Avira Virus Lab

‹ Back

TR/Spy.198144.53

Summary
  • Name
    TR/Spy.198144.53
  • Date discovered
    Oct 1, 2015
  • VDF version
    7.11.39.156 (2012-08-11 15:12)
Description

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

The term 'Spy' denotes part of a malware sample which tries to collect user information, serial numbers, or keystrokes. It may also upload the collected information to another location called the 'drop zone'.

  • VDF
    7.11.39.156 (2012-08-11 15:12)
  • Aliases
    Avast: Win32:Spyware-gen
    AVG: Win32/DH{gQwDCg8}
    Dr. Web: Trojan.Siggen4.19333
    F-PROT: W32/Serech.A (exact)
    McAfee: W32/Serexy.worm
    Trend Micro: WORM_SERECH.A
    Microsoft: Worm:Win32/Serech.A
    G Data: Trojan.Agent.AXPS
    Kaspersky Lab: Worm.Win32.Serach.d
    Bitdefender: Trojan.Agent.AXPS
    ESET: Win32/Delf.NBI virus
  • Files
    The following copies of itself are created:
    • %DISKDRIVE%\Settings\search.cmd
    • %DISKDRIVE%\?gpj.scr
    The following files are created:
    • %APPDATA%\rcs.jpg
    • %USERPROFILE%\My Documents\My Videos\Desktop.ini
  • Registry
    The following registry entries are added:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Search": "%DISKDRIVE%\Settings\search.cmd")