Troj/Ablank-F

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ablank-F is a browser hijacking Trojan.

Troj/Ablank-F changes settings for Internet Explorer and intercepts attempts to view the home page, instead showing a file dropped by the Trojan.

The Trojan attempts to set the following registry entries:

HKCU\Software\Microsoft\Internet Explorer\Main
HOMEOldSP
about:blank

HKCU\Software\Microsoft\Internet Explorer\Main
Search Page
about:blank

HKCU\Software\Microsoft\Internet Explorer\Main
Search Bar
res://<Temp>\\sp.dll/sp.html

HKCU\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
1

HKCU\Software\Microsoft\Internet Explorer\New Windows
PopupMgr
no

HKCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant
about:blank

HKLM\Software\Microsoft\Internet Explorer\Main
HOMEOldSP
about:blank

HKLM\Software\Microsoft\Internet Explorer\Main
Start Page
about:blank

HKLM\Software\Microsoft\Internet Explorer\Main
Search Bar
res://<Temp>\\sp.dll/sp.html

HKLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant
about:blank

HKLM\Software\Microsoft\Internet Explorer\Main
Use Search Asst
no

HKLM\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
1

HKLM\Software\Microsoft\Internet Explorer\New Windows
PopupMgr
no

The Trojan also creates entries for itself in HKCR\CLSID with randomly chosen CLSID values and registers itself as a Browser Helper Object with one of these values.

Troj/Ablank-F may provide an uninstallation option via the Add or Remove Programs dialog in the Windows Control Panel.

Try Sophos products for free
Download now

Troj/Ablank-F

Free Mac Anti-Virus

Popular topics