it consultancy

Aurora malware

Aurora details

  • Description

    Aurora is an adware parasite that displays undesirable commercial advertisements using Internet Explorer web browser. It also tracks user activity in the Internet and sends gathered data to certain web servers. Aurora can download and install its additional malicious components. The parasite can get into the system along with some ad-supported software. It also can be manually installed. Once executed, Aurora creates several files (some of them have random names) and modifies the registry, so that the threat runs on every Windows startup.

  • Exe

    nail.exesvcproc.exe

  • Dll

    drpmon.dll

  • Registry

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell=explorer.exe percentWindirpercent ail.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun[random name]HKEY_CURRENT_USERSoftwareauroraHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSvcProcHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintMonitorsepMonHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallabi-1