Trojan and Malware "Puper" Removal

Q

Trojan and Malware "Puper" Removal

✍: Guest

A

While looking at the c:\windows\system32, I noticed 3 strange suspicious files:
>dir C:\WINDOWS\system32
07/21/2006 09:43 PM 17,750 vqfupqnr.exe
07/24/2006 12:22 AM 17,750 opuryycl.exe
07/24/2006 09:51 PM 17,750 uceysmkw.exe

Zipped all 3 suspicious files into a zip file, exe_200607.zip, and delete them from the system directory.

When tried to open this zip file, my McAfee VirusScan On-Access Scan showed and reported that those files are Puper trojans:

vqfupqnr.exe Puper Trojan Deleted
opuryycl.exe Puper Trojan Deleted
uceysmkw.exe Puper Trojan Deleted

Okay. This was nice. VirusScan is doing the job to pretect my system. But that VirusScan report seemed wrong. None of the Puper descriptions on the Internet says that Puper Trojan will create an .exe file with a name of 8 random letters.

Need to find another virus detection tool to look those suspicious files.
Conclusion:
* Puper Trojan modifies Internet Explorer settings to redirect default starting and search page to some advertiser Web site.
* McAfee VirusScan reports a 17,750 bytes uceysmkw.exe file as a Puper Trojan file.

2009-02-10, 5538🔥, 0💬