Type: Adclicker
Size: 40960 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:
| Trojan-Clicker.Win32.VB.nh (Kaspersky) |
Characteristics :
1) Creates the following registry keys :
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\keyboard = kybrdad_5.exe
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\defender = dfndrad_5.exe
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\newname = nwnmad_5.exe
2) Create the following files :
◊ %root%\dfndrad_5.exe
◊ %root%\drsmartload1.exe
◊ %root%\drsmartload849a.exe
◊ %root%\kybrdad_5.exe
◊ %root%\nwnmad_5.exe
◊ %root%\warebundlenew.exe
◊ %WINDOWS%\keyboard1.dat
◊ %WINDOWS%\newname.dat
◊ %WINDOWS%\teller2.chk
When worm run,downloads worms files from the following sites:
http://promo.dollarrevenue.com
http://www.nonameforthisdomain.com
http://www.onli-ne.com