Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/Bundledz.C
Date discovered:13/07/2012
Type:Adware
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:285.448 Bytes
MD5 checksum:dc3629f2f6170786d1190E8773fad175
VDF version:7.11.36.42 - Friday, July 13, 2012
IVDF version:7.11.36.42 - Friday, July 13, 2012

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Sunbelt: Artua Vladislav


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads a file
   • Drops files

 Files The following files are created:

– Temporary files that might be deleted afterwards:
   • C:\TEMP\%attachment filename without extension%.log
   • C:\TEMP\33B25DF7.dat
   • C:\TEMP\{32BC7183-A2B1-3B80-0D79-A68C369080FE}\_Setup.dll
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\33B25DF7\cfg\1.ini.tmp
   • C:\TEMP\{32BC7183-A2B1-3B80-0D79-A68C369080FE}\general_logo.jpg.tmp
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe
   • C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll
   • C:\TEMP\{32BC7183-A2B1-3B80-0D79-A68C369080FE}\x86\regsvr32.exe
   • C:\TEMP\{32BC7183-A2B1-3B80-0D79-A68C369080FE}\x64\regsvr32.exe
   • C:\TEMP\_tin44E6.bat




It tries to download some files:

– The location is the following:
   • http://www.nl**********te/images/general_logo.jpg
It is saved on the local hard drive under: C:\TEMP\{32BC7183-A2B1-3B80-0D79-A68C369080FE}\general_logo.jpg.tmp

– The location is the following:
   • http://www.nl**********cfg.php?step_id=1&installer_id=4ffd7e2265f176.76077133&publisher_id=140&source_id=0&page_id=0&affiliate_id=0&geo_location=RO&locale=EN&browser_id=4
It is saved on the local hard drive under: %ALLUSERSPROFILE%\Anwendungsdaten\InstallMate\33B25DF7\cfg\1.ini.tmp

 Miscellaneous Accesses internet resources:
   • www.nlstorage.info
   • 157.152.211.95.in-addr.arpa

Description inserted by Martin Muench on Sunday, July 15, 2012
Description updated by Martin Muench on Sunday, July 15, 2012

Back . . . .