| Visit ThreatExpert web site | | | Close Report |
[Symantec] [Kaspersky Lab], Mal/TibsPk-A [Sophos] [Microsoft] [Ikarus]| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Modifies some system settings that may have negative impact on overall system security state. |  |
| Registers a 32-bit in-process server DLL. | |
| Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module). | |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
| Adware.AdMedia |
AdMedia is a Browser Helper Object which hooks to Internet Explorer and contacts various websites to download additional malware while Internet Explorere is open. |
| Adware.Component.Generic | Common Components that may be used by AdMedia, Adware.Allsum, Adware.Agent.BN, Trojan.Downloader.VideoCach and other adwares. |
| Threat Category | Description |
 |
A program that downloads files to the local computer that may represent security risk |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %ProgramFiles%\XPPoliceAntivirus\setup.dat | 0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
(not available) |
| 2 |
%Windir%\iehost.dll
|
20,480 bytes | MD5: 0x032E4630D0942E10768A12863664748D SHA-1: 0x519BBB6FF4560F8A5BC767C6297672FA52408DE2 |
RealAV [Symantec] not-a-virus:FraudTool.Win32.Agent.jc [Kaspersky Lab]Generic PUP.x [McAfee]Troj/FakeAV-KT [Sophos]Trojan:Win32/Tibs.gen!lds [Microsoft]Trojan.Win32.Tibs [Ikarus] |
| 3 | [file and pathname of the sample #1] | 73,222 bytes | MD5: 0x890BF32B34B7ABAB7AA7EA049215C429 SHA-1: 0x8C311A8B6096914F758BCAF82ACA465BCC885110 |
RealAV [Symantec] Trojan-Downloader.Win32.FraudLoad.vkbk [Kaspersky Lab]Mal/FakeVirPk-A , Mal/TibsPk-A [Sophos]TrojanDownloader:Win32/Renos.GN [Microsoft]Trojan-Downloader.Win32.Renos [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 159,744 bytes |
| [generic host process] | [generic host process filename] | 20,480 bytes |
| Service Name | Display Name | New Status | Service Filename |
| wscsvc | Security Center | "Stopped" | %System%\svchost.exe -k netsvcs |
 | Registry Modifications |
 | Other details |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.