high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2005 (3.94) |
| Protection available since | 7 March 2005 22:03:23 (GMT) |
| Last updated | 29 April 2005 13:44:50 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Ablank-F is a browser hijacking Trojan.
Troj/Ablank-F changes settings for Internet Explorer and intercepts attempts to view the home page, instead showing a file dropped by the Trojan.
The Trojan attempts to set the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main
HOMEOldSP
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main
Search Page
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main
Search Bar
res://<Temp>\\sp.dll/sp.html
HKCU\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
1
HKCU\Software\Microsoft\Internet Explorer\New Windows
PopupMgr
no
HKCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main
HOMEOldSP
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main
Start Page
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main
Search Bar
res://<Temp>\\sp.dll/sp.html
HKLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main
Use Search Asst
no
HKLM\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
1
HKLM\Software\Microsoft\Internet Explorer\New Windows
PopupMgr
no
The Trojan also creates entries for itself in HKCR\CLSID with randomly chosen CLSID values and registers itself as a Browser Helper Object with one of these values.
Troj/Ablank-F may provide an uninstallation option via the Add or Remove Programs dialog in the Windows Control Panel.
|
