Virus:TR/Amisa.A
Date discovered:10/05/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:36.864 Bytes
MD5 checksum:8c91efcc12252b0F1de247c9fc6093d3
VDF version:6.34.01.57
IVDF version:6.34.01.58 - Wednesday, May 10, 2006

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: DollarRevenue
   •  Kaspersky: Trojan-Clicker.Win32.VB.ly
   •  VirusBuster: trojan Trojan.CL.VB.VNR
   •  Bitdefender: Trojan.Clicker.N


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Steals information

 Registry The following registry key is added in order to run the process after reboot:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "defender"="%malware execution directory%\%executed file%"



The following registry key including all values and subkeys is removed:
   • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mousepad

 Backdoor Contact server:
The following:
   • http://www.popupsandbanners.com/**********?url=%visited URL%



Sends information about:
    • Users' local activity


Remote control capabilities:
    • Visit a website

 File details Programming language:
 The malware program was written in Visual Basic.

Description inserted by Ionut Slaveanu on Tuesday, May 30, 2006
Description updated by Andrei Gherman on Thursday, June 8, 2006

Back . . . .