Content

Generic PUP.x!19F0B105

Type
Program
SubType
-
Discovery Date
08/01/2008
Length
1160192
Minimum DAT
5352 (08/01/2008)
Updated DAT
5352 (08/01/2008)
Minimum Engine
5.2.00
Description Added
08/01/2008
Description Modified
08/01/2008 12:50 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File PropertyProperty Value
File Name080701-2-8.exe
McAfee DetectionGeneric PUP.x
Length1,160,192 bytes
CRC3219F0B105
MD530f22525ffdac599f8047aadf4f0b928
SHA1DA4217366EF9D17971FD91C27EEB3AF97683809D

Other Common Detection Aliases

Company NameDetection Name
AvastWin32:Fraudo
Microsoftvirtool:win32/obfuscator.be
SymantecWinSpywareProtect
Trend MicroTROJ_ANTISPYC.C
V-BusterTrojan.DL.FraudLoad.CN.Gen

Avert® Labs has observed the following system activities:

ActivityRisk Level
Modifies Memory of Other Processes
High
Enumerates running Processes
Medium
Creates Registry Keys and Data values persistent on OS Reboot
Low
Enumerates open windows
Low
Program often suspends itself
Informational

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files have been added to the system:

  • %ALLUSERSPROFILE%\application data\adsl software ltd
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\base
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\deleted
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\log
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\log\20080121083453562.log
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\saved

    • The following registry elements have been created:

  • HKEY_CURRENT_USER\software\adsl software ltd\winspywareprotect\6.0\
    • installtime = -404599858
    • start counter = 1
  • HKEY_CURRENT_USER\software\adsl software ltd\winspywareprotect\6.0\config\
    • (default) = [binary data]
  • HKEY_LOCAL_MACHINE\software\classes\taconlyone\
    • winspywareprotect = 784

    • The following registry elements have been changed:

  • HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\
    • winspywareprotect = "c:\documents and settings\administrator\local
      settings\temp\080701-2-8.exe" /autorun

    • The application created the following network connection(s):

  • int.Winspywareprotects.com port (80) Protocol (http)
    • hxxp://int.Winspywareprotects.com
      /****************************************************

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    This is not a virus or Trojan. PUPs do not "infect" systems. They may be installed by a user individually or possibly as a part of a software package (in a bundle, for example).

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    McAfee® Avert® Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this or another bundled application, you may have legal obligations with regard to removing this software, or to using the host application without this software. Please contact the software vendor for further information.

    See http://vil.nai.com/vil/DATReadme.aspx for a list of program detections added to the DATs.

    See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude the detection of legitimately installed programs.

    This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

    Characteristics

    Characteristics -

    This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

    File PropertyProperty Value
    File Name080701-2-8.exe
    McAfee DetectionGeneric PUP.x
    Length1,160,192 bytes
    CRC3219F0B105
    MD530f22525ffdac599f8047aadf4f0b928
    SHA1DA4217366EF9D17971FD91C27EEB3AF97683809D

    Other Common Detection Aliases

    Company NameDetection Name
    AvastWin32:Fraudo
    Microsoftvirtool:win32/obfuscator.be
    SymantecWinSpywareProtect
    Trend MicroTROJ_ANTISPYC.C
    V-BusterTrojan.DL.FraudLoad.CN.Gen

    Avert® Labs has observed the following system activities:

    ActivityRisk Level
    Modifies Memory of Other Processes
    		High
    Enumerates running Processes
    		Medium
    Creates Registry Keys and Data values persistent on OS Reboot
    		Low
    Enumerates open windows
    		Low
    Program often suspends itself
    		Informational

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following files have been added to the system:

  • %ALLUSERSPROFILE%\application data\adsl software ltd
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\base
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\deleted
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\log
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\log\20080121083453562.log
  • %ALLUSERSPROFILE%\application data\adsl software ltd\winspywareprotect\saved

    • The following registry elements have been created:

  • HKEY_CURRENT_USER\software\adsl software ltd\winspywareprotect\6.0\
    • installtime = -404599858
    • start counter = 1
  • HKEY_CURRENT_USER\software\adsl software ltd\winspywareprotect\6.0\config\
    • (default) = [binary data]
  • HKEY_LOCAL_MACHINE\software\classes\taconlyone\
    • winspywareprotect = 784

    • The following registry elements have been changed:

  • HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\
    • winspywareprotect = "c:\documents and settings\administrator\local
      settings\temp\080701-2-8.exe" /autorun

    • The application created the following network connection(s):

  • int.Winspywareprotects.com port (80) Protocol (http)
    • hxxp://int.Winspywareprotects.com
      /****************************************************

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    This is not a virus or Trojan. PUPs do not "infect" systems. They may be installed by a user individually or possibly as a part of a software package (in a bundle, for example).

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A