Windows Tutorials - Herong's Tutorial Examples - v5.62, by Dr. Herong Yang
What Is Trojan Puper
This section provides a quick description of what is trojan and malware 'Puper' infecting Internet Explorer on Windows systems.
Puper is a malicious program for Windows system. Here are some short descriptions of Puper I found on the Internet:
1. From www.spynomore.com/trojan-search-hijacker-puper-updatesearches.htm
Alias of Puper are Puper.UpdateSearches and Trojan.Puper Puper.UpdateSearches is a trojan malware application that changes Internet Explorer's default home page and default search URL and redirects traffic to updatesearches.com website. Puper.UpdateSearches displays the a pop-up window with false spyware warning.
2. From vil.nai.com/vil/content/v_133666.htm:
The puper family of trojans are used to modify the internet explorer home page and search page in addition to monitoring internet usage. The puper trojan monitors its own processes and will continually execute them to ensure they stay in memory. Additionally it will launch every time explorer.exe gets launched. This trojan may drop hpxxxx.tmp where xxxx is random characters. This file will be detected as puper.dll and is responsible for the start page and search page behavior.
3. From www.sophos.com/security/analyses/trojpuperd.html:
Aliases of Puper: - trojan-clicker.win32.agent.dj - trojan.win32.zapchast - w32/adclicker.dn - puper.dll - trojan.popuper Troj/Puper-D is a browser hacking Trojan for the Windows platform, modifying settings for Microsoft Internet Explorer, including Start Page and search settings. When Troj/Puper-D is installed the following files are created: c:\windows\system32\hhk.dll c:\windows\system32\intmon.exe c:\windows\system32\hpXX.tmp - where XX are random letters.
Table of Contents