Virus:TR/Click.Yabector.192000B
Date discovered:10/02/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:192.000 Bytes
MD5 checksum:9dc0f7b1985914860f51498e3b9d12f6
IVDF version:7.10.04.17 - Wednesday, February 10, 2010

 General Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a file
   • Registry modification

 Files It tries to download some files:

– The location is the following:
   • http://www.adon-demand.de/red/**********/


– The location is the following:
   • http://rover.ebay.com/rover/1/711-53200-19255-0/**********?icep_ff3=1&pub=5574631910&toolid=10001&campid=5336258404&customid=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg

 Registry The following registry key is changed:

– [HKEY_USERS\S-1-5-21-2025429265-1425521274-839522115-1003\Software\
   Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
   New value:
   • "ProxyBypass"=dword:0x00000001

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Petre Galan on Wednesday, February 24, 2010
Description updated by Petre Galan on Wednesday, February 24, 2010

Back . . . .