Infostealer.Proxydown
Infostealer.Proxydown is a Trojan that steals computer data and the Internet Explorer's information and may add harmfulfiles on to the affected PC. While being run, Infostealer.Proxydown creates harmful files. Infostealer.Proxydown creates the registry entry so that it can launch automatically every time you boot up Windows. Infostealer.Proxydown modifies the registry entry to make changes to the settings of Internet Explorer. Infostealer.Proxydown checks the proxy configuration information on the targeted computer system. Infostealer.Proxydown connects google.com to create an Internet connection. Infostealer.Proxydown transmits all of the stolen information to certain distant locations.
SpyHunter Detects & Remove Infostealer.Proxydown
File System Details
Infostealer.Proxydown creates the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | %UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll | N/A | |
| 2. | %Temp%\[RANDOM CHARACTERS FILE NAME].datce | N/A | |
| 3. | %Temp%\[RANDOM CHARACTERS FILE NAME].tmp | N/A | |
| 4. | %UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll144031u23.tmp | N/A | |
| 5. | %Temp%\[RANDOM CHARACTERS]wg[RANDOM DIGIT].dat | N/A | |
| 6. | 7d95302e81c5a69fe18920f9d57c5644 | 7d95302e81c5a69fe18920f9d57c5644 | 0 |
| 7. | 21ac774a6717ec3e70de1e91324ffcc8 | 21ac774a6717ec3e70de1e91324ffcc8 | 0 |
| 8. | wmshlp.dll | 3ac94e32920b27b16fbcf8dc027cf054 | 0 |
Registry Details
Infostealer.Proxydown creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\"DefaultConnectionSettings" = "[BINARY DATA]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"TactXCI" = "rundll32.exe \"%UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll\" TactXCIHlp 137"
