Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:25/01/2014
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:338.984 Bytes
MD5 checksum:44c5b272e1c964dcd78635119e0322f3
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Eset: Win32/Amonetize.AD application
   •  Sunbelt: Amonetize (fs)
   •  DrWeb: Adware.Downware.1833
   •  Fortinet: Riskware/Amonetize

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Downloads files
   • Registry modification
   • Opens website in web browser

 Files – %HOME%\local settings\application data\lollipop\lollipop.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "lollipop"="\"%HOME%\local settings\application data\lollipop\lollipop.exe\" lollipop"

 Miscellaneous Accesses internet resources:

Description inserted by Alexander Bauer on Sunday, January 26, 2014
Description updated by Alexander Bauer on Sunday, January 26, 2014

Back . . . .