it consultancy

MatrixSearch malware

MatrixSearch details

  • Description

    MatrixSearch is an illegal advertising program that displays large amount of undesirable pop-ups in Internet Explorer. The parasite can secretly get into the system while visiting some malicious web sites. Once executed, MatrixSearch creates a file, registers it in the system and modifies the registry, so that the threat runs on every Windows startup.

  • Dll

    mshtmpre.dll

  • Registry

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunLoadHTML=rundll32.exe C:WindowsSystem32egsvr32.exe,mshtmpreHKEY_CLASSES_ROOTBho.htmlHKEY_CLASSES_ROOTBho.html.1HKEY_CLASSES_ROOTBho1.htmlHKEY_CLASSES_ROOTBho1.html.1HKEY_CLASSES_ROOTAutoSearch1.BHOsrcHKEY_CLASSES_ROOTAutoSearch1.BHOsrc.1HKEY_CLASSES_ROOTAutoSearch1.SrchHookHKEY_CLASSES_ROOTAutoSearch1.SrchHook.1HKEY_CLASSES_ROOTCLSID{15651C7C-E812-44a2-A9AC-B467A2233E7D}HKEY_CLASSES_ROOTCLSID{622CC208-B014-4FE0-801B-874A5E5E403A}HKEY_CLASSES_ROOTCLSID{9C5B2F29-1F46-4639-A6B4-828942301D3E}HKEY_CLASSES_ROOTCLSID{D879A0F1-2B3B-4409-8879-FAD6E49E1EA9}HKEY_CLASSES_ROOTInterface{16F6A635-09F8-44E6-953E-81D037647255}HKEY_CLASSES_ROOTInterface{34DCDBDB-60EF-4281-92C6-68C299AAB8E5}HKEY_CLASSES_ROOTInterface{722C6699-FDF7-4B4F-BDD0-F84CF5791A80}HKEY_CLASSES_ROOTInterface{FC02833E-9FDE-4862-974F-828887716A28}HKEY_CLASSES_ROOTTypeLib{5E6895EA-E919-4331-ADBE-827D4D8915AC}HKEY_CLASSES_ROOTTypeLib{B8F9DD56-4FFA-47B0-B9D7-42F45A752F4E}HKEY_CLASSES_ROOTTypeLib{E9A45914-275E-4866-BB75-5D65CBC3F311}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{622CC208-B014-4FE0-801B-874A5E5E403A}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9C5B2F29-1F46-4639-A6B4-828942301D3E}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D879A0F1-2B3B-4409-8879-FAD6E49E1EA9}HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_gotoworkHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_onlyoneHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_reconfig3HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_reconfig5HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_reconfig9HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_stopengineHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLshtml_unresidentHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware PublishingTrust Database