Content
IGetNet.dr
- Type
- Program
- SubType
- -
- Discovery Date
- 10/07/2003
- Minimum DAT
- 4297 (10/08/2003)
- Updated DAT
- 4412 (12/08/2004)
- Minimum Engine
- 5.1.00
- Description Added
- 10/15/2003
- Description Modified
- 10/17/2003 2:34 PM (PT)
Tab Navigation
Characteristics
-- Update October 17, 2003 --
This detection was reclassified from trojan to potentially unwanted program as the author's intentions are not malicious. This change is reflected in the 4299 DAT files.
This file may come bundled with another program, which discloses the fact that it is ad-supported. Users agree to have this program installed in the license agreement, although they may not realise at first that this particular file was packaged with the product they installed.
When executed, two files called WINSTART001.EXE and rules.dat are dropped into C:\Windows\System
This trojan installs the IGetNet application (WINSTART001.EXE is already detected as IGetNet application).
The following change is made to the registry to run the executable at startup:
HKEY_LOCAL_MACHINE\Software\Windows\CurrentVersion\Run "WINSTART001.EXE "
The virus contains a counter stored in:
- HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ Ie Rsp\System "pid"
- HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ Ie Rsp\System "rules"
These registry keys are intended to monitor the number of times that the application has run.
Lastly, this program will delete all *.EX* files from Temp folders.
Aliases
Aliases
-
N/A