Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP

Trojan and Malware "Puper" Removal

Q

Trojan and Malware "Puper" Removal

✍: Guest

A

While looking at the c:\windows\system32, I noticed 3 strange suspicious files:
>dir C:\WINDOWS\system32
07/21/2006 09:43 PM 17,750 vqfupqnr.exe
07/24/2006 12:22 AM 17,750 opuryycl.exe
07/24/2006 09:51 PM 17,750 uceysmkw.exe

Zipped all 3 suspicious files into a zip file, exe_200607.zip, and delete them from the system directory.

When tried to open this zip file, my McAfee VirusScan On-Access Scan showed and reported that those files are Puper trojans:

vqfupqnr.exe Puper Trojan Deleted
opuryycl.exe Puper Trojan Deleted
uceysmkw.exe Puper Trojan Deleted

Okay. This was nice. VirusScan is doing the job to pretect my system. But that VirusScan report seemed wrong. None of the Puper descriptions on the Internet says that Puper Trojan will create an .exe file with a name of 8 random letters.

Need to find another virus detection tool to look those suspicious files.
Conclusion:
* Puper Trojan modifies Internet Explorer settings to redirect default starting and search page to some advertiser Web site.
* McAfee VirusScan reports a 17,750 bytes uceysmkw.exe file as a Puper Trojan file.

2009-02-10, 5372👍, 0💬

Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP