Trojan Horses Definitions(s) - SearchMiracle.AdDownloader

SearchMiracle.AdDownloader

Category: Trojan Downloader

Risk: Elevated Risk

* Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.

Description: SearchMiracle.AdDownloader installs a memory resident adware application that displays popup ads on the users computer. SearchMiracle.Downloader connects to the following URLs, which in turn may also open links to other adware-related Web sites: http://info.searchmiracle.com/popsetarray.php http://info.searchmiracle.com/update.php After connecting to thew update page, the trojan then downloads and executes its update package protector_update.exe. Once protector_update.exe is installed the trojan communicates with the URL http://info.searchmiracle.com/popsetarray.php to determine what ads to display to the user. Sample data: "http://searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=4|700|500|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=5|752|467|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17180|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||"

Alias: TROJ_STARTPGE.KR, W32/AdClicker.Z, Troj/StartPa-NK, Win32/Startpage.KR, Win32.Startpage.KR[trojan],

Signatures:
process: protas.exe: MD5 Hash: CCA7F61E2095E805211
process: protector_update.exe: MD5 Hash: CCA7F61E2095E805211
process: protector.exe: MD5 Hash: 25b6e2f440cbff32e34
process: elitebdc32.exe: MD5 Hash: 25B6E2F440CBFF32E34
process: elitelfh32.exe: MD5 Hash: 25B6E2F440CBFF32E34
process: protector_update.exe: MD5 Hash: 22ef63bfb229b17ee96
process: regcleanbundle.exe: MD5 Hash: 8116b7bff33312d3b79
process: rgbndl_enaxb1.exe: MD5 Hash: bee2c2e90fe644da014..

Updated: 02/17/2006
Copyright @2006 THR Computer Solutions: SearchMiracle.AdDownloader