Content
CasOnline
- Type
- Program
- SubType
- Win32
- Discovery Date
- 04/27/2005
- Length
- Minimum DAT
- 4478 (04/27/2005)
- Updated DAT
- 5794 (11/06/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 04/27/2005
- Description Modified
- 04/30/2009 10:50 AM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a trojan. It is an online gambling application from any of a number of various online casino technologies that is detected as a "potentially unwanted program." Many variants contain similar characteristics as described below. Not all variants include all of these characteristics and some may exhibit additional features relevant to the detection not listed here.
Upon launching the installer, a user interface is usually presented. The installation is often characterized by insufficient display of policies/agreements or request for user input. Following installation additional setup downloads may occur, often large in quantity and/or size - sometimes exceeding 30MB (mainly graphics and music). Following the initial download and setup, the software makes regular communications to remote servers while running (see Network Impact below).
Privacy
The software usually communicates with remote servers, often on several ports, during initial setup and operation. A unique identifier is sometimes created for the host system and transmitted during communications. Regular communications take place while the software is running. It is not always clear what information may potentially be communicated (the majority of the background transmissions appear to be encrypted or use a proprietary protocol not easily interpreted), although if the user signs up to play "for money" games then transmission of personal information would necessarily occur.
A sufficient privacy policy is often unavailable or inadequately provided.
System Changes
Files Added
Numerous files are usually, but not always, stored in their own subfolder in the system c:\Program Files directory. Many graphics and sound resources may be downloaded and stored in the same location or in their own sub-folders. Links are commonly added on the user's desktop as well as in the start menu folder. Some variants may also create quick launch entries.
Registry
Numerous registry entries are generally created by the application and will vary across detected technologies.
Network Impact
These applications generally create large amounts of network traffic, often to multiple servers. This traffic may include normal game-play traffic, traffic to financial/banking sites to facilitate gambling as well as downloads for advertisements for similar gambling software or gambling-related sites.
Uninstall
The application uninstallation is sometimes insufficient and can leave remnants of the software behind potentially causing performance issues to the system.
Symptoms
Method of Infection
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a trojan. It is an online gambling application from any of a number of various online casino technologies that is detected as a "potentially unwanted program." Many variants contain similar characteristics as described below. Not all variants include all of these characteristics and some may exhibit additional features relevant to the detection not listed here.
Upon launching the installer, a user interface is usually presented. The installation is often characterized by insufficient display of policies/agreements or request for user input. Following installation additional setup downloads may occur, often large in quantity and/or size - sometimes exceeding 30MB (mainly graphics and music). Following the initial download and setup, the software makes regular communications to remote servers while running (see Network Impact below).
Privacy
The software usually communicates with remote servers, often on several ports, during initial setup and operation. A unique identifier is sometimes created for the host system and transmitted during communications. Regular communications take place while the software is running. It is not always clear what information may potentially be communicated (the majority of the background transmissions appear to be encrypted or use a proprietary protocol not easily interpreted), although if the user signs up to play "for money" games then transmission of personal information would necessarily occur.
A sufficient privacy policy is often unavailable or inadequately provided.
System Changes
Files Added
Numerous files are usually, but not always, stored in their own subfolder in the system c:\Program Files directory. Many graphics and sound resources may be downloaded and stored in the same location or in their own sub-folders. Links are commonly added on the user's desktop as well as in the start menu folder. Some variants may also create quick launch entries.
Registry
Numerous registry entries are generally created by the application and will vary across detected technologies.
Network Impact
These applications generally create large amounts of network traffic, often to multiple servers. This traffic may include normal game-play traffic, traffic to financial/banking sites to facilitate gambling as well as downloads for advertisements for similar gambling software or gambling-related sites.
Uninstall
The application uninstallation is sometimes insufficient and can leave remnants of the software behind potentially causing performance issues to the system.
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A
