Win32/Iyeclore [Threat Name] go to Threat

Win32/Iyeclore.C [Threat Variant Name]

Category trojan
Detection created Feb 03, 2010
Detection database version 4832
Aliases Trojan.Win32.LinkReplacer.g (Kaspersky)
  Trojan:Win32/Iyeclore.A!dll (Microsoft)
  BackDoor-AWQ.m.trojan (McAfee)
Short description

Win32/Iyeclore.C is a trojan which tries to promote certain web sites. The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc. The trojan is probably a part of other malware.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %systemdrive%\­Program Files\­Common Files\­System\­ado\­msadomd.htm
Other information

Win32/Iyeclore.C is a trojan which tries to promote certain web sites. The trojan contains a list of (5) URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %systemdrive%\­Program Files\­Common Files\­system\­ado\­tmp111.tmp
  • %systemdrive%\­Program Files\­Common Files\­system\­ado\­mdacbg.xml

The HTTP protocol is used.


The trojan affects the behavior of the following applications:

  • Internet Explorer
  • Maxthon
  • Tencent Traveler

The trojan changes information related to the following services:

  • MSN

The user may be redirected to one of the following Internet web sites:

  • http://unstat.baidu.com/bdun.bsc?tn=ozmn_pg&cv=0&cid=1173165&csid=102&bgcr=ffffff&urlcr=0000ff&tbsz=160&defid=2

It can execute the following operations:

  • steal information from the Windows clipboard
  • download files from a remote computer and/or the Internet

The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.

Please enable Javascript to ensure correct displaying of this content and refresh this page.