« Emlkdvo Toolbar
FloodBot »

ShopNav

No Comments
GoldSparrow By GoldSparrow in Browser Hijackers | 24 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

ShopNav Description

ShopNav is a browser hijacker that modifies web browser essential search settings. It changes default search and error pages, alters address bar search options and affects user Internet experience. The threat redirects a web browser to ShopNav controlling servers. It also collects information about performed web searches and user system accounts and sends it to a predetermined remote server. ShopNav may download and install arbitrary applications and can silently update itself via the Internet. The threat is bundled with some parasites and advertising-supported products such as Grokster file sharing program. It automatically runs on every Windows startup.

Type: Browser Hijackers

How Can You Detect ShopNav?

 
 

Download SpyHunter’s Detection Scanner
to Detect ShopNav.

 
 

ShopNav Technical Report

As new ShopNav details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following ShopNav files with its MD5s were created in the system:

File Name File Size MD5
enhtb.dll 98304 fe6e6a62a572e84e9eaee12eb3ee8a2b
extract.exe 254940 d1ed20d1438435b9bd8d28ab93ed4754
iehelper.dll 9216 f57a0903af695d65f9f52b09f105fb9e
iehelper.dll 9216 8467bad3682ed3ab68971181bf0fb174
iehelper.dll 9216 a21a523d60ac61dc26f882d4377966cb

ShopNav has typically the following processes in memory:

  • srng.exe
  • snhelper.dll
  • srngutil.exe
  • searchhook.dll
  • enhtb.dll
  • srnghelper.exe
  • iehelper.dll
  • extract.exe

ShopNav creates the following registry entries:

  • SearchHook.SrchHook
  • SearchHook.URLSearchHook.1
  • SNHlprObj.SNHlprObj.1
  • 0007522A-2297-43C1-8EB1-C90B0FF20DA5
  • F08555A1-9CC3-11D2-AA8E-000000000000
  • SearchHook.URLSearchHook
  • SNHlprObj.SNHlprObj
  • Srng
  • CE7C3CF0-4B15-11D1-ABED-709549C10000
  • SearchHook.SrchHook.1
  • F08555B0-9CC3-11D2-AA8E-000000000000
  • 14B3D246-6274-40B5-8D50-6C2ADE2AB29B
  • C9C42510-9B21-41c1-9DCD-8382A2D07C61

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 01/9/08 and is filed under Browser Hijackers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.