Cart
Trojan.Dinky.A( Look2Me )
SYMPTOMS: "WriteD" environment variable is present.
Periodical pop-ups with advertisments. These registry keys under [HKLM\Software\Microsoft\Windows\Current Version\Winlogon\Notify\Run]: Asynchronous=0 TECHNICAL DESCRIPTION: This is adware. It logs the URLs visited by the host, and displayes pop-up windows with advertisments, based on the information it gathered. It downloads additional files and executes them - may be updates of itself and configuration files to modify start and search pages. The URLs accessed by the program to provide advertisments are from www.ad-w-a-r-e.com or www.a-d-w-a-r-e.com. It it is installed as a shell extension by ad-supported software or by other malicious software in the %system% directory, with a random file name. It uses a random CLSID every time it is installed, and it sets itself to be notified whenever a user logs on/off or the system shuts down. It also downloads and installs rootkit-like malware, to make itself difficult to remove. Removal instructions: A removal tool will be made available soon. ANALYZED BY: Theodor Ciobanu, virus researcher |