Trojan.Zefarch
Trojan.Zefarch is a Trojan program that hijacks browsers. When Trojan.Zefarch is inside a computer system, it will store itself as a browser helper object and insert code into webpages. Trojan.Zefarch will redirect search pages to predefined websites which are usually malicious or contain annoying advertisements.
Table of Contents
Aliases
3 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| - | Trojan:Win32/Hiloti.gen!D |
| - | Mal/Hiloti-A |
| - | Hiloti.gen.c |
File System Details
Trojan.Zefarch may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Windir%\[RANDOM CHARACTERS].dll | |
| 2. | %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\_cfg.js | |
| 3. | %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome.manifest | |
| 4. | %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\c.js | |
| 5. | %UserProfile%\Application Data\Mozilla\Firefox\Extensions\install.rdf | |
| 6. | %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\overlay.xul |
Registry Details
Trojan.Zefarch may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\sample@example.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[RANDOM CLSID]\"(Default)" = "%Windir%\[RANDOM CHARACTERS].dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[RANDOM CLSID]\"(Default)" = "%Windir%\[RANDOM CHARACTERS].dll"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
