MSIL/Agent.OJF [Threat Name] go to Threat

MSIL/Agent.OJF [Threat Variant Name]

Category trojan
Size 436224 B
Detection created Sep 03, 2013
Detection database version 8759
Short description

MSIL/Agent.OJF is a trojan that redirects results of online search engines to specific web sites.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %appdata%\­Mozilla\­Firefox\­Profiles\­%defaultprofile%\­searchplugins\­google.xml (2079 B)
  • %programfiles%\­Mozilla Firefox\­searchplugins\­google.xml (2079 B)

The trojan modifies the following file:

  • %appdata%\­Mozilla\­Firefox\­Profiles\­%defaultprofile%\­prefs.js

The following Registry entries are set:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "EnableLUA" = "0"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "ConsentPromptBehaviorAdmin" = "0"
  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Internet Explorer\­SearchScopes]
    • "DefaultScope" = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Internet Explorer\­SearchScopes\­{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    • "(Default)" = "Live Search"
    • "DisplayName" = "@ieframe.dll,-12512"
    • "URL" = "http://www.google.com/cse?cx=partner-pub%censored%"
    • "SuggestionsURLFallback" = "http://www.google.com/cse?cx=partner-pub%censored%"
  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Internet Explorer\­SearchUrl\­g]
    • "(Default)" = "http://www.google.com/cse?cx=partner-pub-%censored%"
Other information

MSIL/Agent.OJF is a trojan that redirects results of online search engines to specific web sites.


The following programs are affected:

  • Internet Explorer
  • Mozilla Firefox

Trojan requires the

  • Microsoft .NET Framework

to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.