Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:ADWARE/Kazy.225291
Date discovered:26/08/2013
Type:Adware
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:7.11.98.54 - Monday, August 26, 2013
IVDF version:7.11.98.54 - Monday, August 26, 2013

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Eset: Win32/InstalleRex.K


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Registry modification


Right after execution the following information is displayed:


 Files The following files are created:

Non malicious files:
   • %temp%\{5F5A58CF-847C-40BD-A256-CC5E84B97A39}\_Setup.dll
   • %temp%\{5F5A58CF-847C-40BD-A256-CC5E84B97A39}\Setup.ico
   • %temp%\{5F5A58CF-847C-40BD-A256-CC5E84B97A39}\Readme.txt
   • %temp%\{5F5A58CF-847C-40BD-A256-CC5E84B97A39}\Custom.dll
   • %temp%\{5F5A58CF-847C-40BD-A256-CC5E84B97A39}\Setup.exe

– A file that is for temporary use and it might be deleted afterwards:
   • %temp%\TsuAF8E6998.dll

 Registry The following registry keys are added:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   • "ReceiveTimeout"=dword:000927c0
   • "MigrateProxy"=dword:00000001
   • "ProxyEnable"=dword:00000000
   • "ProxyServer"=-
   • "ProxyOverride"=-
   • "AutoConfigURL"=-

[HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
   Internet Settings]
   • "ProxyEnable"=dword:00000000

 Miscellaneous In order to check for its internet connection the following DNS servers are contacted:
   • s**********un.info
   • pr**********ty.asia
   • cy**********pp.info
   • dl.so**********ers.net

Description inserted by Soe-liang Tan on Wednesday, August 28, 2013
Description updated by Soe-liang Tan on Wednesday, August 28, 2013

Back . . . .