oz_mark said:
After doing a google for ********, I only became even more suspicious about what it is.
Ok. I spent some time analysing the crudware that the program is.
I re-iterate my warning -
DO NOT DOWNLOAD, RUN OR ATTEMPT TO DOWNLOAD THAT FILE.
The file looks beneign enough from the outside. When run, it installs a program called "Credit Card Verifier" and launches the program. The program is used to verify credit card numbers against the checkdigits on the cards.
However, in the background it also drops and runs a file called "Kav_6.0.exe". This file unpacks itself and runs another file called "Kav_Update.exe" (Note that Kav is a respected Anti-Virus firm and the icons and names are meant to avoid suspicion by using their name as part of this malware - Kav have nothing to do with this)
That file drops another few files onto the machine (services.exe, sservices.exe and fservices.exe - Not to be confused with legitimate files of the same name ) which are identified as a backdoor trojan (malicious file that allows others to connect to your machine and perform operations/capture keystrokes/data etc.)
Other files are also dropped as part of this routine.
So in other words, as predicted above the file is a nasty piece of work. A subtle warning to everyone about the dangers of downloading files where you can't verify the origin.
(Oh, and I used what is known as a "goat" p.c for my work - do not try this at home unless you really know what you are doing!)