Threat Database Malware CXmal/DNSCha-A

CXmal/DNSCha-A

By Sumo3000 in Malware

Threat Scorecard

Ranking: 2,326
Threat Level: 20 % (Normal)
Infected Computers: 26,016
First Seen: April 27, 2012
Last Seen: September 20, 2023
OS(es) Affected: Windows

CXmal/DNSCha-A detects registry modification made by a group of DNSChanger Trojans, namely Troj/DNSChan-A Troj/DNSChan-A. CXmal/DNSCha-A will only initiate from a full system scan, either scheduled or on-demand. If your endpoint is not built to use DHCP, you're required to perform manual cleanup by changing the DNS server settings to specify the proper server for your organization or ISP. CXmal/DNSCha-A may reset the DNS name server setting on windows computer for different network interfaces on the host PC.

Registry Details

CXmal/DNSCha-A may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28} NameServer: 85.255.115.101,85.255.112.115
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run hgqhp.exe = C:\WINDOWS\system32\hgqhp.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\\NameServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92A284E9-43B2-406E-A24E-FCB05ACBAD8B} NameServer: 85.255.115.101,85.255.112.115

URLs

CXmal/DNSCha-A may call the following URLs:

ckk.ai

Trending

Most Viewed

Loading...