Home > Threat descriptions >

Avgold.D

Classification

Category: Hoax

Type: -

Aliases: Avgold.D, not-virus:Hoax.Win32.Avgold.d

Summary


When run, this program copies itself as HOOKDUMP.EXE file to Windows System folder and then creates a startup key for that file in the Registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel system tool"="%WinSysDir%\hookdump.exe"
 

where %WinSysDir% represents Windows System folder name. Then the program extracts and HTML file called SCREEN.HTML and puts it on Windows Desktop. As a result the desktop will look like that:

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


In addition the program creates an icon in System Tray and periodically displays a popup there:

All the claims that the program does using the webpage and a popup are false and are only aimed to make a user click on "Removal Instructions" link. The link points to the www.antivirus-gold.com website.

Description Created: July 14, 2005

Description Details: Alexey Podrezov;