Alias/esBackdoor.MSNMaker.F, Backdoor.Win32.MSNMaker.w, W32/Kelvir.worm.gen | ||||||||||||
Detection Availability
| ||||||||||||
Visible Symptomspresence of the C:\drsmartload.exe | ||||||||||||
Detailed Analysishttp://www.uglyphotos.net/ http://content.dollarrevenue.com/ http://activex.matcash.com/ http://apps.deskwizz.com/ and downloads various packages of Adware and Trojan based malwares C:\windows\RDFX4.exe C:\drsmartload1.exe C:\warebundlenewer.exe C:\Installer4.exe %SystemDir%\iqmon.dll %Windows%\Gck26.exe %Systemdir%\lxcalmon.dll %Windows%\Downloaded Program Files\speedtest2.dll %Program Files%\ToolBar888\MyToolBar.dll drsmartload1135a.exe dropped on the current directory There are several other files dropped that appears to be randomly named and mostly trojan components. HKEY_CURRENT_USER\Software\Effective-i HKEY_CURRENT_USER\Software\Maxthon HKEY_LOCAL_MACHINE\SOFTWARE\System\sysold HKEY_CURRENT_USER\Software\MyToolBar HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor | ||||||||||||
Recommended Action
FortiGate systems: FortiClient systems: |