Troj/BHO-GO exhibits the following characteristics:
Other vendor detection
- Kaspersky
- not-a-virus:AdWare.Win32.E404.hh
Runtime Analysis
Copies Itself To
- C:\WINDOWS\system32\ubpr01.exe
Dropped Files
- C:\WINDOWS\system32\857060\857060.dll
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Internet Explorer
- SearchURL
- http://internetsearchservice.com
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
- Search Bar
- http://internetsearchservice.com/ie6.html
- HKCU\Software\Microsoft\Internet Explorer
- SearchURL
- http://internetsearchservice.com
- HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w
- (Default)
- http://internetsearchservice.com/search?q=%s
- HKCU\Software\Microsoft\Internet Explorer\Main
- SearchMigratedDefaultName
- Search
- HKCU\Software\Microsoft\Internet Explorer\Search
- SearchAssistant
- http://internetsearchservice.com
- HKCU\Software\Microsoft\Internet Explorer\SearchUrl\w
- (Default)
- http://internetsearchservice.com/search?q=%s
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
- Default_Search_URL
- http://internetsearchservice.com
- HKCU\Software\Microsoft\Internet Explorer\Main
- Search Page
- http://internetsearchservice.com
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Search
- SearchAssistant
- http://internetsearchservice.com
Processes Created
- c:\windows\regedit.exe
- c:\windows\system32\cmd.exe
- c:\windows\system32\regsvr32.exe