Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/InstallCor.D
Date discovered:13/07/2012
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:1.066.984 Bytes
MD5 checksum:627d7df2dd8fca963f0A992d405ca8cb
VDF version:7.11.36.28 - Friday, July 13, 2012
IVDF version:7.11.36.28 - Friday, July 13, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: not-a-virus:WebToolbar.Win32.InstallCore.bna
   •  Sunbelt: Click run software


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads files
   • Drops files
   • Opens website in web browser


Right after execution the following information is displayed:


 Files  It creates the following directories:
   • C:\TEMP\ish432406
   • C:\TEMP\ish432406\css\sdk-ui\images
   • C:\TEMP\ish432406\images



The following files are created:

– Temporary files that might be deleted afterwards:
   • %HOME%\Desktop\Continue Media Finder Installation.lnk
   • C:\TEMP\ICReinstall_%attachment filename without extension%.exe
   • C:\TEMP\is259369358\1157746068.cfg
   • C:\TEMP\is259369358\1789615221.cfg
   • C:\TEMP\is259369358\43494122.cfg
   • C:\TEMP\is259369358\435925_Setup.CIS
   • C:\TEMP\is259369358\436005_Setup.CIS
   • C:\TEMP\is259369358\436163_Setup.CIS
   • C:\TEMP\is259369358\436237_Setup.CIS
   • C:\TEMP\is259369358\662019060.cfg
   • C:\TEMP\is259369358\73400683.cfg
   • C:\TEMP\is259369358\802531261.cfg
   • C:\TEMP\is259369358\845272838.cfg
   • C:\TEMP\is259369358\985787215.cfg
   • C:\TEMP\is259369358\ezLooker-S-Setup_Suite1.exe
   • C:\TEMP\is259369358\mf.exe
   • C:\TEMP\is259369358\MyBabylonTB.exe
   • C:\TEMP\is259369358\Wajam_3004.exe
   • C:\TEMP\isf_435939.flat
   • C:\TEMP\isf_436070.flat
   • C:\TEMP\isf_436208.flat
   • C:\TEMP\isf_436260.flat
   • C:\TEMP\ish432406\bootstrap_29156.html
   • C:\TEMP\ish432406\csshover3.htc
   • C:\TEMP\ish432406\locale\EN.locale

 Miscellaneous Accesses internet resources:
   • os.m**********dn.com
   • rp.m**********dn.com
   • cd**********dn.com
   • cd**********dn.com
   • im**********dn.com

Description inserted by Martin Muench on Sunday, July 15, 2012
Description updated by Martin Muench on Sunday, July 15, 2012

Back . . . .