Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:25/01/2014
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:338.984 Bytes
MD5 checksum:44c5b272e1c964dcd78635119e0322f3
VDF version: - Saturday, January 25, 2014
IVDF version: - Saturday, January 25, 2014

 General Method of propagation:
   • No own spreading routine

   •  Eset: Win32/Amonetize.AD application
     Sunbelt: Amonetize (fs)
     DrWeb: Adware.Downware.1833
     Fortinet: Riskware/Amonetize

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
   • Downloads files
   • Registry modification
    Opens website in web browser

 Files  %HOME%\local settings\application data\lollipop\lollipop.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added in order to run the process after reboot:

   • "lollipop"="\"%HOME%\local settings\application data\lollipop\lollipop.exe\" lollipop"

 Miscellaneous Accesses internet resources:

Description inserted by Alexander Bauer on Sunday, January 26, 2014
Description updated by Alexander Bauer on Sunday, January 26, 2014

Back . . . .