Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/Relevant.Q
Date discovered:09/01/2012
Type:Adware
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:356.992 Bytes
MD5 checksum:cbd0707569ec6cf952912ac4c42c37da
VDF version:7.11.20.203 - Monday, January 9, 2012
IVDF version:7.11.20.203 - Monday, January 9, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: WebToolbar.Win32.RK.cb
   •  Bitdefender: Adware.Relevant.BA
   •  Eset: Win32/Adware.RK.AB
   •  GData: Adware.Relevant.BA
   •  Authentium: W32/AdSpy.A
   •  DrWeb: Adware.Relevant.78


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

 Registry The following registry key is added:

– HKLM\SYSTEM\ControlSet001\Control\Session Manager
   • "PendingFileRenameOperations"="\??\%malware execution directory%\%executed file%"

– HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
   • "PendingFileRenameOperations"="\??\%malware execution directory%\%executed file%"

 Miscellaneous Accesses internet resources:
   • http://%s%s


String:
Furthermore it contains the following strings:
   • TMRG, INC.
   • RelevantKnowledge Installer
   • RKInstaller.exe
   • osspdf.dll
   • ossservice.exe
   • nsosscfg.exe
   • sporder.dll
   • osrouter.dll
   • nscheck.exe
   • osconfig.dll
   • okshook.dll
   • csloa2.dll
   • csloa.dll
   • osmim.dll
   • rk.exe
   • ossproxy.exe
   • \rkinstaller.exe
   • Del%u
   • command /c del %s

 File details Programming language:
The malware program was written in MS Visual C++.

Description inserted by Martin Muench on Friday, February 17, 2012
Description updated by Martin Muench on Friday, February 17, 2012

Back . . . .