BrowserModifier:Win32/BaiduSP

BrowserModifier:Win32/BaiduSP Description

BrowserModifier:Win32/BaiduSP is a browser modifier, which is spread by attackers as a harmful .dll file. BrowserModifier:Win32/BaiduSP diverts hacked web search results without a victimized computer user's authorization to doubtful websites. BrowserModifier:Win32/BaiduSP will divert compromised search results from the address bar and 'page not found' errors to Baidu.com. BrowserModifier:Win32/BaiduSP can also aim at downloading the BaiduToolbar without the PC user knowing about this. While being installed on the affected computer system, BrowserModifier:Win32/BaiduSP makes system modifications by downloading infected files and registry subkeys. BrowserModifier:Win32/BaiduSP creates the registry subkeys to install itself as a BHO (Browser Helper Objects) so that it can launch automatically whenever the PC user starts Internet Explorer. BrowserModifier:Win32/BaiduSP may also take over Internet Explorer's search functionality to reroute the affected computer user's searches to Baidu.com. Baidu.com may also change the Internet Explorer default search engine and default start page to websites affiliated with Baidu.

Technical Information

Registry Details

BrowserModifier:Win32/BaiduSP creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Snav.SearchHook
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Snav.JsObject.1
HKLM\SOFTWARE\Classes\Interface\{A9DFC1C4-7AB1-4B54-AC5B-F7093C9BB8D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS Autodial\Control "LoginSessionDisable" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Snav.SearchHook.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4F87EBCD-FBF4-4ADD-980A-D9EDC6C8FDE5}
HKEY_CURRENT_USER\Software\Snav\iexp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91A9D6D5-AFEE-4748-82D7-737A523F63D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Snav.JsObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65D94F33-028B-4CD1-8A89-E6E3129C90B0}

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.