Generic PUP.z!k!af1e04b9ca13

Content

Generic PUP.z!k!af1e04b9ca13

Type: Program
SubType: -
Discovery Date: 08/07/2009
Minimum DAT: 5701 (08/07/2009)
Updated DAT: 5701 (08/07/2009)
Minimum Engine: 5300.2777
Description Added: 08/07/2009
Description Modified: 08/07/2009 2:54 PM (PT)

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property	Property Value
FileName	Unavailable
McAfee Artemis	Artemis!af1e04b9ca13
McAfee Detection	Generic PUP.z!k
Length	106,426 bytes
CRC	7AE94BED
MD5	AF1E04B9CA13756E6B830C21741D3C34
SHA1	3E0C52DEAFA1AFEA32CE3D37FB9FE6A5E5976789

Other Common Detection Aliases

Company Name	Detection Name
avast	Win32:Trojan-gen {Other}
AVG (GriSoft)	Generic11.UXT (Trojan horse)
Avira	TR/Dropper.Gen
BitDefender	Trojan.Generic.835082
clamav	Trojan.VB-4959
FortiNet	W32/VB.HMR!tr
F-Prot	W32/Trojan2.FZCY
Kaspersky	Trojan.Win32.VB.fpj
microsoft	monitoringtool:win32/yakoza.gen!a [generic]
panda	Adware/AccesMembre (spyware)
Trend Micro	TROJ_Generic.DIT
vba32	Trojan.Win32.VB.fpj

Avert® Labs has observed the following system activities:

Activity	Risk Level
Uses shared memory of other processes	Low

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

%USERPROFILE%\local settings\temp\af1e04b9ca13756e6b830c21741d3c34.exe

The following files have been added to the system:

%WINDIR%\af1e04b9ca13756e6b830c21741d3c34.exe

%WINDIR%\crystal

%WINDIR%\inf\cyzpait.inf

%WINDIR%\peernet

The following registry elements have been created:

HKEY_CURRENT_USER\software\vb and vba program settings\rtr\tr\

rt =
6615935763159357701593577415935773159357561593577715935756159357691593
57641593574015935723159357
,7215935778159357601593577315935754159357815935791593578515935785159357
,,3000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\htuad\

description = allows error reporting for services and applictions
running in non-standard environments.
displayname = transaction coordinator
errorcontrol = 1
imagepath = c:\windows\msapps\csrss.exe /service
objectname = localsystem
start = 2
type = 32

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stuad\

description = allows error reporting for services and applictions
running in non-standard environments.
displayname = transaction coordinator
errorcontrol = 1
imagepath = c:\windows\crystal\smss.exe /service
objectname = localsystem
start = 2
type = 32

The following registry elements have been changed:

HKEY_CURRENT_USER\sessioninformation\

programcount = 2

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\

servicespipetimeout = 640

Removal

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.

Aliases

N/A

McAfee > Theat Center > PUP Detail Page

Navigation

Utility Navigation

Content