virus.win32.ramnit.a
virus.win32.ramnit.a also known as Conduit (fs), Conduit (fs), PUA.Conduit!8.122-6a3Y31XoOLS (cloud). Malware Analysis of virus.win32.ramnit.a – CONDUITENGINE.DLL Created files: %Program Files%\Conduit\Community Alerts\Alert.dll %Program Files%\ConduitEngine\appContextMenu.xml %Program Files%\ConduitEngine\ConduitEngine.dll %Program Files%\ConduitEngine\ConduitEngineHelper.exe %Program Files%\ConduitEngine\ConduitEngineUninstall.exe Autostart registry keys: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\DisplayName: “programascom Customized Web Search” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine\DisplayName: “Conduit Engine” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONDUITENGINE\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\CONDUI~1\CONDUITENGINEUNINSTALL.EXE” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\programascom Toolbar\DisplayName: “programascom Toolbar” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PROGRAMASCOM TOOLBAR\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\PROGRA~1\UNINST~1.EXE” HKLM\Software\conduitEngine\toolbar\DisplayName: “Conduit Engine” HKLM\Software\programascom\toolbar\DisplayName: “programascom”…