Threat Description

Avgold.D

Details

Aliases: Avgold.D, not-virus:Hoax.Win32.Avgold.d
Category: Hoax
Type:
Platform: W32

Summary


When run, this program copies itself as HOOKDUMP.EXE file to Windows System folder and then creates a startup key for that file in the Registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]  "Intel system tool"="%WinSysDir%\hookdump.exe"   

where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


In addition the program creates an icon in System Tray and periodically displays a popup there:

All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.





Description Details: Alexey Podrezov; July 14th, 2005;


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More