Threat Information for "DollarRevenue"

StopSign will automatically remove this infection with a paid membership.

• Name: DollarRevenue
• Aliases:TR/Dldr.Adlo.CW.8.B, W32/VB-EMU:VB-Downloader-Sml-based!Maximus, Win32:VB-ADJ, Clicker.CKN, Trojan.Downloader.Adload.CW, Trojan-Clicker.VB.nh
• Date Discovered: 2006-08-04
• Protection Added: 2006-08-08

-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistently named
3: Consistent file contents
4: Uses running processes

-- Privacy Risks/Security Changes

1: Downloads other threats

-- Damage/Intrusion/Annoyance

1: Autoruns at startup without an option to be disabled
2: Displays targeted popup advertisements [SPYWARE ONLY]
3: Changes browser home page

-- Propagation/Saturation

1: Infects by Active-X Control
2: Bundled with third-party applications [SPYWARE ONLY]
3: Significantly slows down the computer
4: Creates new files

• Added Directory/File:
  FilePath: %CACHE%\kybrdff*.exe
• Added Directory/File:
  FilePath: %ROOTDRIVE%dfndrff_?.exe
• Added Directory/File:
  FilePath: %WINDIR%\keyboard*.exe
• Added Directory/File:
  FilePath: %CACHE%\dfndrff*.exe
• Added Directory/File:
  FilePath: %ROOTDRIVE%kybrdff_?.exe
• Added Directory/File:
  FilePath: %WINDIR%\teller?.chk
• Added Directory/File:
  FilePath: %WINDIR%\keyboard*.dat
• Added Registry Key:
  Key: HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer
• Added Registry Value:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: defender
• Added Registry Value:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: keyboard