Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:28/06/2011
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:61.440 Bytes
MD5 checksum:66A022CA9613A9B2F0FB22D693064E97
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Microsoft: Trojan:Win32/Malex.gen!E
   •  GData: Win32:SmokeLoader-AR

Platforms / OS:
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Falsely reports malware infection or system problems and offers to fix them if the user buys the application.
   • Registry modification

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "}"="%APPDATA%\svchost.exe"="}"="%APPDATA%\svchost.exe"

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Jan-Eric Herting on Wednesday, January 18, 2012
Description updated by Jan-Eric Herting on Wednesday, January 18, 2012

Back . . . .