Threat Database Stealers Infostealer.Proxydown

Infostealer.Proxydown

By JubileeX in Stealers

Infostealer.Proxydown is a Trojan that steals computer data and the Internet Explorer's information and may add harmfulfiles on to the affected PC. While being run, Infostealer.Proxydown creates harmful files. Infostealer.Proxydown creates the registry entry so that it can launch automatically every time you boot up Windows. Infostealer.Proxydown modifies the registry entry to make changes to the settings of Internet Explorer. Infostealer.Proxydown checks the proxy configuration information on the targeted computer system. Infostealer.Proxydown connects google.com to create an Internet connection. Infostealer.Proxydown transmits all of the stolen information to certain distant locations.

SpyHunter Detects & Remove Infostealer.Proxydown

File System Details

Infostealer.Proxydown creates the following file(s):
# File Name MD5 Detections
1. %UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll N/A
2. %Temp%\[RANDOM CHARACTERS FILE NAME].datce N/A
3. %Temp%\[RANDOM CHARACTERS FILE NAME].tmp N/A
4. %UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll144031u23.tmp N/A
5. %Temp%\[RANDOM CHARACTERS]wg[RANDOM DIGIT].dat N/A
6. 7d95302e81c5a69fe18920f9d57c5644 7d95302e81c5a69fe18920f9d57c5644 0
7. 21ac774a6717ec3e70de1e91324ffcc8 21ac774a6717ec3e70de1e91324ffcc8 0
8. wmshlp.dll 3ac94e32920b27b16fbcf8dc027cf054 0

Registry Details

Infostealer.Proxydown creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\"DefaultConnectionSettings" = "[BINARY DATA]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"TactXCI" = "rundll32.exe \"%UserProfile%\Application Data\Microsoft\CommonFiles\wmshlp.dll\" TactXCIHlp 137"

Trending

Most Viewed

Loading...