Threat Information for "Adservs.com Command"
| Summary | Top |
- Name: Adservs.com Command
- Aliases:TR/Dldr.Small.buy.1, W32/Trojan.ABS, Win32:Trojano-2873, Downloader.Generic.HGT, Trojan.Downloader.Small.BUY, TrojanDownloader.Small.buy
- Date Discovered: 2006-08-28
- Protection Added: 2006-08-28
| Description | Top |
-- Ease of Removal 1: File names uniquely generated 2: Uses running processes 3: Runs as a service 4: Consistent file contents 5: Consistently named 6: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Displays targeted popup advertisements 2: Creates new files 3: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt - Added Directory/File:
FilePath: %COMMONAPPDATA%\NetMon\domains.txt - Added Directory/File:
FilePath: %WINDIR%\asappsrv.dll FileSize: 187904 MD5: 0f8deb5a57d8310b2d7ef90b84480f13 - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Added Directory/File:
FilePath: %WINDIR%\mte3andi6odoxng.exe* - Added Directory/File:
FilePath: %USERDIR%\Application Data\NetMon - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon - Added Directory/File:
FilePath: %WINDIR%\uninstall_nmon.vbs - Added Directory/File:
FilePath: %USERDIR%\Application Data\NetMon\domains.txt - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon\domains.txt - Added Directory/File:
FilePath: %SYSTEMDIR%\atmtd.dll FileSize: 687592 MD5: 6d5f90ea52fe0cdc102b14485563eba0 - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\Network Monitor\netmon.exe - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon\log.txt - Added Directory/File:
FilePath: %COMMONAPPDATA%\NetMon\log.txt - Added Directory/File:
FilePath: %WINDIR%\command.exe FileSize: 293888 MD5: 3e2c234dde711c6754f2df994fb3cc94 - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon - Added Directory/File:
FilePath: %WINDIR%\TEMP\mc??.tmp - Added Directory/File:
FilePath: %CACHE%\installer_9x*.exe - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Added Directory/File:
FilePath: %TEMPDIR%\cmdinst.exe - Added Directory/File:
FilePath: %USERDIR%\Application Data\NetMon\log.txt - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\Default User\Application Data\NetMon\log.txt - Added Directory/File:
FilePath: %SYSTEMDIR%\atmtd.dll._ FileSize: 687592 MD5: 6d5f90ea52fe0cdc102b14485563eba0 - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\Network Monitor - Added Directory/File:
FilePath: %ROOTDRIVE%\Documents and Settings\NetworkService\Application Data\NetMon - Added Directory/File:
FilePath: %COMMONAPPDATA%\NetMon - Added Directory/File:
FilePath: %WINDIR%\*.vbs FileSize: 472 MD5: 387edbb90a5275d1b464eb31f3162c40 - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} - Added Registry Value:
Key: HKLM\SOFTWARE\Policies Value: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Added Registry Value:
Key: HKLM\SOFTWARE\Policies Value: {645FF040-5081-101B-9F08-00AA002F954E} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Command - Added Registry Value:
Key: HKLM\SOFTWARE\Policies Value: {6BF52A52-394A-11D3-B153-00C04F79FAA6} - Runs Service:
Service: mchInjDrv - Runs Service:
Service: Network Monitor - Runs Service:
Service: cmdService - Added Module:
Process: *.* Module: asappsrv.dll
