Avgold.D

Summary

---

When run, this program copies itself as HOOKDUMP.EXE file to Windows System folder and then creates a startup key for that file in the Registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]  "Intel system tool"="%WinSysDir%\hookdump.exe"   

where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:

Removal

---

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

---

In addition the program creates an icon in System Tray and periodically displays a popup there:

All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.

Description Created: July 14, 2005

Description Details: Alexey Podrezov;