1. /
  2. Security Response/
  3. Glindorus

Glindorus

Updated:
November 7, 2013 12:39:41 PM
Type:
Potentially Unwanted App
Name:
Glindorus
Version:
1.0.0.1
Publisher:
Glindorus
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP
The program is downloaded as an add-on for the Internet Explorer, Firefox and Chrome browsers.

When the program is executed, it may create the following files:
  • %ProgramFiles%\glindorus\glindorus.ico
  • %ProgramFiles%\glindorus\glindorusBHO.dll
  • %ProgramFiles%\glindorus\glindorusUninstall.exe
  • %ProgramFiles%\glindorus\updateglindorus.InstallState
  • %ProgramFiles%\glindorus\updateglindorus.exe

The program may create the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\Internet Explorer\"sie" = "false"
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\Firefox\"sff" = "false"
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\Chrome\"sgc" = "false"
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\"is" = "def_glindorus"
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\"iid" = "def_glindorus"
  • HKEY_LOCAL_MACHINE\SOFTWARE\glindorus\"id" = "%TIME%"

The program may then create the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\glindorus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9598e82a-7e09-4438-b425-b9e9718c3c73}
  • HKEY_CLASSES_ROOT\TypeLib\{1A1BD1A4-DE07-441E-8EAF-880C7FDF7683}
  • HKEY_CLASSES_ROOT\Interface\{886CB8E6-B6B1-492B-8FE6-CE8AC83F6AC5}
  • HKEY_CLASSES_ROOT\CLSID\{9598e82a-7e09-4438-b425-b9e9718c3c73}

The program may also create a service with the following properties:
  • Display Name: Update glindorus
  • Image Path: %ProgramFiles%\glindorus\updateglindorus.exe

Next, the program connects to the following URLs:
  • [http://]install.glindorus.net/i[REMOVED]
  • [http://]install.glindorus.net/i[REMOVED]
  • [http://]install.glindorus.net/m[REMOVED]
  • [http://]api.glindorus.net/r[REMOVED]
  • [http://]wpc.edgecastcdn.net[REMOVED]

The program may send searched keywords and show advertisements in the affected Web browser.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver