XoloX
XoloX is a worm that spreads through peer-to-peer file swapping programs like KaZaA, KaZaA Lite, KaZaA Lite K++, KMD, Morpheus, eDonkey2000, Limewire, Bearshare, Overnet, Gnucleus, any other p2p file sharing network. XoloX also changes browser settings without user's permission and often bundled with spyware.
File System Modifications
- The following files were created in the system:
# File Name 1 bittorrent.ini 2 crashsaver.exe 3 donkey.ini 4 donkey_expert.ini 5 downloads.ini 6 downloads.lnk 7 geoctl.dll 8 gnucdna.dll 9 mgwz.dll 10 mlnet.exe 11 sbcie026.dll 12 uninstall.exe 13 uninstallxolox.lnk 14 uninstxolox.exe 15 unzip.exe 16 xolox.exe 17 xolox.lnk 18 xoloxdownloadfolder.lnk 19 xoloxexe.exe 20 zlib.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\software\xoloxHKEY_LOCAL_MACHINE\software\xoloxdefaultproxyHKEY_LOCAL_MACHINE\software\xoloxpaidverexenameHKEY_LOCAL_MACHINE\software\xoloxwebcacheurlHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\gnutellaHKEY_CLASSES_ROOT\xoloxurlprotocolHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}xolox - The following CLSID's were detected:
HKEY..\..\{CLSID Path}2850bdc7-2330-4e31-9fa0-88268846539af02c0ae1-d796-42c9-81e1-084d88f79b8e
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.