Thursday, April 9, 2009

Desktop Hijack

This kind of Desktop Hijack is used to scare users. The evil code installs restrictions to prevent infected users to restore the original background picture.



The message in the taskbar is from the malware and leads to Antivirus XP Pro 2009 fake security software (rogue) website.

One of the Hijack symptom is the presence of this start key:
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe