When run, this program copies itself as HOOKDUMP.EXE file to Windows System folder and then creates a startup key for that file in the Registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Intel system tool"="%WinSysDir%\hookdump.exe"
where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
In addition the program creates an icon in System Tray and periodically displays a popup there:
All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.
Description Created: July 14, 2005Description Details: Alexey Podrezov;