W32/Peregar.C is a Trojan that will infect Windows systems.

This Trojan is either downloaded from the Internet or dropped by other malware applications.

Upon execution, the Trojan drops the following files:

  • kiasys.dll in the Windows folder,
  • [Random Characters] in Current Users' Temp folder,
  • bind[1].htm in Temporary Internet Files folder,
  • pic[2].htm in Temporary Internet Files folder,
  • search[4].htm in Temporary Internet Files folder.
  • The dropped file kiasys.dll is injected to explorer.exe and iexplorer.exe processes.

    The Trojan opens the Google search page with the search string “sex world.” The first URL in the Google result page will be hijacked and redirected to http://stable2.com/search/search.php?qq=sex+video

    More information can be found at this Proland Software page.