voici la descripion (en anglais ) depuis mc afree
Detection was added to cover for a malicious 32 bit PE file originally called "protopro.exe " , having a filesize of 4698 bytes. The file is internally compressed using the mew packer.
Upon running, it runs silenly, no GUI messages appear on the screen.
It doesn't copy itself to another location like the %windows\%system folder.
It adds registry keys under:
* HKLM\Software\Elitum\EliteToolBar "AccountNumber"
with Data: "protopro"
* HKLM\Software\Microsoft\DownloadManager
* HKLM\Software\Microsoft\Internet Explorer\Main "Enable Browser Extensions" with Data: "yes"
It tries to connect to a website to download binary executable files from. ****.searchmiracle.com/**** The exact website address has been concealed by asterisks on purpose.
When successfull, it will put a file called c:\prot.exe and /or c:\silent53.exe on the target system.