Win32/Hioles
Posted: March 14, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 98 |
| First Seen: | March 14, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Win32/Hioles is a Trojan that uses reverse proxies to perform a variety of attacks, potentially including forcing your PC to send spam e-mail, engaging in click fraud or creating a backdoor vulnerability for criminal control. While Win32/Hioles is restricted to attacking Windows computers, within that selection of targets, SpywareRemove.com malware experts note that Win32/Hioles can be updated and abused to commit many types of crimes and harmful attacks against your PC. Due to this flexible threat, Win32/Hioles should always be treated as a high-level danger to your computer's privacy and security. Win32/Hioles has been known to name itself after Windows components and may make other efforts for concealing itself or its payload from manual observation; these attributes emphasize the importance of using good anti-malware software to detect and delete Win32/Hioles.
How Win32/Hioles Turns Your PC into Its Own Multipurpose Tool
Win32/Hioles was recently added to many PC security databases in March of 2012, and SpywareRemove.com malware experts find it worth reminding that keeping your anti-malware programs updated can make the difference between detecting and failing to detect PC threats like Win32/Hioles. The exact file type and even name that Win32/Hioles uses is somewhat variable, since Win32/Hioles has been found as both a .dll and an .exe, and may imitate Windows file names (such as svchost.exe) or use a series of random numbers for its name. Its location is likewise flexible, although Win32/Hioles will always change the Windows Registry to insure that Win32/Hioles can launch itself as soon as Windows starts. SpywareRemove.com malware research team recommends that you circumvent this standard attack by using Safe Mode to boot Windows before any attempt to detect or delete Win32/Hioles.
By default, Win32/Hioles is designed to make contact with a remote server that sends out instructions for its future behavior. Win32/Hioles can be reconfigured to use different domains for this purpose, such as grabsfakus.com or gogogobaby12.com. At this point, Win32/Hioles typically is instructed to act as a reverse proxy, which allows Win32/Hioles to be used for many types of attacks, such as:
- Using your computer's resources and a built-in SMTP client to send spam e-mail.
- Controlling your web browser with redirect attacks or deliberate stimulation of fraudulent traffic.
- Disabling your PC security software to allow criminals to steal personal information or install other PC threats.
Climbing Out of the Hole That Win32/Hioles Drops You In
While not all reverse proxies are malicious in design, Win32/Hioles's reverse proxy features are always built to exploit your PC for undesirable and criminal purposes. Since Win32/Hioles's propagation tactics haven't yet been analyzed, SpywareRemove.com malware researchers can only recommend that you practice safe web-browsing practices to avoid Win32/Hioles attacks. These practices include being cautious about unusual downloads, disabling exploitable features when they're not required and finding information and software from reputable sources whenever it's possible to do so.
SpywareRemove.com malware analysts also stress that Win32/Hioles should only be detected and removed by software or PC security experts that are explicitly equipped to deal with Win32/Hioles and similar Trojans. Due to its variable file type, file name, file location and even attack types, Win32/Hioles can be difficult to detect by normal methods, and improper deletion of Win32/Hioles may even harm your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:125.exe
File name: 125.exeSize: 187.32 KB (187329 bytes)
MD5: 051f562666fee70d9cd7dced1d8a2439
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 15, 2012
file.exe
File name: file.exeSize: 28.16 KB (28160 bytes)
MD5: 0710873cbb938be3baf0dfe7ab74d82c
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 15, 2012
file.exe
File name: file.exeSize: 29.69 KB (29696 bytes)
MD5: 093ba818b0282fa5701bdd5df3f66843
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 15, 2012
%ALLUSERSPROFILE%\AcroxzurRujp.dll
File name: AcroxzurRujp.dllSize: 60.41 KB (60416 bytes)
MD5: e86a7c27b01397f818bc342fce3e9024
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: May 27, 2013
%AppData%\svchost.exe
File name: %AppData%\svchost.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\kb<six numbers>.exe (for example, "kb291709.exe")
File name: %AppData%\kb<six numbers>.exe (for example, "kb291709.exe")Mime Type: unknown/exe")
Group: Malware file
%AppData%\UjharyAjsigc.dll
File name: %AppData%\UjharyAjsigc.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%TEMP%\kb<six numbers>.exe (for example, "kb291709.exe")
File name: %TEMP%\kb<six numbers>.exe (for example, "kb291709.exe")Mime Type: unknown/exe")
Group: Malware file
%TEMP%\svchost.exe
File name: %TEMP%\svchost.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%WinDir%\System32\UjharyAjsigc.dll
File name: %WinDir%\System32\UjharyAjsigc.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Time" "rundll32.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.