Trojan.Brojack
Trojan.Brojack is a Trojan horse that may hijack search result on the infected computer. This Trojan also modifies Internet settings and may install itself as a browser helper object (BHO).
Alias: Trojan.Brojack!sd6, Trojan.Win32.Agent.aggi
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
If the Trojan is executed, it will drop multiple files under Mozilla Firefox extension folder. Then it registers itself as a browser helper object (BHO) for Internet Explorer. Trojan.Brojack also ends running process containing strings such as googletoolbarnotifier, googleupdater, searchprotection and ytbb.
Next, the Trojan will remove certain BHO that are already installed on the Internet browser to further manipulate the browsing activity on the infected computer.
This Trojan is also capable of recording all links visited by user and stores the data separately. This is accomplished by dropping a malicious Mozilla Firefox extension.
After completing all necessary actions, Trojan.Brojack finally hijack search results for Internet Explorer and Mozilla Firefox. User’s requests are redirected to a predefined questionable web site.
Added Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr
HKEY_CLASSES_ROOT\CLSID\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}
HKEY_CLASSES_ROOT\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKEY_CLASSES_ROOT\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKEY_CLASSES_ROOT\e405.e405mgr.1
HKEY_CLASSES_ROOT\e405.e405mgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}
Associated Files and Folders:%ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.js %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\main.xul %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\request.js %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome\content\web_progress.js %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\chrome.manifest %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\defaults\preferences\main.js %ProgramFiles%\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\install.rdf %System%\[RANDOM NUMBER]\[RANDOM NUMBER].dll
How to Remove Trojan.Brojack
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Trojan.Brojack
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Trojan.Brojack without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.