Troj/FakeAV-DTH

Category: Viruses and SpywareProtection available since:20 May 2011 19:39:48 (GMT)
Type: TrojanLast Updated:20 May 2011 19:39:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-DTH exhibits the following characteristics:

File Information

Size
413K
SHA-1
c782a821a4c1b4001772f06251e35c9d2d53fe7a
MD5
be24d28de1d57f857991c8ee60390abc
CRC-32
d66fa04b
File type
application/x-ms-dos-executable
First seen
2011-05-20

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\fOEqVGtijLGLKa.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\tmpCAD3.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe_Flash_Player.exe
    Size
    220K
    SHA-1
    e0f87cff0e22b0b6f49452fa0fde72650b623cc7
    MD5
    3b8f6e198bd795fd66fed763a8ec1bc2
    CRC-32
    f8090816
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-20
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    fOEqVGtijLGLKa
    C:\Documents and Settings\All Users\Application Data\fOEqVGtijLGLKa.exe
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\all users\application data\foeqvgtijlglka.exe
HTTP Requests
  • http://searchagree.org/404.php
  • http://searchbound.org/pica1/508-direct
DNS Requests
  • searchagree.org
  • searchbound.org