Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Kazy.191953.1
Date discovered:25/09/2013
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
File size:~167.736 Bytes
VDF version:7.11.104.94 - Wednesday, September 25, 2013
IVDF version:7.11.104.94 - Wednesday, September 25, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Eset: Win32/FirseriaInstaller application
   •  DrWeb: Trojan.DownLoader10.19075


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads a file


Right after execution the following information is displayed:


 Files – %temp%\ins2789\ins2789.exe Furthermore it gets executed after it was fully created.

 Registry The following registry key is added:

– [HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
   • "%temp%\\ins2789\\ins2789.exe"="Appsinstall"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   ZoneMap]
   • "ProxyBypass"=dword:00000001
   • "IntranetName"=dword:00000001
   • "UNCAsIntranet"=dword:00000001
   • "AutoDetect"=dword:00000001

 Miscellaneous  Checks for an internet connection by contacting the following web sites:
   • api.s**********n.com/installer/51**********338/config
   • api.s**********n.com/installer/51**********338/en/ui
   • api.s**********n.com/**********in.css?2013060801
   • api.s**********n.com/**********.min.js
   • api.s**********n.com/**********s.png
   • api.s**********n.com/**********pg
   • wn**********n.com/icon/81**********ng

Description inserted by Soe-liang Tan on Friday, September 27, 2013
Description updated by Soe-liang Tan on Friday, September 27, 2013

Back . . . .