Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Kazy.iwd
Date discovered:23/04/2012
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
File size:226792 Bytes
MD5 checksum:d542394dbb8f9e04a4be06476f3589c6
VDF version:7.11.28.92 - Monday, April 23, 2012
IVDF version:7.11.28.92 - Monday, April 23, 2012

 General Method of propagation:
   • No own spreading routine


Alias:
     Norman: Trojan W32/Banker.FXGR


Side effects:
   • Registry modification

 Registry It registers a browser helper object (BHO) by adding the following keys:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{F99BD4F5-D402-4c21-A8BC-510830B6BE37}]
   • "(Default)"="Adobe PDF Reader Link Helper"
   • "NoExplorer"="dword:0x00000001"

[HKCR\linkrdr.AIEbho.1]
   • "(Default)"="Adobe PDF Reader Link Helper"

[HKCR\linkrdr.AIEbho.1\CLSID]
   • "(Default)"="{F99BD4F5-D402-4c21-A8BC-510830B6BE37}"

[HKCR\linkrdr.AIEbho]
   • "(Default)"="Adobe PDF Reader Link Helper"

[HKCR\linkrdr.AIEbho\CLSID]
   • "(Default)"="{F99BD4F5-D402-4c21-A8BC-510830B6BE37}"

[HKCR\linkrdr.AIEbho\CurVer]
   • "(Default)"="linkrdr.AIEbho.1"

[HKLM\SOFTWARE\Classes\linkrdr.AIEbho.1]
   • "(Default)"="Adobe PDF Reader Link Helper"

[HKLM\SOFTWARE\Classes\linkrdr.AIEbho.1\CLSID]
   • "(Default)"="{F99BD4F5-D402-4c21-A8BC-510830B6BE37}"

[HKLM\SOFTWARE\Classes\linkrdr.AIEbho]
   • "(Default)"="Adobe PDF Reader Link Helper"

[HKLM\SOFTWARE\Classes\linkrdr.AIEbho\CLSID]
   • "(Default)"="{F99BD4F5-D402-4c21-A8BC-510830B6BE37}"

[HKLM\SOFTWARE\Classes\linkrdr.AIEbho\CurVer]
   • "(Default)"="linkrdr.AIEbho.1"

 Miscellaneous Event handler:
It creates the following Event handlers:
   • CreateFile
   • ShellExecute

 File details Programming language:
The malware program was written in MS Visual C++.

Description inserted by Wensin Lee on Wednesday, April 25, 2012
Description updated by Wensin Lee on Wednesday, April 25, 2012

Back . . . .