CurrentVersion - Explorer - SharedTaskScheduler
April 15th, 2006
An icon in the system tray kept poping up a notification saying “Your computer is infected! …”. If clicked the message, it opens the browser and connects to spywarequake.com.
Scanned with Windows Defender and Windows Live Safety Center, they could not find anything …
Finally used the old Spy tool to catch that popup’s class name is “ballon window”. Then searched DLL to find out suprox.dll. In the registry:
[HKEY_CLASSES_ROOT\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}\InProcServer32]
@=”C:\WINDOWS\system32\suprox.dll”
“ThreadingModel”=”Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\SharedTaskScheduler]
“{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}”=”USB Mouse Driver”
SharedTaskScheduler!, a new place to watch out.
Tags: system tray spyware malware spy tool clsid popup SharedTaskScheduler Your computer is infected
Entry Filed under: Programming
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed