F-Secure
Tools
Avgold.D
| Alias: | not-virus:Hoax.Win32.Avgold.d |
| Category: | Hoax |
Detailed Description
When run, this program copies itself as HOOKDUMP.EXE file to Windows System folder and then creates a startup key for that file in the Registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel system tool"="%WinSysDir%\hookdump.exe"
where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:
In addition the program creates an icon in System Tray and periodically displays a popup there:
All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.
Write-up: Alexey Podrezov; July 14th, 2005;
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel system tool"="%WinSysDir%\hookdump.exe"
where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:
In addition the program creates an icon in System Tray and periodically displays a popup there:
All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.
Write-up: Alexey Podrezov; July 14th, 2005;