McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

-- Update March 11, 2010 --

A new variant of this thread have been discovered which tries to disguise itself as a bogus Playstation emulator.

This variant post sensitive information from the infected machine to several websites, and download and install more malicious files. All files downloaded by this program are already detected as FakeAlert-MA.gen

Upon execution, this malware shows the following behavior:

Tries to connect to the websites below to post data and request files to download:

• angel[removed]arts.com
• super[removed]media.com
• best[removed]arts.com
• dogart[removed].com
• dancearts[removed].com
• art[removed]world.com

Add the following key to registry:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs = 0x3A98

Delete itself from disk

--

This is a generic detection for Downloader trojans.

For further information, please refer to the Generic Downloader description.

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

-- Update March 11, 2010 --

A new variant of this thread have been discovered which tries to disguise itself as a bogus Playstation emulator.

This variant post sensitive information from the infected machine to several websites, and download and install more malicious files. All files downloaded by this program are already detected as FakeAlert-MA.gen

Upon execution, this malware shows the following behavior:

Tries to connect to the websites below to post data and request files to download:

• angel[removed]arts.com
• super[removed]media.com
• best[removed]arts.com
• dogart[removed].com
• dancearts[removed].com
• art[removed]world.com

Add the following key to registry:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs = 0x3A98

Delete itself from disk

--

This is a generic detection for Downloader trojans.

For further information, please refer to the Generic Downloader description.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A