Content

Generic PUP.x

Type
Program
SubType
Win32
Discovery Date
03/19/2007
Length
Minimum DAT
4987 (03/19/2007)
Updated DAT
5867 (01/20/2010)
Minimum Engine
5.2.00
Description Added
03/19/2007
Description Modified
11/25/2009 12:41 PM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

McAfee® Avert® Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this or another bundled application, you may have legal obligations with regard to removing this software, or to using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude the detection of legitimately installed programs.

File Information:
    • File Size : 33462 bytes
    • MD5 : 36F979ED1FC6C0DA719EE74C7F8F69A7
    • SHA : 83FACF58C9D02B564814D0E5A3A06707745BF234

Aliases:
    • NOD32 : Win32/Adware.Cinmus
    • Sunbelt : AdWare.Win32.Cinmus.gen
    • VBA32 : Win32.Adware.Cinmus

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

This malware binary is dropped by its source file which has been detected as Generic PUP.z!f

The following files have been added to the compromised system
    • %Temp%\~nsu.tmp\Au_.exe

These are the defaults for typical path variables. (Although they may differ, these are common examples):


%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SysDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000) %ProgramFiles% = C:\Program Files\ %Temp% = C:\Documents and Settings\Administrator\Local Settings\Temp\

Symptoms:
    • Presence of above mentioned file.

Symptoms

Method of Infection

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

McAfee® Avert® Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this or another bundled application, you may have legal obligations with regard to removing this software, or to using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude the detection of legitimately installed programs.

File Information:
    • File Size : 33462 bytes
    • MD5 : 36F979ED1FC6C0DA719EE74C7F8F69A7
    • SHA : 83FACF58C9D02B564814D0E5A3A06707745BF234

Aliases:
    • NOD32 : Win32/Adware.Cinmus
    • Sunbelt : AdWare.Win32.Cinmus.gen
    • VBA32 : Win32.Adware.Cinmus

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

This malware binary is dropped by its source file which has been detected as Generic PUP.z!f

The following files have been added to the compromised system
    • %Temp%\~nsu.tmp\Au_.exe

These are the defaults for typical path variables. (Although they may differ, these are common examples):


%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SysDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000) %ProgramFiles% = C:\Program Files\ %Temp% = C:\Documents and Settings\Administrator\Local Settings\Temp\

Symptoms:
    • Presence of above mentioned file.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A