TROJ_SMALLTR.AOL

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It arrives as a component bundled with malware/grayware packages.

Arrival Details

This Trojan may be downloaded by other malware/grayware/spyware from remote sites.

It arrives as a component bundled with malware/grayware packages.

Installation

This Trojan adds the following folders:

• %Current Folder%\plugin

It drops the following file(s)/component(s):

• %Windows%\{Random File Name}.dll - detected as TROJ_ADCLICKR.FW

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It drops the following non-malicious files:

• %Current Folder%\plugin\Window.dll
• %Current Folder%\plugin\Memory.dll
• %Current Folder%\plugin\GetSysInfo.dll
• %Current Folder%\plugin\File.dll
• %Current Folder%\plugin\Console.dll
• %Current Folder%\plugin\BkgndColor.dll
• %Current Folder%\eula-mymacro-full.txt
• %Current Folder%\yrkaeou.dll
• %Current Folder%\rename.ini
• %Current Folder%\cooper.dll
• %Current Folder%\ad-mymacro.xml

Other Details

This Trojan does the following:

• It registers its dropped .DLL file, detected as TROJ_ADCLICKER.FW. As such, routines of the said file are exhibited on the affected system.
• It attempts to establish a connection to the following remote host:
  
  • {BLOCKED}.{BLOCKED}.238.241
• It attempts to access the following websites upon execution:
  
  • http://{BLOCKED}rothers.com/qmacro/ad-mymacro-cht.xml
  • http://{BLOCKED}rothers.com/qmacro/ad-mymacro-cht.htm