Content

Generic PUP.x!p!24048cb215fb

Type
Program
SubType
-
Discovery Date
06/30/2009
Minimum DAT
5662 (06/30/2009)
Updated DAT
5662 (06/30/2009)
Minimum Engine
5300.2777
Description Added
06/30/2009
Description Modified
06/30/2009 6:14 PM (PT)

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File PropertyProperty Value
FileName1a07bb99f1ecdaa9e2c36e8068a65f07b522b214.exe
McAfee ArtemisArtemis!24048cb215fb
McAfee DetectionGeneric PUP.x!p
Length128,178 bytes
CRC5873E720
MD524048CB215FBD625AF97662BE2BFBB06
SHA11A07BB99F1ECDAA9E2C36E8068A65F07B522B214

Other Common Detection Aliases

Company NameDetection Name
ahnlabWin-Trojan/Magania.128174
avastWin32:Dialer-gen [Trj]
AVG (GriSoft)Dialer.PKQ
AviraTR/PSW.Magania.beym.1
BitDefenderDialer.Generic.42757
Dr.WebDLOADER.Trojan
EMSI SoftwareVirus.Trojan.GameThief!IK
FortiNetSuspicious
F-ProtW32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)
KasperskyTrojan-GameThief.Win32.Magania.bfkh
microsoftTrojan:Win32/Agent.GA
normanw32/dialer.dyso
pandaTrj/Lineage.BZE
risingBackdoor.Win32.Drwolf.egr
SophosMal/Generic-A
SymantecInfostealer.Gampass
vba32Trojan-GameThief.Win32.Magania.beym
V-BusterTrojan.Magania.NXH

Avert® Labs has observed the following system activities:

ActivityRisk Level
Enumerates running processes
Medium
Program often suspends itself
Medium
Uses shared memory of other processes
Low
Writes executable in the windows folder
Low
Performs a shell execute of downloaded or existing files
Informational

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

  • %USERPROFILE%\local settings\temp\1a07bb99f1ecdaa9e2c36e8068a65f07b522b214.exe

    • The following files have been added to the system:

  • %WINDIR%\system32\logofsystem.key
  • c:\documents and settings\local user
  • c:\documents and settings\local user\ntuser.dll

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\system\currentcontrolset\services\6to4\parameters\
    • servicedll = c:\documents and settings\local user\ntuser.dll

    • The following registry elements have been changed:

  • HKEY_LOCAL_MACHINE\system\currentcontrolset\services\6to4\
    • description = [binary data]
    • type = 4
    • type = 48

    • Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Aliases

    Aliases

      N/A