Trojan and Malware "Puper" Removal

<< Trojan and Malware "Puper" Description and Removal

<< Windows Tutorials - Herong's Tutorial Examples

This section provides tutorial notes on how to remove 'Puper' generated .EXE files.

My only experience with Trojan Puper was again on my friend's computer this summer. While looking at the c:\windows\system32, I noticed 3 strange suspicious files:

>dir C:\WINDOWS\system32
07/21/2006  09:43 PM            17,750 vqfupqnr.exe
07/24/2006  12:22 AM            17,750 opuryycl.exe
07/24/2006  09:51 PM            17,750 uceysmkw.exe

I zipped all 3 suspicious files into a zip file, exe_200607.zip, and delete them from the system directory.

When I tried to open this zip file, my McAfee VirusScan On-Access Scan showed and reported that those files are Puper trojans:

vqfupqnr.exe   Puper   Trojan  Deleted
opuryycl.exe   Puper   Trojan  Deleted
uceysmkw.exe   Puper   Trojan  Deleted

Okay. This was nice. VirusScan is doing the job to pretect my system. But that VirusScan report seemed wrong. None of the Puper descriptions on the Internet says that Puper Trojan will create an .exe file with a name of 8 random letters.

I need to find another virus detection tool to look those suspicious files.

Conclusion:

• Puper Trojan modifies Internet Explorer settings to redirect default starting and search page to some advertiser Web site.
• McAfee VirusScan reports a 17,750 bytes uceysmkw.exe file as a Puper Trojan file.

Sections in This Chapter

What Is Trojan Puper?

Trojan and Malware "Puper" Removal