Mensaje
por msc hotline sat » 14 Sep 2004, 15:12
Informacion adicional de este downloader:
SEGUN SOPHOS:
#1 - SOPHOS :
Troj/Popupper-A Severity:
2/5 File Size:
-
Reported:
2004-08-17 10:33 Last Update:
2004-08-25 23:39
Description:
Troj/Popupper-A is a Trojan downloader. The Trojan downloads a file called mmbun.exe to the Windows folder. This file is then executed. A file called usta32a.ini may also be dropped. The installed software is likely to be adware.
_________
SEGUN TREND:
TROJ_VB.DO
Overview Technical Details
QUICK LINKS Solution | Understanding New Pattern Format
--------------------------------------------------------------------------------
Virus type: Trojan
Destructive: No
Pattern file needed: 1.932.19
Scan engine needed: 6.810
Overall risk rating: Very Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage Potential: Low
Distribution Potential: Low
--------------------------------------------------------------------------------
Description:
This memory-resident Trojan has a downloader component. It is non-destructive and it has no propagation routine. Thus, it requires manual installation to affect systems.
It usually comes with other malware as an advertisment popup display. It attempts to connect to the following URL to determine which advertisment to display:
http://www.popuppers.com/popsn14.php?firstd=
It downloads an updated copy of itself everytime a user is online by connecting to the following URL:
http://bins2.med<BLOCKED>motor.net/soft/mmbun.exe
It is written in Visual Basic 6.0. It will not execute unless the MS Visual Basic 6.0 Runtime Library MSVBVM60.DLL is installed on a system.
It is designed to run on Windows 95, 98, ME, NT, 2000, and XP.
Solution:
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your system with your Trend Micro antivirus product.
NOTE all files detected as TROJ_VB.DO.
Trend Micro customers need to download the latest pattern file before scanning their system. Other users can use Housecall, Trend Micro’s free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
Como sea que de este bicho no habiamos tenido noticias anteriormente, agradeceríamos que, si todavía no lo ha bprrado, nos envie una miestra de dichos ficheros a zonavirus@satinfo.es para poder estudiarlos y controlarlos a continuacion.
Puede enviarnoslos anexados a un e-maol cuyo texto sea un copiar y pegar de este post, y le contestaremos como respuesta de este Tema
saludos
ms, 14-09-2004
msc hotline sat Virus Research Engineer