Virus:TR/Inject.alwi
Date discovered:04/12/2009
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:704.512 Bytes
MD5 checksum:fdb70ae37cff5442d8f60e02caf9bc29
IVDF version:7.10.01.167 - Friday, December 4, 2009

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Generic Dropper.ob
   •  Eset: Win32/Injector.AMI


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads files

 Files  It creates the following directory:
   • %userprofile%\Local Settings\Application Data\Gameztar Toolbar




It tries to download some files:

– The location is the following:
   • http://download.gameztar.com/toolbar/gameztar/download/toolbar/2.1.3.r6670/000012_wvr/**********
It is saved on the local hard drive under: %temporary internet files%\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe Furthermore this file gets executed after it was fully downloaded.

– The location is the following:
   • http://download.gameztar.com/toolbar/gameztar/download/toolbar/2.1.3.r6670/000012_wvr/**********
It is saved on the local hard drive under: %temporary internet files%\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll Furthermore this file gets executed after it was fully downloaded.

– The location is the following:
   • http://download.gameztar.com/toolbar/gameztar/download/updater/2.1.2.r6380/000012_wvr/**********
It is saved on the local hard drive under: %temporary internet files%\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe Furthermore this file gets executed after it was fully downloaded.

– The location is the following:
   • http://download.gameztar.com/toolbar/gameztar/download/updater/2.1.2.r6380/000012_wvr/**********
It is saved on the local hard drive under: %userprofile%\Local Settings\Application Data\Gameztar Toolbar\2.1.3.6670\bin\mvbup.exe Furthermore this file gets executed after it was fully downloaded.

Description inserted by Raluca Georgescu on Thursday, January 7, 2010
Description updated by Raluca Georgescu on Thursday, January 7, 2010

Back . . . .