SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Dinky.A

HIGH
LOW
~230Kb (~485Kb uncompressed)
(Look2Me)

Symptoms

"WriteD" environment variable is present.
Periodical pop-ups with advertisments.
These registry keys under [HKLM\Software\Microsoft\Windows\Current Version\Winlogon\Notify\Run]:
 Asynchronous=0
 DllName="<full_path_of_infecte_file>"
 Impersonate=0
 Logoff="WinLogoff"
 Logon="WinLogon"
 Shutdown="WinShutdown"

Removal instructions:

A removal tool will be made available soon.

Analyzed By

Theodor Ciobanu, virus researcher

Technical Description:

This is adware. It logs the URLs visited by the host, and displayes pop-up windows with advertisments, based on the information it gathered. It downloads additional files and executes them - may be updates of itself and configuration files to modify start and search pages. The URLs accessed by the program to provide advertisments are from www.ad-w-a-r-e.com or www.a-d-w-a-r-e.com.

It it is installed as a shell extension by ad-supported software or by other malicious software in the %system% directory, with a random file name. It uses a random CLSID every time it is installed, and it sets itself to be notified whenever a user logs on/off or the system shuts down. It also downloads and installs rootkit-like malware, to make itself difficult to remove.

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources