Overview
Characteristics
When executed this trojan creates the following registry keys:
- hkey_local_machine\software\microsoft\downloadmanager
- hkey_current_user\software\microsoft\windows\currentversion
\internet settings\zonemap\\intranetname="1" - hkey_current_user\software\microsoft\windows\currentversion
\internet settings\zonemap\\uncasintranet="1"
It also modifies the Internet Explorer Settings.
Symptoms
Presence of the registry keys mentioned .
The applications creates the following network connections(s):
- ac3_0005.exe server:network server address port:80
- ac3_0005.exe server:127.0.0.1 port:1084
Method of Infection
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Many of these additionally are mass spammed by the author to entice people into double-clicking on them.
Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants