Virus:TR/EliteBar.C
Date discovered:30/09/2005
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:138.763 Bytes
MD5 checksum:97e5da6315456a838cfb3ea4a2fb4d26
VDF version:6.32.0.25

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Trojan.Elitebar
   •  Mcafee: AdClicker-BA
   •  Bitdefender: Trojan.EliteBar.C


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files

 Files %WINDIR%\etb\etb.ini This is a non malicious text file with the following content:
   • uninstalled=no
     FirstTimeStarted=1
     SearchIndex=0
     AutoComplete=1
     ac1=adult
     adult.tbr=0
     popupblocker=no
     popups=yes
     pthreshold=5
     default.tbr=0
     search.mnu=0
     version=69
     pokapopup=1

%WINDIR%\silent_setup.exe Further investigation pointed out that this file is malware, too. Detected as: TR/Elitebar.F

%system drive root%\temp.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
%WINDIR%\etb\pokapoka%several random digits%.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: Coming Soon

 File details Programming language:
 The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • PE Compact 2

Description inserted by Catalin Jora on Friday, September 30, 2005
Description updated by Catalin Jora on Friday, October 7, 2005

Back . . . .