Exploit.AdodbStream.J

SYMPTOMS:

A internet page with the caption "Empty !!!" and the content in text " processing... ".
A different cursor on the web page.
The presence of these files :

• C:\4517939186.exe
• C:\autoexec1.exe
• C:\system.exe
• %Temp%\update.exe
• %Windows%\Fonts\%random_name%.exe
  

TECHNICAL DESCRIPTION:

When executed the malware that is a web page performs the following tasks:

* it changes the cursor

* it checks for the browser and the system platform for specific ones

* it downloads a unwanted programs which afterwards executes.

* the programs are downloaded from this site :

• "http://**.justcountrr.org"

* it saves the files on disk in the following paths :

• C:\4517939186.exe
• C:\autoexec1.exe
• C:\system.exe
• %Temp%\update.exe
• %Windows%\Fonts\%random_name%.exe

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Daniel Chipiristeanu, virus researcher