Generic PUP.x!hv.n!34cbe7d67bbd
Additional type information.
Date that AVERT discovered this threat.
File size, in bytes, of the threat.
McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Date/time this description was published using Pacific Time.
Date/time this description was last modified using Pacific Time.
Tab Navigation
Characteristics
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
| File Property | Property Value |
|---|
| FileName | 1530.exe |
| McAfee Artemis | Artemis!34cbe7d67bbd
|
| McAfee Detection | Generic PUP.x!hv.n |
| Length | 181,072 bytes |
| CRC | 3EFA0CAC |
| MD5 | 34cbe7d67bbd61c895f1d21e4a778ebd
|
| SHA1 | D39E0B289DF4D9C1F412B63CB821DE45D97092BD
|
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|
Enumerates open windows
| Medium |
Uses shared memory of other processes
| Low |
Writes executable in the windows folder
| Low |
| Registers DLLs | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|
%WINDIR%\system32\nsinet.exe
| Generic PUP.x!hv.n |
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
%USERPROFILE%\local settings\temp\1530.exe
The following files have been added to the system:
%ALLUSERSPROFILE%\desktop\nocreditcard.lnk%PROGRAMFILES%\instant access\%PROGRAMFILES%\instant access\center\%PROGRAMFILES%\instant access\center\nocreditcard.lnk%PROGRAMFILES%\instant access\desktopicons%PROGRAMFILES%\instant access\desktopicons\nocreditcard.lnk%PROGRAMFILES%\instant access\multi\%PROGRAMFILES%\instant access\multi\20090607140657\%PROGRAMFILES%\instant access\multi\20090607140657\common\%PROGRAMFILES%\instant access\multi\20090607140657\common\module.php%PROGRAMFILES%\instant access\multi\20090607140657\dialerexe.ini%PROGRAMFILES%\instant access\multi\20090607140657\instant access.exe%PROGRAMFILES%\instant access\multi\20090607140657\js\%PROGRAMFILES%\instant access\multi\20090607140657\js\js_api_dialer.php%PROGRAMFILES%\instant access\multi\20090607140657\medias\%PROGRAMFILES%\instant access\multi\20090607140657\medias\dialer.ico%USERPROFILE%\start menu\nocreditcard.lnk%WINDIR%\dialerexe.ini%WINDIR%\system32\nsinet.exe
The following registry elements have been created:
HKEY_CURRENT_USER\software\egdhtml\- exestartfile = c:\program files\instant access\multi\20090607140657
\common\module.php
HKEY_LOCAL_MACHINE\software\classes\clsid\{df1c8e21-4045-4d67-b528-335f1a4f0de9}\localserver32\- (default) = c:\windows\system32\nsinet.exe /run
The following registry elements have been changed:
HKEY_CURRENT_USER\sessioninformation\- programcount = 2
- programcount = 3
HKEY_CURRENT_USER\Software\Microsoft\internet explorer\main\- notifydownloadcomplete = 7562617
HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\explorer\fileexts\.asp\openwithlist\- b = iexplore.exe
- mrulist = ab
- mrulist = ba
The application created the following network connection(s):
http
