McAfee > Theat Center > Virus Detail Page

Overview

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Aliases

• Adware.VirtuMonde (NAV)

• BackDoor-CDR

Characteristics

This is not a virus or trojan. It is an application that generates extra pop-up ads while using Internet Explorer.

This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported.

The main executable of the application is likely to be using the filename SYSUPD.EXE or WINDOWSUPD.EXE. Once installed a Registry key is typically used to hook system startup. One of the following is likely to be present:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  \Run "SysUpd" = (path/filename to adware)
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  \Run "WindowsUpd" = (path/filename to adware)

Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch.

Please note that VirusScan 7, and higher, has an option that enables users to detect this kind of program automatically (see below).

Symptoms

N/A This is not a virus or trojan

Method of Infection

N/A This is not a virus or trojan

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants

N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Aliases

• Adware.VirtuMonde (NAV)

• BackDoor-CDR

Characteristics

Characteristics -

This is not a virus or trojan. It is an application that generates extra pop-up ads while using Internet Explorer.

This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported.

The main executable of the application is likely to be using the filename SYSUPD.EXE or WINDOWSUPD.EXE. Once installed a Registry key is typically used to hook system startup. One of the following is likely to be present:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  \Run "SysUpd" = (path/filename to adware)
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  \Run "WindowsUpd" = (path/filename to adware)

Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch.

Please note that VirusScan 7, and higher, has an option that enables users to detect this kind of program automatically (see below).

Symptoms

Symptoms -

N/A This is not a virus or trojan

Method of Infection

Method of Infection -

N/A This is not a virus or trojan

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

N/A