Payload
Notifies remote web server
When run, the installed component checks for the file "%APPDATA%\Desktopicon\config.ini" and creates it if it does not exist. It creates a section within the configuration data file named "[Shortcut]" with content as in the following example:
[Shortcut]
<LocaleString>=<number of times this program has been run>
The component then starts a Web browser instance (Internet Explorer) and connects to the domain "adon-demand.de" and sends the above content as a string, as in the following example:
adon-demand.de/<path>/?s=<LocaleString>&c=<runcount>
Upon visiting the website, the user is then redirected to the online auctioning site "ebay.com".
Analysis by Dan Kurc
So, no.
Do you commonly get redirected?