Suspicious.Graybird.1 Description

Suspicious.Graybird.1 is a Trojan that may have been intentionally mutated or morphed by cyber-criminals. Suspicious.Graybird.1 may distribute itself via malicious websites or contaminated shareware. Suspicious.Graybird.1 may also be packed with a packer that hackers often add to malware in order to avoid detection or analysis. Suspicious.Graybird.1 should be promptly removed with an anti-spyware application.

Type: Trojans

How Can You Detect Suspicious.Graybird.1?

Suspicious.Graybird.1 Technical Report

As new Suspicious.Graybird.1 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Suspicious.Graybird.1’s Country of Origin:

• China

Suspicious.Graybird.1 has typically the following processes in memory:

• %Windir%\e7df.exe
• %System%\7ds2.exe
• %System%\hwqrgizey.dll
• %System%\febb.dll
• %System%\9dd1.dll

Suspicious.Graybird.1 creates the following registry entries:

• [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
• [HKEY_CURRENT_USER\Keyboard Layout\Preload]
• [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]

Important Article Disclaimer