Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Mar
18th

Win32 Conhook will Injure your PC!

Author: Indre | Files under Fix slow PC

virus.jpgLiving in this times of technology, informationhas become a thing of value. Referring to this fact let’s learn abit more about with Win32/Conhook. It is from a family of Trojans which install themselves as Browser Helper Objects (BHOs), and can connect to the Internet without user authorization. They can also determine specific security services, and download additional malware onto the computer.

Win32/Conhook is installed by an executable. Then, the installer program creates a dynamic link library (DLL) with a randomly generated file name in the Windows system folder, and modifies the registry to load the DLL whenever a Web browser application is launched.

Apart from what was mentioned above this Trojan is said to inject its code into winlogon.exe and explorer.exe running processes creating remote threads in each. After that Win32/Conhook looks out for connections on the UDP port 3012.

This type of malware affects the following systems; Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP.

Take a look at the following signs that indicate the possible infection of Win32/Conhook:

  • The presence of the following registry subkeys

HKEY_CLASSES_ROOT\CLSID\{64A31598-EEEC-4f1d-8D04-DACC1E2D5407}
HKEY_CLASSES_ROOT\CLSID\{40910BCF-0B02-417e-8C81-BC2124376133}
HKEY_CLASSES_ROOT\CLSID\{A5A925F3-6B88-4138-8092-16D95CD50D91}
HKEY_CLASSES_ROOT\CLSID\{B8FD9F6C-AA0E-4fc3-A239-1C9A0CD80D47}
HKEY_CLASSES_ROOT\CLSID\{DD13730A-FBA1-4f91-AB25-7FEB0563D33B}
HKLM\Software\Classes\CLSID\{64A31598-EEEC-4f1d-8D04-DACC1E2D5407}
HKLM\Software\Classes\CLSID\{40910BCF-0B02-417e-8C81-BC2124376133}
HKLM\Software\Classes\CLSID\{A5A925F3-6B88-4138-8092-16D95CD50D91}
HKLM\Software\Classes\CLSID\{B8FD9F6C-AA0E-4fc3-A239-1C9A0CD80D47}
HKLM\Software\Classes\CLSID\{DD13730A-FBA1-4f91-AB25-7FEB0563D33B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{64A31598-EEEC-4f1d-8D04-DACC1E2D5407}
{40910BCF-0B02-417e-8C81-BC2124376133}
{A5A925F3-6B88-4138-8092-16D95CD50D91}
{B8FD9F6C-AA0E-4fc3-A239-1C9A0CD80D47}
{DD13730A-FBA1-4f91-AB25-7FEB0563D33B}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\zxc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Dstr5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Rasap2K
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dstr5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rasap2K

  • The sudden termination of the process GCASSERVALERT.EXE

Win32/Conhook is also known by the following names:firewall.jpg

Win32/Darksma!generic (CA)
Trojan-Downloader.Win32.ConHook (Kaspersky)
Downloader-AWX (McAfee)
W32/ConHook (Norman)
Troj/ConHook (Sophos)
Downloader (Symantec)
TROJ_CONHOOK (Trend Micro)

To avoid this unpleasant and harmful presence on your PC take the following steps:

  • Enable a firewall on your computer.
  • Get the latest computer updates.
  • Use up-to-date antivirus software.
  • Use caution with attachments and file transfers.

Resources:
Overview on Win32/Conhook
Defining a trojan

Post a Comment

Security Code: