|
Trojan and Adware - Puper (trojan.popuper)
Part:
1
2
This chapter describes:
- What Is Trojan Puper?
- My Experience with Trojan Puper
What Is Trojan Puper?
Puper is a malicious program for Windows system. Here are some short descriptions of Puper I found on the Internet:
1. From www.spynomore.com/trojan-search-hijacker-puper-updatesearches.htm
Alias of Puper are Puper.UpdateSearches and Trojan.Puper
Puper.UpdateSearches is a trojan malware application that changes
Internet Explorer's default home page and default search URL and
redirects traffic to updatesearches.com website. Puper.UpdateSearches
displays the a pop-up window with false spyware warning.
2. From vil.nai.com/vil/content/v_133666.htm:
The puper family of trojans are used to modify the internet explorer
home page and search page in addition to monitoring internet usage.
The puper trojan monitors its own processes and will continually
execute them to ensure they stay in memory. Additionally it will
launch every time explorer.exe gets launched.
This trojan may drop hpxxxx.tmp where xxxx is random characters.
This file will be detected as puper.dll and is responsible for the
start page and search page behavior.
3. From www.sophos.com/security/analyses/trojpuperd.html:
Aliases of Puper:
- trojan-clicker.win32.agent.dj
- trojan.win32.zapchast
- w32/adclicker.dn
- puper.dll
- trojan.popuper
Troj/Puper-D is a browser hacking Trojan for the Windows platform,
modifying settings for Microsoft Internet Explorer, including Start
Page and search settings.
When Troj/Puper-D is installed the following files are created:
c:\windows\system32\hhk.dll
c:\windows\system32\intmon.exe
c:\windows\system32\hpXX.tmp - where XX are random letters.
(Continued on next part...)
Part:
1
2
| 