McAfee > Theat Center > Virus Detail Page

Overview

This is a multidropper which is intended to drop and execute adwares on the target machine.

Aliases

• Adware.Eshop (Doctor Web)

• Trojan.DownLoader.8190 (IKARUS)

Characteristics

Upon execution, this trojan drops 2scenichp.exe (file size 127654 bytes) and 4scenicnews.exe (file size 253858 bytes) under "%SystemDrive%\Documents and Settings\<USER>\Local Settings\Temp" directory. These files are responsible for installing adwares on the target machine.

2scenichp.exe is already detected by McAfee as "Adware-MWS" program. More information about this can be found at the following link:

http://vil.nai.com/vil/content/v_100910.htm

4scenicnews.exe is already detected by McAfee as "Adware-SaveNow" program. More information about this can be found at the following link:

http://vil.nai.com/vil/content/v_100836.htm

Symptoms

Dropped files on the target machine as mentioned.

Method of Infection

This multidropper trojan serves only to drop and execute other files on the target system. It does not self-replicate. Likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings or email, etc. The file is likely to be named in order to entice the victim to run it.

Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a multidropper which is intended to drop and execute adwares on the target machine.

Aliases

• Adware.Eshop (Doctor Web)

• Trojan.DownLoader.8190 (IKARUS)

Characteristics

Characteristics -

Upon execution, this trojan drops 2scenichp.exe (file size 127654 bytes) and 4scenicnews.exe (file size 253858 bytes) under "%SystemDrive%\Documents and Settings\<USER>\Local Settings\Temp" directory. These files are responsible for installing adwares on the target machine.

2scenichp.exe is already detected by McAfee as "Adware-MWS" program. More information about this can be found at the following link:

http://vil.nai.com/vil/content/v_100910.htm

4scenicnews.exe is already detected by McAfee as "Adware-SaveNow" program. More information about this can be found at the following link:

http://vil.nai.com/vil/content/v_100836.htm

Symptoms

Symptoms -

Dropped files on the target machine as mentioned.

Method of Infection

Method of Infection -

This multidropper trojan serves only to drop and execute other files on the target system. It does not self-replicate. Likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings or email, etc. The file is likely to be named in order to entice the victim to run it.

Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A