Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/ADownloader.A
Date discovered:12/07/2012
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
File size:791.320 Bytes
MD5 checksum:7208ab8512d5e9e0292a00cf56ec9fa1
VDF version:7.11.36.20 - Thursday, July 12, 2012
IVDF version:7.11.36.20 - Thursday, July 12, 2012

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads files


Right after execution the following information is displayed:


 Files It tries to download some files:

– The location is the following:
   • http://www.ge**********er.com/files/install_flashplayer11x64_mssd_aih_de.exe
It is saved on the local hard drive under: %HOME%\Vorlagen\install_flashplayer11x64_mssd_aih_de.exe

– The location is the following:
   • http://s3**********naws.com/installshare/client/files/bab_setup.exe
It is saved on the local hard drive under: C:\TEMP\InstallShare\22279\bab_setup.exe

 Registry The following registry keys are added:

– [HKCU\Software\teaminternet\is-downloader]
   • ""=""
   • "ClientID"="60b781f6-6b10-4ea1-8504-44c38c874a2e"

– [HKEY_USERS\S-1-5-21-299502267-515967899-839522115-500\Software\
   teaminternet\is-downloader]
   • ""=""
   • "ClientID"="60b781f6-6b10-4ea1-8504-44c38c874a2e"

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: Adobe Flash Player Installer
Please note that the malware even fakes the icon. As a result it appears to be the above mentioned process.

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Martin Muench on Saturday, July 14, 2012
Description updated by Martin Muench on Saturday, July 14, 2012

Back . . . .