Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:13/12/2012
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:47,104 Bytes
MD5 checksum:7daf5088982008bca681a5ede35860ab
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: Adware-WinAd.
   •  Kaspersky:
   •  VirusBuster: Adware.WinAd.AH

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops a file
   • Registry modification
   • Steals information

 Files The following file is created:


 Registry The following registry key is added in order to run the process after reboot:

   • "Media Access"="%PROGRAM FILES%\Media Access\MediaAccK.exe"

The values of the following registry key are removed:

–  [HKLM\Software\Media Access]
   • Updating
   • Request

The following registry keys are added:


[HKLM\SOFTWARE\Media Access]
   • "track"="1"
   • "param"="%hex values%:other::winxp:exe"
   • "LastUpdate"=dword:4315a0a0
   • "reqcount"=dword:00000002

   Media Access]
   • "UninstallString"="%PROGRAM FILES%\Media Access\MediaAccess.exe /Remove"
   • "DisplayName"="Media Access"

   • @="Installer Class"

   • @="{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}"

   • @="MediaAccess.Installer"

 Backdoor Contact server:
The following:
   • **********

As a result it may send some information. This is done via the HTTP POST method using a PHP script.

 Miscellaneous Mutex:
It creates the following Mutexes:
   • MediaAccess
   • MediaAcck

 File details Programming language:
The malware program was written in MS Visual C++.

Description inserted by Iulia Diaconescu on Friday, September 2, 2005
Description updated by Iulia Diaconescu on Monday, September 19, 2005

Back . . . .