McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• TROJ_OUTWAR.A (Trend)

• Trojan.Outwar.36864 (DialogueScience)

Characteristics

This detection is for a trojan written in MSVB. The trojan is intended to download files (via HTTP) from remote servers.

The URLs for these remote files is hard-coded in the trojan. The files (which obviously may change) are currently downloaded from the following server (complete URL obfuscated):

http://images.outwar.com/(blocked)

The files being:

• RAPID.EXE  - detected as Adware-RBlast application
• MSGCENTER.EXE - detected as Adware-PornKings application
• IEHELPER.EXE

Subsequently, the trojan sends a HTTP request to a remote server (directly to a hard-coded IP address).

Symptoms

This trojan does not install itself on the victim machine in any way. It merely serves to download other remote files.

Unexpected HTTP traffic to the remote server detailed above would be apparent from the victim machine.

Method of Infection

This downloader trojan serves only to download other remote files.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• TROJ_OUTWAR.A (Trend)

• Trojan.Outwar.36864 (DialogueScience)

Characteristics

Characteristics -

This detection is for a trojan written in MSVB. The trojan is intended to download files (via HTTP) from remote servers.

The URLs for these remote files is hard-coded in the trojan. The files (which obviously may change) are currently downloaded from the following server (complete URL obfuscated):

http://images.outwar.com/(blocked)

The files being:

• RAPID.EXE  - detected as Adware-RBlast application
• MSGCENTER.EXE - detected as Adware-PornKings application
• IEHELPER.EXE

Subsequently, the trojan sends a HTTP request to a remote server (directly to a hard-coded IP address).

Symptoms

Symptoms -

This trojan does not install itself on the victim machine in any way. It merely serves to download other remote files.

Unexpected HTTP traffic to the remote server detailed above would be apparent from the victim machine.

Method of Infection

Method of Infection -

This downloader trojan serves only to download other remote files.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A