Troj/Spyjack-L

Please follow the instructions for removing Trojans.

Troj/Spyjack-L is a Trojan for the Windows platform.

Troj/Spyjack-L includes functionalities to:

- access the internet and communicate with a remote server via HTTP
- disable anti-virus applications
- modify Desktop content

When Troj/Spyjack-L is installed the following files are created:

<System>\intell32.exe
<System>\oleext.dll
<System>\oleext32.dll
<Windows>\uninstIU.exe
<Windows>\warnhp.html

The file oleext32.dll is detected as Troj/AleSpy-O. The file intell32.exe is detected as Troj/Spyjack-L. The files oleext.dll, oleext32.dll and uninstIU.exe are detected as Troj/Spyjack-L. The file warnhp.html can be deleted safely.

The following registry entry is created to run intell32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
intell32.exe
<System>\intell32.exe

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2
Source
131A6951-7F78-11D0-A979-00C04FD705A2

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2
SubscribedURL
131A6951-7F78-11D0-A979-00C04FD705A2

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2
FriendlyName
Internet Explorer Channel Bar

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2
Flags
3

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2
CurrentState
1

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
GeneralFlags
0

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
CurrentState
40000002

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
Flags
2002

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
FriendlyName
Warning homepage

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
Source
<Windows>\warnhp.html

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1
CurrentState
40000004

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\