Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:17/04/2014
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:
IVDF version:

 General APPL/ - Application

This class of detection flags applications that if used unproperly or with malicious intent might damage or compromise security on the local system, remote systems or network infrastructure. These are legitimate applications that can be used to extract protected information, provide remote access to the local machine, modify advanced system settings or perform advanced operating system or networking functions.

This detection doesn't mean that the file is malicious. However, if the file got on the system without the user's knowledge the system's security might be compromised.

Disabling this detection is recommended for advanced users that understand the risks and how to use these applications.
Method of propagation:
   • No own spreading routine

   •  Kaspersky: not-a-virus:AdWare.Win32.Agent.ahbx
   •  Eset: Win32/BrowseFox.F application
   •  DrWeb: Trojan.BPlug.27

Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files  It creates the following directory:
   • %PROGRAM FILES%\GrabRez

 Registry The following registry keys are added:

– HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
   • HRZR_EHACNGU:P:\Qbxhzragr haq Rvafgryyhatra\Nqzva\Qrfxgbc\28095393_574q5863.rkr

– HKCU\Software\GrabRez
   • id

– HKCU\Software\GrabRez
   • iid

– HKCU\Software\GrabRez
   • is

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • NSIS

Description inserted by Oscar Anduiza on Tuesday, April 22, 2014
Description updated by Oscar Anduiza on Tuesday, April 22, 2014

Back . . . .