About: Trojan.Win32/Wysotot.gen!a   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Installation Trojan:Win32/Wysotot.gen!A is usually installed on the user's PC by software bundlers that advertise free software or games. One installer that we have seen distribute Win32/Wysotot.gen!A is shown below: When the installer is launched, it creates a folder in %ProgramFiles% directory and drops a file there, for example %ProgramFiles%\v9Soft\v9kb.exe. It also drops and launches a DLL in the %TEMP% directory, for example %TEMP%\v9Loader.dll, and installs it as a browser helper object. Payload Changes browser settings

AttributesValues
rdf:type
rdfs:label
  • Trojan.Win32/Wysotot.gen!a
rdfs:comment
  • Installation Trojan:Win32/Wysotot.gen!A is usually installed on the user's PC by software bundlers that advertise free software or games. One installer that we have seen distribute Win32/Wysotot.gen!A is shown below: When the installer is launched, it creates a folder in %ProgramFiles% directory and drops a file there, for example %ProgramFiles%\v9Soft\v9kb.exe. It also drops and launches a DLL in the %TEMP% directory, for example %TEMP%\v9Loader.dll, and installs it as a browser helper object. Payload Changes browser settings
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Date
  • Unknown
Origin
  • Unknown
Platform
  • .exe
Name
  • Trojan.Win32/Wysotot.gen!A
Type
  • Trojan
pl
  • Unknown
filetype
  • .COM, .EXE
AKA
  • V9 Software
Family
  • N/A
Creator
  • Unknown
Size
  • Unknown
abstract
  • Installation Trojan:Win32/Wysotot.gen!A is usually installed on the user's PC by software bundlers that advertise free software or games. One installer that we have seen distribute Win32/Wysotot.gen!A is shown below: When the installer is launched, it creates a folder in %ProgramFiles% directory and drops a file there, for example %ProgramFiles%\v9Soft\v9kb.exe. It also drops and launches a DLL in the %TEMP% directory, for example %TEMP%\v9Loader.dll, and installs it as a browser helper object. Payload Changes browser settings Trojan:Win32/Wysotot.gen!A makes changes to the settings of the following web browsers: • Chrome • Firefox • Internet Explorer • Opera It changes the start page so that when the browser is launched it opens a website on the v9.com domain. It can do this via the registry, for instance it makes the following modifications for Internet Explorer: In subkey: HCKU\Software\Microsoft\Internet Explorer\Main Sets value: "Start Page" With data: b&utm_medium=kb In subkey: HCKU\Software\Microsoft\Internet Explorer\Main Sets value: "Default_Page_URL" With data: b&utm_medium=kb Trojan:Win32/Wysotot.gen!A also modifies the default search provider to www.v9.com as shown below: Symptoms The following could indicate that the user have this threat on the user's PC: •the user's web browser start page and default search provider have been changed to www.v9.com
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software