Threat Information for "Adservs.com Command"

StopSign will automatically remove this infection with a paid membership.

• Name: Adservs.com Command
• Aliases:TR/Dldr.Small.buy.1, W32/Trojan.ABS, Win32:Trojano-2873, Downloader.Generic.HGT, Trojan.Downloader.Small.BUY, TrojanDownloader.Small.buy
• Date Discovered: 2006-08-28
• Protection Added: 2006-08-28

-- Ease of Removal

1: File names uniquely generated
2: Uses running processes
3: Runs as a service
4: Consistent file contents
5: Consistently named
6: Creates new registry entries with consistent data

-- Damage/Intrusion/Annoyance

1: Displays targeted popup advertisements
2: Creates new files
3: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Installed by other infections

• Added Directory/File:
  FilePath: %USERDIR%\Application Data\NetMon
• Added Directory/File:
  FilePath: %WINDIR%\mte3andi6odoxng.exe*
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon
• Added Directory/File:
  FilePath: %USERDIR%\Application Data\NetMon\domains.txt
• Added Directory/File:
  FilePath: %WINDIR%\uninstall_nmon.vbs
• Added Directory/File:
  FilePath: %SYSTEMDIR%\atmtd.dll FileSize: 687592 MD5: 6d5f90ea52fe0cdc102b14485563eba0
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon\domains.txt
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
• Added Directory/File:
  FilePath: %PROGRAMFILESDIR%\Network Monitor\netmon.exe
• Added Directory/File:
  FilePath: %WINDIR%\command.exe FileSize: 293888 MD5: 3e2c234dde711c6754f2df994fb3cc94
• Added Directory/File:
  FilePath: %COMMONAPPDATA%\NetMon\log.txt
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon
• Added Directory/File:
  FilePath: %CACHE%\installer_9x*.exe
• Added Directory/File:
  FilePath: %WINDIR%\TEMP\mc??.tmp
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
• Added Directory/File:
  FilePath: %USERDIR%\Application Data\NetMon\log.txt
• Added Directory/File:
  FilePath: %TEMPDIR%\cmdinst.exe
• Added Directory/File:
  FilePath: %SYSTEMDIR%\atmtd.dll._ FileSize: 687592 MD5: 6d5f90ea52fe0cdc102b14485563eba0
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon\log.txt
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon
• Added Directory/File:
  FilePath: %PROGRAMFILESDIR%\Network Monitor
• Added Directory/File:
  FilePath: %WINDIR%\*.vbs FileSize: 472 MD5: 387edbb90a5275d1b464eb31f3162c40
• Added Directory/File:
  FilePath: %COMMONAPPDATA%\NetMon
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
• Added Directory/File:
  FilePath: %WINDIR%\asappsrv.dll FileSize: 187904 MD5: 0f8deb5a57d8310b2d7ef90b84480f13
• Added Directory/File:
  FilePath: %COMMONAPPDATA%\NetMon\domains.txt
• Added Directory/File:
  FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon\log.txt
• Added Registry Key:
  Key: HKLM\%CURRENTVERSIONREG%\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
• Added Registry Key:
  Key: HKLM\%CURRENTVERSIONREG%\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
• Added Registry Value:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: Command
• Added Registry Value:
  Key: HKLM\SOFTWARE\Policies Value: {6BF52A52-394A-11D3-B153-00C04F79FAA6}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Policies Value: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Policies Value: {645FF040-5081-101B-9F08-00AA002F954E}
• Runs Service:
  Service: mchInjDrv
• Runs Service:
  Service: Network Monitor
• Runs Service:
  Service: cmdService
• Added Module:
  Process: *.* Module: asappsrv.dll