ViRobot
Home HOME > Security Info

Security Info

Threats DB

Adware.TabBrowser.To.196288

Aliases  
Typical Symptoms  Auto-execution on rebooting,Toolbar,Move to the particular site,POP-UP Window
Discovered  [korea] 2010-05-12
 [Foreign] 0000-00-00
Type  Adware ActiveField  
Damage/Distribution
Origin  Korea Encryption  NO
Target of infection  Installed with Aplicatoin,Execution
Scan engine needed
2010-05-12 [Able to detect & repair]
  • Free scan
  • Free trial download
Description

[Symptom of Infection]

[Adware.TabBrowser.To.196288] is installed without user agreement, and registered to Internet Explorer's Manage Add-Ons.

- It adds itself to registry for automatic execution on system boot.

[PIC 1] BHO register

 

[PIC 2] Internet Explorer

 

<Related URL>
 

hxxp://(...).tabbrowser.co.kr/(...)/setup/(...).dt
hxxp://(...).tabbrowser.co.kr/(...)/setup/(...)_setup.exe
hxxp://(...).tabbrowser.co.kr/count/install_ct.asp?(...)
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/version.dat
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/tabbrowsingnapp.exe
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/tabbrowsingnch.exe
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/tabbrowsingndel.exe
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/tabbrowsingnup.exe
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/tabbrowsingn.dll
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/cadoclist.dt
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/category.dt
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/categorysite.dt
hxxp://(...).tabbrowser.co.kr/(...)/tabbrowsingn/program/except.dt
hxxp://(...).tabbrowser.co.kr/count/live_ct.asp?(...)
 

<File>
 
[Adware.TabBrowser.To.196288] creates below files.
 

(Programs Folder)\tabbrowsing\blockkeyword.dt
(Programs Folder)\tabbrowsing\brandkeyword.dt
(Programs Folder)\tabbrowsing\breaksite.dt
(Programs Folder)\tabbrowsing\breaksitest.dt
(Programs Folder)\tabbrowsing\bsvive.dt
(Programs Folder)\tabbrowsing\cadoclist.dt
(Programs Folder)\tabbrowsing\category.dt
(Programs Folder)\tabbrowsing\categorysite.dt
(Programs Folder)\tabbrowsing\except.dt
(Programs Folder)\tabbrowsing\info.dt
(Programs Folder)\tabbrowsing\navilock.dt
(Programs Folder)\tabbrowsing\op.dt
(Programs Folder)\tabbrowsing\potalsite.dt
(Programs Folder)\tabbrowsing\sponserlink.dt
(Programs Folder)\tabbrowsing\tabbrowsingn.dll
(Programs Folder)\tabbrowsing\tabbrowsingnapp.exe
(Programs Folder)\tabbrowsing\tabbrowsingnch.exe
(Programs Folder)\tabbrowsing\tabbrowsingndel.exe
(Programs Folder)\tabbrowsing\tabbrowsingnup.exe
(Programs Folder)\tabbrowsing\tabbrowsingn_setup.exe
(Programs Folder)\tabbrowsing\up\cadoclist.dt
(Programs Folder)\tabbrowsing\up\category.dt
(Programs Folder)\tabbrowsing\up\categorysite.dt
(Programs Folder)\tabbrowsing\up\except.dt
(Programs Folder)\tabbrowsing\up\tabbrowsingn.dll
(Programs Folder)\tabbrowsing\up\tabbrowsingnapp.exe
(Programs Folder)\tabbrowsing\up\tabbrowsingndel.exe
(Programs Folder)\tabbrowsing\up\tabbrowsingnup.exe
(Programs Folder)\tabbrowsing\up\ver.dat
(Programs Folder)\tabbrowsing\urlmatchquery.dt
(Programs Folder)\tabbrowsing\version.dat
 

<Registry>
 
[Adware.TabBrowser.To.196288] creates registries like below.
 

HKLM\SOFTWARE\Classes\CLSID\{34FC7B59-C254-4FC5-BDF8-660B242D601B}
HKLM\SOFTWARE\Classes\tabbrowsingn.tabbrowsing
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tabbrowsing
HKLM\SOFTWARE\tabbrowsing
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: tabbrowsing
Value: ""(Programs Folder)\tabbrowsing\tabbrowsingnapp.exe""
 

<Folder>
 
[Adware.TabBrowser.To.196288] creates folders like below.
 

(Programs Folder)\tabbrowsing
(Programs Folder)\tabbrowsing\up
 

<Notation>
 

"(Programs Folder)" could be different by OS and generally this is "C:\Program Files".
Removal Instructions

[How to repair]

 

1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.


2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.


a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)


b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)


3. How to scan the virus.


a. Run your ViRobot, and choose all files in scan option.
- ViRobot Desktop 5.x : [Tools] -> [Configuration] -> [Spyware/Adware Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check


b. Repair all viruses detected.
List
Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap