McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• not-a-virus:FraudTool.Win32.WorldSecurityOnline.c  (Kaspersky)
• Trojan.Fakealert.230  (Doctor Web)
• Adware/AntiVermins  (Panda)
• Downloader  (Symantec)

Characteristics

This detection is for a trojan that is reported to be distributed by the name 334.dll
Upon execution, this DLL file downloads and installs Adware-Antiverm from one of the follwing websites

• dl1.antivermins.com [ip = 63.217.29.1147]
• download10.antivermins.com [ip = 209.8.60.69]

This trojan shows a popup balloon with a display message like the one shown in the picture below,

Upon clicking the fake warning message the browser will be redirected to http://www.anti-vermins.com/?aff=334 , directing the users to download an antispyware product called "AntiVermins". as shown below,

Symptoms

Presence of aforementioned properties.

Method of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• not-a-virus:FraudTool.Win32.WorldSecurityOnline.c  (Kaspersky)
• Trojan.Fakealert.230  (Doctor Web)
• Adware/AntiVermins  (Panda)
• Downloader  (Symantec)

Characteristics

Characteristics -

This detection is for a trojan that is reported to be distributed by the name 334.dll
Upon execution, this DLL file downloads and installs Adware-Antiverm from one of the follwing websites

• dl1.antivermins.com [ip = 63.217.29.1147]
• download10.antivermins.com [ip = 209.8.60.69]

This trojan shows a popup balloon with a display message like the one shown in the picture below,

Upon clicking the fake warning message the browser will be redirected to http://www.anti-vermins.com/?aff=334 , directing the users to download an antispyware product called "AntiVermins". as shown below,

Symptoms

Symptoms -

Presence of aforementioned properties.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A