Threat Database Browser Hijackers DefaultTab-Search Results

DefaultTab-Search Results

By CagedTech in Browser Hijackers

Threat Scorecard

Ranking: 4,537
Threat Level: 50 % (Medium)
Infected Computers: 170,870
First Seen: March 4, 2013
Last Seen: October 15, 2024
OS(es) Affected: Windows

Aliases

6 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Generic5.AXOX
Comodo ApplicUnwnt
AVG Searchres.2F5
McAfee Artemis!E8BC5FD5F80C
DrWeb Adware.Toolbar.239
McAfee Artemis!5F593CAC9F67

File System Details

DefaultTab-Search Results may create the following file(s):
# File Name MD5 Detections
1. DTChk.exe a330022f56c41311ac2789cd77010589 5,589
2. DefaultTabBHO.dll f03cfcd636fedcdf8ddca41ce8719a00 4,976
3. DTReg.exe ff9e721d98bc7cf94c283c9d4836c9df 4,607
4. DTChk.exe c724f9cc94e5e8ff49b0c1ea10829c62 4,346
5. R002.exe c649bd38c31322113468d2998966b2b7 4,101
6. DTChk.exe a3cb86169694053c550b9aa528e8e2f5 3,805
7. DTChk.exe e8bc5fd5f80cdb59429cd0ce8e91d41a 3,526
8. DTChk.exe 07f47baebdaeab76fc1cd346eb1aba33 2,232
9. DefaultTabBHO.dll 4b1858d4620a29d822abc80a5088d51e 1,694
10. DTChk.exe bf82c8e4e2118c46dd1f75a4aa5408de 1,343
11. DefaultTabBHO.dll a1ef9f4e3caa067ad0c45130aefcf49b 627
12. DefaultTabBHO.dll 0a4c60fc66d3b775c1c985247012c64b 587
13. DefaultTabBHO.dll 4134a411f503ef121675b6e53b852f35 431
14. DefaultTabBHO.dll 77a615a75545df5ea60cc49e7619f509 353
15. R002.exe 894ecbbc03677a23861d0f2d04f658b0 267
16. DefaultTabBHO.dll 5f593cac9f6741cde9c229b077a495cf 220
17. DefaultTabBHO.dll 3af4778134ab53502c33a70cd11b85ff 99
18. DefaultTabBHO.dll 4426e56b378ce7b990169b55e3555740 58
19. DTReg.exe 5808d8d4632563f2e79c9f29197b3674 9
20. DatamngrCoordinator.exe c3c8797e5ee2ed85e0dba33b8a891ba1 5
21. DTChk.exe 95969c77e2e69819849cdc5673d0bd7f 4
22. DTChk.exe cc98b8c0f54ec762bb4cf898f2b96da2 4
23. R001.exe 744e70443bdf26713cfa1d24e32aca92 4
24. R002.exe 644b1ec961307113ce2d9a39e02d66f7 4
25. DTChk.exe ec113774356e3de24b518978cfbbda88 2
26. DTChk.exe 0cdd3bc9e5d7334b42f8b340dc26b712 2
More files

Registry Details

DefaultTab-Search Results may create the following registry entry or registry entries:
CLSID
{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
{38495740-0035-4471-851E-F5BBB86AB085}
{72D89EBF-0C5D-4190-91FD-398E45F1D007}
{7F6AFBF1-E065-4627-A2FD-810366367D01}
{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}
{BE89FFB3-7F9C-4A16-B475-98B195A06628}
{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Regexp file mask
%PUBLIC%\Util\DTChk.exe
%Temp%\DefaultTabSetup[RANDOM CHARACTERS].exe
Software\AppDataLow\Software\DefaultTab
SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
SOFTWARE\Classes\Wow6432Node\AppID\DefaultTabBHO.DLL
Software\Default Tab
SOFTWARE\Google\Chrome\NativeMessagingHosts\default_tab_host
Software\Microsoft\Internet Explorer\Approved Extensions\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Software\Microsoft\Internet Explorer\Protect Approved Extensions\{7F6AFBF1-E065-4627-A2FD-810366367D01}
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Default2Check
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DefaultCheck
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DefaultReg
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
SOFTWARE\Wow6432Node\Classes\AppID\DefaultTabBHO.DLL
SOFTWARE\Wow6432Node\Default Tab
SOFTWARE\Wow6432Node\DefaultTab
SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\default_tab_host
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}
SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
SYSTEM\ControlSet001\services\DefaultTabSearch
SYSTEM\ControlSet001\services\DefaultTabUpdate
SYSTEM\ControlSet002\services\DefaultTabSearch
SYSTEM\ControlSet002\services\DefaultTabUpdate
SYSTEM\CurrentControlSet\services\DefaultTabSearch
SYSTEM\CurrentControlSet\services\DefaultTabUpdate

Directories

DefaultTab-Search Results may create the following directory or directories:

%APPDATA%\DefaultTab
%PROGRAMFILES%\DefaultTab
%PROGRAMFILES(x86)%\DefaultTab
%TMP%\installdt.tmp
%WINDIR%\system32\config\systemprofile\AppData\Roaming\defaulttab

URLs

DefaultTab-Search Results may call the following URLs:

https://www.mysearchresults.com/search?

Trending

Most Viewed

Loading...