CurrentVersion - Explorer - SharedTaskScheduler
An icon in the system tray kept poping up a notification saying “Your computer is infected! …”. If clicked the message, it opens the browser and connects to spywarequake.com.
Scanned with Windows Defender and Windows Live Safety Center, they could not find anything …
Finally used the old Spy tool to catch that popup’s class name is “ballon window”. Then searched DLL to find out suprox.dll. In the registry:
[HKEY_CLASSES_ROOT\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}\InProcServer32]
@=”C:\WINDOWS\system32\suprox.dll”
“ThreadingModel”=”Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\SharedTaskScheduler]
“{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}”=”USB Mouse Driver”
SharedTaskScheduler!, a new place to watch out.
Tags: system tray spyware malware spy tool clsid popup SharedTaskScheduler Your computer is infected
Add comment April 15th, 2006