Content

Generic PUP.x!d7ec0db7aa5f

Type
Program
SubType
-
Discovery Date
09/24/2009
Minimum DAT
5750 (09/23/2009)
Updated DAT
5750 (09/23/2009)
Minimum Engine
5300.2777
Description Added
09/24/2009
Description Modified
09/24/2009 1:41 AM (PT)

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File PropertyProperty Value
FileNameuninst.exe
McAfee ArtemisArtemis!d7ec0db7aa5f
McAfee DetectionGeneric PUP.x
Length88,505 bytes
CRC9DA849C9
MD5D7EC0DB7AA5F5E374543FFD920AF0987
SHA1C179FBB38F2E4048DE4C1BF68FC588DDE52129E7

Other Common Detection Aliases

Company NameDetection Name
FortiNetAdware/Agent
KasperskyTrojan-Dropper.Win32.Kamboda.cc
vba32AdWare.Win32.Agent.iwq

Avert® Labs has observed the following system activities:

ActivityRisk Level
Enumerates running processes
Medium
Uses shared memory of other processes
Low
Performs a shell execute of downloaded or existing files
Informational

Other detections that have been observed.

FileNameMcAfee Supported
%USERPROFILE%\local settings\temp\~nsu.tmp\au_.exe
Generic PUP.x

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

  • %USERPROFILE%\local settings\temp\uninst.exe

    • The following registry elements have been changed:

  • HKEY_CURRENT_USER\sessioninformation\
    • programcount = 1
    • programcount = 2
  • HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\
    • pendingfilerenameoperations = \??\c:\docume~1\admini~1\locals~1\temp
      \~nsu.tmp\au_.exe
    • pendingfilerenameoperations = \??\c:\docume~1\admini~1\locals~1\temp
      \~nsu.tmp\au_.exe\??\c:\docume~1\admini~1\locals~1\temp\~nsu.tmp

    • Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Aliases

    Aliases

      N/A