|
Exploit Cyber-search.biz
Overview
Exploit Cyber-search.biz is the detection name for a group of software
components that were installed through a security hole.
The following are some of the URLs that appeared in the network log:
hxxp://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe
hxxp://code.jcash.biz/l/f4831740c2b4b66f7245653d8657b954_13.exe
hxxp://85.255.117.53/bt/4/s1s//index.chm
hxxp://85.255.117.53/bt/4/s1s//index.exe
hxxp://cyber-search.biz/cyber.wmf
hxxp://cyber-search.biz/loader.exe
hxxp://search-biz.biz/dnlsvc.exe
hxxp://2005-search.com/go.exe
hxxp://www.webmastersmafia.com/counter.exe
hxxp://www.best-thumbs.net/stats/load.exe
hxxp://download.alfacleaner.com/setup.exe
hxxp://psguard.com/loader/inf/116.exe
hxxp://download.jupitersatellites.biz/traff/ppiigg.exe
hxxp://www.voghp.com/bho/update.exe
hxxp://zabywjwzlr.biz/dl/loadadv406.exe
hxxp://205.177.122.100/G1/8GKin2mlaHMKOi8lfF1y5.exe
hxxp://download.systemdoctor.com/files/ installers/SystemDoctor2006FreeInstall.exe
hxxp://count.hitscount.net/updinst/krab02/gall2236.exe
Classification
Install without user consent
Files
0xf9.exe, secure32.html, splp.exe, tpjtsip.exe, xecn.exe, windrv.exe, ryads.exe, ybbga.exe, ms-7.exe, counter.exe, file.exe, file2.exe, ie.exe, load.exe, uninstDsk.exe, warnhp.html, TheMatrixHasYou.exe, msdirect.sys, sdfdil.exe, taskmgn.exe, win32hlp.exe, winbrume.dll
If you have any of the files related to Exploit Cyber-search.biz on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the Exploit Cyber-search.biz software.
Thank you very much for your time!
Vendor
?
End User License Agreement
?
Detection
Bazooka Adware and Spyware Scanner detects Exploit Cyber-search.biz.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall Exploit Cyber-search.biz with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling Exploit Cyber-search.biz. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove Exploit Cyber-search.biz manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If Exploit Cyber-search.biz remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the values called 'win32hp', 'rpcc' and 'update.exe', if they exists.
- Exit the registry editor.
-
Start Windows Explorer and delete:
c:\0xf9.exe
c:\secure32.html
c:\splp.exe
c:\tpjtsip.exe
c:\xecn.exe
c:\DriverLoad\windrv.exe
%ProgramsDir%\ryads.exe
%ProgramsDir%\secure32.html
%ProgramsDir%\ybbga.exe
%WinDir%\\Temp\ms-7.exe
%WinDir%\counter.exe
%WinDir%\file.exe
%WinDir%\file2.exe
%WinDir%\ie.exe
%WinDir%\load.exe
%WinDir%\uninstDsk.exe
%WinDir%\warnhp.html
%SystemDir%\TheMatrixHasYou.exe
%SystemDir%\msdirect.sys
%SystemDir%\sdfdil.exe
%SystemDir%\taskmgn.exe
%SystemDir%\win32hlp.exe
%SystemDir%\winbrume.dll
Note: %ProgramsDir% is a variable (?). By default, this is C:\Program Files.
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Start Microsoft Internet Explorer.
- In Internet Explorer, click Tools -> Internet Options.
- Click the Programs tab -> Reset Web Settings.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for Exploit Cyber-search.biz's vendor
In order to provide correct, accurate and updated information about Exploit Cyber-search.biz
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|