Kaspersky Reminder: Wary of malicious Trojan hijacked browser

Kaspersky Labs has been reminding the vast majority of Internet users that downloading software must go to the official website of the software or other trusted websites. Because some malicious websites also provide software downloads, software may be bundled with malicious code. Once the user downloads and runs, it can cause malicious programs to infect and suffer losses.

Recently, Kaspersky Lab has found that from a website (X361.k037.com:90/kx_setup.exe, currently defunct) The World Window browser is bundled with browser hijacking Trojan Horse (TROJAN-DROPPER.WIN32.STARTPAGE.EIP )。 On the surface, the installer is no different from the normal program, and the user can install it normally. However, the installation files downloaded by the user are actually packaged with a maliciously modified configuration file, and the system is modified during the installation process through malicious scripting. After the installation is complete, IE browser homepage has been maliciously modified and locked, see the following figure:

IE Home Page was modified

The modified configuration file is shown in the figure:

Malicious hijacking

Not only that, the malicious code will also add some promotional links in the desktop and favorites, and modify the user's search results in the browser, forcibly hijack the search content, the user directed to the hacker to promote the site. Interferes with the user's normal browsing of the Internet. Even if the user uninstalls the browser, the modified system settings are not restored.

At present, all Kaspersky products can be the bundle of the Trojan killing. Users only need to keep anti-virus database update can effectively intercept this trojan. Kaspersky Laboratories at the same time to remind the vast number of netizens, must choose the normal channel to download software, to avoid the damage caused by malicious programs.