Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Iyeclore.C

Aliases:Trojan.Win32.LinkReplacer.g (Kaspersky), Trojan:Win32/Iyeclore.A!dll (Microsoft), BackDoor-AWQ.m trojan (McAfee) 
Type of infiltration:Trojan  
Size:Variable  
Affected platforms:Microsoft Windows 
Signature database version:4832 (20100203) 

Short description

Win32/Iyeclore.C is a trojan which tries to propagate certain web sites. The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc. Trojan is probably a part of other malware.

Installation

The trojan does not create any copies of itself.

The trojan creates the following files:
  • %systemdrive%Program FilesCommon
    FilesSystemadomsadomd.htm

Other information

Win32/Iyeclore.C is a trojan which tries to propagate certain web sites. The trojan contains a list of (5) URLs.

It tries to download several files from the addresses.

These are stored in the following locations:
  • %systemdrive%Program FilesCommon
    Filessystemadotmp111.tmp
  • %systemdrive%Program FilesCommon
    Filessystemadomdacbg.xml
The HTTP protocol is used.

The trojan alters the behavior of the following programs:
  • Internet Explorer
  • Maxthon
  • Tencent Traveler
The trojan changes information related to the following services:
  • MSN
The user may be redirected to one of the following Internet web sites:
  • http://unstat.baidu.com/bdun.bsc?tn=ozmn_pg&cv=0&cid=11731
    65&csid=102&bgcr=ffffff&urlcr=0000ff&tbsz=160&defid=2
It can execute the following operations:
  • steal information from the Windows clipboard
  • download files from a remote computer and/or the Internet
The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.