McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Barrio Trojan

• DUNpws.ct

Characteristics

This is a password stealing trojan affecting Windows9x/ME. When run, the trojan installs itself as, MSCTVR32.EXE, to the WINDOWS SYSTEM directory and creates a registry key value to enable the program to load at startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Microsoft MMedia support=MSCTVR32.EXE

Once loaded, the trojan attempts to retrieve Dial-Up Networking usernames, passwords, and telephone numbers. It can also record keyboard events and ICQ identification numbers. This information is compiled in to a report and sent via SMTP to an email address specified in the program.

Symptoms

Presence of MSCTVR32.EXE in your WINDOWS SYSTEM directory.

Method of Infection

Accidentally or intentionally running this trojan infects your machine.

Removal

All Windows Users:
Use current engine and DAT files for detection and removal.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys

Restart the computer

Delete the files mentioned above

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Barrio Trojan

• DUNpws.ct

Characteristics

Characteristics -

This is a password stealing trojan affecting Windows9x/ME. When run, the trojan installs itself as, MSCTVR32.EXE, to the WINDOWS SYSTEM directory and creates a registry key value to enable the program to load at startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Microsoft MMedia support=MSCTVR32.EXE

Once loaded, the trojan attempts to retrieve Dial-Up Networking usernames, passwords, and telephone numbers. It can also record keyboard events and ICQ identification numbers. This information is compiled in to a report and sent via SMTP to an email address specified in the program.

Symptoms

Symptoms -

Presence of MSCTVR32.EXE in your WINDOWS SYSTEM directory.

Method of Infection

Method of Infection -

Accidentally or intentionally running this trojan infects your machine.

Removal -

Removal -

All Windows Users:
Use current engine and DAT files for detection and removal.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys

Restart the computer

Delete the files mentioned above

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A