457B-A1DA-6D082E29323A92A0BFEF-D370-4D4F-BA70-F0C0AFB19B9F8594CB7B-5A4B-414C-B40F-6C42152B4D2BEC99CBB3-6275-4923-BC54-8F27AC45F577229B6742-97C5-4FA1-89D0-0117BE82FC391D22A25E-B181-4AEE-88FF-2209F7C24FCB030A8576-686B-479A-AF79-94B9FEA79BC5D7B3E460-9968-4191-BD6F-BEED1BC18482D48F2E28-68E2-4920-9848-D6E6C7AB3EB7702AD576-FDDB-4d0f-9811-A43252064684341FB59F-3507-443b-8147-423B4E3B2B15
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.