Where does Win32/injector.AWI trojan install its files?

I just accidentally clicked on a link in MSN and NOD32 presented me with an alert window the Win32/injector.AWI trojan virus was trying to access my computer. I also got a window asking me if I wanted to install a file, which I of course didn't.

Now I'm very cautious about viruses because I got hacked twice so I'm running a smart scan right now, but to be sure I also always check what files a certain virus installs if I suspect there's a virus on my computer. I'm not able to find this info on the ESET site though, so what I really would like to know is where I can find this info?

Could somebody point me in the right direction?

 

This trojan is currently detected by ESET's virus signature database.

Try running a scan in safe mode, please post back your findings.

 

I did a full system scan in Safe Mode and came up clean.

Guess the virus didn't install itself after all

But yeah, I'd still like to know where I can find info about viruses on the ESET website. I used Norton for a long time and I could visit their website, type in a virus name and the website would show me a page which not only told me how the virus was known by other virus scanners, but also what files the virus installed and where it installed them, and how to get rid of the virus manually. They offered a lot more info as well.

I hope ESET has something similar?

 

Thanks for advising that you are clean.

You may use the ESET Threat Encyclopaedia here

 

I would check for rootkits. I had some injector variants leave behind a rootkit that hides from the API inside the system32\drivers, along with make reference to a registry setting in hklm\software\microsoft\currenversion\fci

 

That registry key does not even exist in my registry. I think it has to be hklm\software\microsoft\windows\currentversion\fci? Fci does not exist there though. I'm using XP by the way, if that makes any difference.

I assume with hklm you mean HKEY_Local_Machine?

Also, NOD32 showed in the logs the connection to the file trying to install the trojan was shut down. I also got a window asking if I wanted to install something and I clicked Cancel on that one. So, I don't think anything was installed. My system also isn't behaving different than before. So yeah, don't think something's wrong on my computer.