1. /
  2. Security Response/
  3. Trackware.Icarus

Trackware.Icarus

Updated:
June 25, 2007 11:07:34 PM
Type:
Trackware
Infection Length:
346,258 bytes
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Once the security risk is executed, it creates the following folder:
%ProgramFiles%\Icarus2

It then creates the following files:
  • %ProgramFiles%\Icarus2\unins000.dat
  • %ProgramFiles%\Icarus2\unins000.exe
  • %ProgramFiles%\Icarus2\UpdateChk.exe
  • %ProgramFiles%\Icarus2\Icarus2.dll


The program creates following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Icarus2" = "%ProgramFiles%\Icarus2\UpdateChk.exe"

It also creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1
HKEY_CURRENT_USER\Software\Icarus2
HKEY_CURRENT_USER\Software\Icarus2\data
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj.1
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}
HKEY_CLASSES_ROOT\TypeLib\{D38325BA-795B-45B8-B4B7-8359B1348543}
HKEY_CLASSES_ROOT\Interface\{FD812E0C-4F99-4139-9B5D-72F2D9FA1BAA}
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489C-9D4E-71B59ECB141F}

Next, the security risk creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"Inno Setup: Setup Version" = "5.1.11"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"Inno Setup: App Path" = "%ProgramFiles%\Icarus2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"InstallLocation" = "%ProgramFiles%\Icarus2\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"Inno Setup: Icon Group" = "Icarus2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"Inno Setup: User" = "Administrator"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"DisplayName" = "Icarus2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"UninstallString" = ""%ProgramFiles%\Icarus2\unins000.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"QuietUninstallString" = ""%ProgramFiles%\Icarus2\unins000.exe" /SILENT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"NoModify" = "0x1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"NoRepair" = "0x1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icarus2_is1\"InstallDate" = "20070626"
HKEY_CURRENT_USER\Software\Icarus2\data\"v" = "[VERSION NUMBER]"
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj.1\"(Default)" = "Icarus2"
KEY_CLASSES_ROOT\Icarus2.Icarus2Obj.1\CLSID\"(Default)" = "{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}"
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj\"Default" = "Icarus2 Rocks"
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj\CLSID\"(Default)" = "{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}"
HKEY_CLASSES_ROOT\Icarus2.Icarus2Obj\CurVer\"(Default)" = "Icarus2.Icarus2Obj.1"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\"(Default)" = "Icarus2"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\ProgID\"(Default)" = "Icarus2.Icarus2Obj.1"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\VersionIndependentProgID\"(Default)" = "Icarus2.Icarus2Obj"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\InprocServer32\"(Default)" = "%ProgramFiles%\Icarus2\Icarus2.dll"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\InprocServer32\"ThreadingModel" = "Apartment"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\ToolboxBitmap32\"(Default)" = "%ProgramFiles%\Icarus2\Icarus2.dll, 102"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\MiscStatus\"(Default)" = "0"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\MiscStatus\1\"(Default)" = "131473"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\TypeLib\"(Default)" = "{D38325BA-795B-45b8-B4B7-8359B1348543}"
HKEY_CLASSES_ROOT\CLSID\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\Version\"(Default)" = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2E6833D-ABC0-489c-9D4E-71B59ECB141F}\"(Default)" = "Icarus2"
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj.1\"(Default)" = "UIIcarus2Obj Class"
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj.1\CLSID\"(Default)" = "{74F2142F-655E-487f-918C-C544856BA0B5}"
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj\"(Default)" = "UIIcarus2Obj Class"
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj\CLSID\"(Default)" = "{74F2142F-655E-487f-918C-C544856BA0B5}"
HKEY_CLASSES_ROOT\Icarus2.UIIcarus2Obj\CurVer\"(Default)" = "Icarus2.UIIcarus2Obj.1"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\"(Default)" = "UIIcarus2Obj Class"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\ProgID\"(Default)" = "Icarus2.UIIcarus2Obj.1"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\VersionIndependentProgID\"(Default)" = "Icarus2.UIIcarus2Obj"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\InprocServer32\"(Default)" = "%ProgramFiles%\Icarus2\Icarus2.dll"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\InprocServer32\"ThreadingModel" = "Apartment"
HKEY_CLASSES_ROOT\CLSID\{74F2142F-655E-487f-918C-C544856BA0B5}\TypeLib\"(Default)" = "{D38325BA-795B-45b8-B4B7-8359B1348543}"
HKEY_CLASSES_ROOT\TypeLib\{D38325BA-795B-45B8-B4B7-8359B1348543}\1.0\"(Default)" = "Icarus2 1.0 Type Library"
HKEY_CLASSES_ROOT\TypeLib\{D38325BA-795B-45B8-B4B7-8359B1348543}\1.0\FLAGS\"(Default)" = "0"
HKEY_CLASSES_ROOT\TypeLib\{D38325BA-795B-45B8-B4B7-8359B1348543}\1.0\0\win32\"(Default)" = "%ProgramFiles%\Icarus2\Icarus2.dll"
HKEY_CLASSES_ROOT\TypeLib\{D38325BA-795B-45B8-B4B7-8359B1348543}\1.0\HELPDIR\"(Default)" = "C:\Documents and Settings\Administrator\Desktop\"
HKEY_CLASSES_ROOT\Interface\{FD812E0C-4F99-4139-9B5D-72F2D9FA1BAA}\"(Default)" = "IIcarus2Obj"
HKEY_CLASSES_ROOT\Interface\{FD812E0C-4F99-4139-9B5D-72F2D9FA1BAA}\ProxyStubClsid\"(Default)" = "{00020424-0000-0000-C000-000000000046}"
HKEY_CLASSES_ROOT\Interface\{FD812E0C-4F99-4139-9B5D-72F2D9FA1BAA}\ProxyStubClsid32\"(Default)" = "{00020424-0000-0000-C000-000000000046}"
HKEY_CLASSES_ROOT\Interface\{FD812E0C-4F99-4139-9B5D-72F2D9FA1BAA}\TypeLib\"(Default)" = "{D38325BA-795B-45B8-B4B7-8359B1348543}"
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}\"(Default)" = "IUIIcarus2Obj"
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}\ProxyStubClsid\"(Default)" = "{00020424-0000-0000-C000-000000000046}"
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}\ProxyStubClsid32\"(Default)" = "{00020424-0000-0000-C000-000000000046}"
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}\TypeLib\"(Default)" = "{D38325BA-795B-45B8-B4B7-8359B1348543}"
HKEY_CLASSES_ROOT\Interface\{5B5A9632-8891-4055-9CD9-9638D6733840}\TypeLib\"Version" = "1.0"

It then tracks Web sites visited and displays advertisements.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver