Content

Adware-StatBlaster!3a152fd78ec2

Type
Program
SubType
Adware
Discovery Date
06/25/2009
Minimum DAT
5657 (06/25/2009)
Updated DAT
5657 (06/25/2009)
Minimum Engine
5300.2777
Description Added
06/25/2009
Description Modified
06/25/2009 11:41 AM (PT)

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File PropertyProperty Value
FileNamebb442b4a8104010ceba39c82ab9392f40e152354.exe
McAfee ArtemisArtemis!3a152fd78ec2
McAfee DetectionAdware-StatBlaster
Length86,016 bytes
CRC32FBC327
MD53A152FD78EC23D767E8E00422BC844E0
SHA1BB442B4A8104010CEBA39C82AB9392F40E152354

Other Common Detection Aliases

Company NameDetection Name
avastWin32:Agent-DVG [Trj]
AVG (GriSoft)Dropper.Small.25.A (Trojan horse)
AviraTR/Drop.VB.HF.2
BitDefenderTrojan.Dropper.Vb.HF
clamavTrojan.Spy.Agent-54
Dr.WebTrojan.MulDrop.2482
EsetWin32/Spy.Agent.ET trojan
FortiNetAdware/StatBlaster
F-ProtW32/Dropper.FSK
KasperskyTrojan-Dropper.Win32.VB.hf
microsofttrojan:win32/meredrop
normanW32/Smalldrp.DMG
pandaTrojan Horse.AP3
risingDropper.VB.abs
SophosSus/TinyDL-G (suspicious)
SymantecTrojan Horse
Trend MicroPAK_Generic.001
vba32Embedded.Trojan-Spy.Win32.Agent.et (suspected)
V-BusterTrojan.DR.VB.DUZL (trojan)

Avert® Labs has observed the following system activities:

ActivityRisk Level
Performs a shell execute of downloaded or existing files
Informational

Other detections that have been observed.

FileNameMcAfee Supported
%WINDIR%\system32\mspeupx.exe
Adware-StatBlaster

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

  • %USERPROFILE%\local settings\temp\bb442b4a8104010ceba39c82ab9392f40e152354.exe

    • The following files have been added to the system:

  • %WINDIR%\system32\mspeupx.exe
  • %WINDIR%\system32\wizmo.exe

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\
    • mspeupx.exe = mspeupx.exe:*:enabled:mspeupx

    • The following registry elements have been changed:

  • HKEY_CURRENT_USER\sessioninformation\
    • programcount = 3

    • Removal

    All Users:

    Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

    1.Disable System Restore (Windows ME/XP only).

    2.Update to current engine and DAT files for detection and removal.

    3.Run a complete system scan.

    Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

    General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.

    Aliases

    Aliases

      N/A