Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:03/03/2006
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:65.536 Bytes
MD5 checksum:719b8ac82a1bab354d5cf3d2a0f255b2
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky:

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Registry modification
   • Steals information

 Registry The following registry key is added in order to run the process after reboot:

   • "mousepad"="%malware execution directory%\%executed file%"

The values of the following registry key are removed:

–  [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
   • "winsysban"
   • "adtech2006"
   • "adtech2005"
   • "sp2"
   • "sp2update"
   • "redirect"
   • "banmanpro"

 Backdoor Contact server:
One of the following:

As a result it may send some information.

Sends information about:
     visited URLs

 File details Programming language:
The malware program was written in Visual Basic.

Description inserted by Daniel Constantin on Monday, March 6, 2006
Description updated by Daniel Constantin on Monday, March 6, 2006

Back . . . .