Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:12/01/2014
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:453.632 Bytes
MD5 checksum:9b21b34077fd47ceb70559b901734819
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: not-a-virus:AdWare.MSIL.DomaIQ.abw
   •  Eset: MSIL/DomaIQ.AV application
   •  DrWeb: Trojan.PayInt.27

It was previously detected as:
   •  TR/Kazy.306183.18
   •  Adware/DomaIQ.3061794

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

 Files It copies itself to the following location:
   • %TEMPDIR%\parent.txt

The following files are created:

– Non malicious file:
   • %TEMPDIR%\111.txt

%TEMPDIR%\%random character string%.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: ADWARE/DomaIQ.6144

 Miscellaneous Accesses internet resources:

Description inserted by Andrei Gherman on Tuesday, January 14, 2014
Description updated by Andrei Gherman on Tuesday, January 14, 2014

Back . . . .