Generic PUP.x!hv.n!a8a8ad1835b0

Content

Generic PUP.x!hv.n!a8a8ad1835b0

Type: Program
SubType: -
Discovery Date: 09/03/2009
Minimum DAT: 5730 (09/03/2009)
Updated DAT: 5730 (09/03/2009)
Minimum Engine: 5300.2777
Description Added: 09/03/2009
Description Modified: 09/03/2009 10:09 AM (PT)

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property	Property Value
FileName	7fce5b9acbdbfb797e9477a977475de08847c159.exe
McAfee Artemis	Artemis!a8a8ad1835b0
McAfee Detection	Generic PUP.x!hv.n
Length	187,586 bytes
CRC	595B4925
MD5	A8A8AD1835B0B71581596513622507D8
SHA1	7FCE5B9ACBDBFB797E9477A977475DE08847C159

Other Common Detection Aliases

Company Name	Detection Name
avast	Win32:VB-MBN [Trj]
AVG (GriSoft)	Dropper.Small.AQD (Trojan horse)
Avira	TR/Dldr.VB.keh
BitDefender	Trojan.Generic.2185849
clamav	Trojan.Downloader-68836
Eset	Win32/Injector.HO trojan (variant)
F-Prot	w32/skintrim.a
Kaspersky	not-a-virus:Porn-Dialer.Win32.InstantAccess.fos
microsoft	Trojan:Win32/Skintrim.gen!D [generic]
norman	W32/Dialer.DUIC
rising	Trojan.Win32.Skintrim.FT
Sophos	InstantAccess (PUA)
Symantec	Dialer.Dialpass
Trend Micro	DIAL_INSTACCES
vba32	Trojan-Downloader.Win32.VB.keh
V-Buster	Trojan.Skintrim.DKX (trojan)
Vet (Computer Associates)	Win32/SillyDl.HBM

Avert® Labs has observed the following system activities:

Activity	Risk Level
Enumerates open windows	Medium
Uses shared memory of other processes	Low

Other detections that have been observed.

FileName	McAfee Supported
%WINDIR%\system32\nsinet.exe	Generic PUP.x!hv.n

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

%USERPROFILE%\local settings\temp\7fce5b9acbdbfb797e9477a977475de08847c159.exe

The following files have been added to the system:

%ALLUSERSPROFILE%\desktop\superbabes.lnk

%PROGRAMFILES%\instant access\

%PROGRAMFILES%\instant access\center\

%PROGRAMFILES%\instant access\center\superbabes.lnk

%PROGRAMFILES%\instant access\center\superbabes.upd

%PROGRAMFILES%\instant access\center\tray1.ico

%PROGRAMFILES%\instant access\desktopicons

%PROGRAMFILES%\instant access\desktopicons\superbabes.lnk

%PROGRAMFILES%\instant access\multi\

%PROGRAMFILES%\instant access\multi\20090902060923\

%PROGRAMFILES%\instant access\multi\20090902060923\common\

%PROGRAMFILES%\instant access\multi\20090902060923\common\module.php

%PROGRAMFILES%\instant access\multi\20090902060923\dialerexe.ini

%PROGRAMFILES%\instant access\multi\20090902060923\instant access.exe

%PROGRAMFILES%\instant access\multi\20090902060923\js\

%PROGRAMFILES%\instant access\multi\20090902060923\js\js_api_dialer.php

%PROGRAMFILES%\instant access\multi\20090902060923\medias\

%PROGRAMFILES%\instant access\multi\20090902060923\medias\button1.gif

%PROGRAMFILES%\instant access\multi\20090902060923\medias\button2.gif

%PROGRAMFILES%\instant access\multi\20090902060923\medias\button3.gif

%PROGRAMFILES%\instant access\multi\20090902060923\medias\button4.gif

%PROGRAMFILES%\instant access\multi\20090902060923\medias\dialer.ico

%USERPROFILE%\start menu\superbabes.lnk

%WINDIR%\dialerexe.ini

%WINDIR%\system32\nsinet.exe

The following registry elements have been created:

HKEY_CURRENT_USER\software\egdhtml\

ca_passaccessdelay = 0
ca_passgendelay = 0
cert = 5457241
exestartfile = c:\program files\instant access\multi\20090902060923
\common\module.php
upd_com_time = 308214
upd_com_time_between = 1680
update_script = http://update.dlv4.com/updscript.php?p
=14e416e628e83aea1a59889786e4e315b617e749ba1bba19b817068564257637b8095a
5b8a4c58771925376839575b096d5e9a6c3b27397517b5597a1b3c3d5e3e3d48b716c40
4c406c618&promo_url
=http%3a%2f%2fscripts.dlv4.com%2fcommon%2fmodule.php%3fbroker

HKEY_CURRENT_USER\Software\Microsoft\systemcertificates\trustedpublisher\certificates\e6a6a4a475fce37f8b5ac2f1244deb2bfca5615a\

blob = [binary data]

HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\wintrust\trust providers\software publishing\trust database\0\

goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp =
electronic-group

HKEY_LOCAL_MACHINE\software\classes\clsid\{df1c8e21-4045-4d67-b528-335f1a4f0de9}\localserver32\

(default) = c:\windows\system32\nsinet.exe /run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\uninstall\instant access\

displayname = instant access
uninstallstring = c:\program files\internet explorer\iexplore.exe http
://scripts.downloadv3.com/cleaner/dialpassuninstall.exe

The following registry elements have been changed:

HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\run\

instant access = c:\windows\system32\nsinet.exe /res

Removal

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.

Aliases

N/A

McAfee > Theat Center > PUP Detail Page

Navigation

Utility Navigation

Content