Filetonic Filetonic logo print version

Ask a Question

To find an exe file, dll file or file extension visit the library »

 

Adonai Browser Hijacker Spyware

The AdonAi application downloads harmful files into the user’s computer.

The AdonAi software enters the machine by detecting weaknesses in the computer’s security. Machines that were previously infected with malicious software or backdoor programs are especially vulnerable. The user may have also downloaded the AdonAi software inadvertently.

The AdonAi application uses this vulnerability in the system to connect to a website. It receives commands from the remote server that it will execute in the system. It can also download information that may cause the computer damage. The AdonAi program usually does so without the user’s consent.

The AdonAi application is also known as a browser hijacker. Hijackers can alter Web browser settings. The AdonAi program accesses the hosts file when the user attempts to connect to a security-related site. It can then redirect the user to a site that posts advertisements. The AdonAi software can also redirect it to a malicious site that can trigger malware downloads. One indication of browser hijacking is when the home page has changed even if the user has not changed it.

The AdonAi program can allow an intruder to perform Denial of Service (DoS) attacks. Intruders can disable programs remotely. They usually disable anti-virus and firewall programs. They can crash the infected machine. Hackers can use the infected computer to attack servers. They can also use the AdonAi application to block the user’s access in the Internet.

The AdonAi software creates the following processes once it enters the system: 

  • %Temp%\exploit.win32.adonai\exploit.win32.adonai;
  • %Temp%\exploit.win32.hmd\exploit.win32.hmd;
  • %Temp%\Packed.Win32.Tibs.d\Packed.Win32.Tibs.d;
  • %Temp%\Exploit.Win32.MS04-034.b\Exploit.Win32.MS04-034.b;
  • %Temp%\Packed.Win32.Klone.b\Packed.Win32.Klone.b;
  • and %Temp%\Packed.Win32.Klone.e\Packed.Win32.Klone.e.

These allow the AdonAi application to manipulate Web browser settings and create a backdoor for hackers.

The AdonAi program then stops the remote access connection manager, application layer gateway service and telephony to completely invade the user’s browser and connection:

The hacker Del_Armg0 reportedly developed the AdonAi program. The AdonAi application can allegedly be accessed at http://hammer.prohosting.com/~dellya.

Other names commonly used to identify the application are:

  • Win32/Adonai;
  • Win32/Adonai.A.Trojan;
  • Backdoor.Win32.Celine;
  • BackDoor-OY;
  • Bck/Celine;
  • Win32.Celine;
  • Win32/Celine Trojan;

and Exploit.Win32.Adonai.

Related posts

constant-content.com | November 13th, 2009
Tags: , , ,
Categories: Spyware

You can leave a comment, or trackback from your own site.

Leave a Reply

  •  
Filetonic Scanner » Download free scan tools:
Clean, repair & optimize your PC.
Techjocks recommended!

Categories

Latest RSS

Looking for Answers?

  • Frequently Asked Questions
  • Tutorials
  • Professional advice

Visit our Resources area »


About Us | Disclaimer | Library | Follow us on Twitter | Privacy Policy
| EXE Files, | File ExtensionsCopyright © 2007-2009 Filetonic.com