Home » News » Vulnerabilities » Trojan “Plays” With Install Files

Trojan “Plays” With Install Files

By Luciana on February 5, 2010 | Vulnerabilities, trojan, muster, mcafee, microsoft, malware

McAfee recently announced about the malware that attempts to hide its contagion in a quite exceptional way. At this point it is not a technical issue. The malicious software is able to hide its copy in a Windows help file to convince users their computers were infected.

“Muster” is a group of backdoor which has an ability to hide themselves under the help files. The help files or “.hlp” files are information files created to be run through with Microsoft WinHelp browser. At this point it is needed to provide online helps for applications users.

A recent variant Muster.e is dubbed to ant-virus provider McAfee. For that reason the Trojan infects a Windows file named as imepaden.hlp and collect the malicious content under the encrypted form. At the process the installed malware is removed but the unknown payload is renamed into an executable file named upgraderUI.exe. As a result, it is run by an affiliated installation file that runs automatically as Windows service.

Notice, that Muster.e stays installed on an infected computer. Furthemore, it does not disapear if most of the files are connected with malicious software are removed. It is suggested by McAfee to add help files if there any suspisious mind that PC may be infected.

More Vulnerabilities news

Firefox 9.0 and four critical flaws fixed

Firefox 9.0 and four critical flaws fixed

Firefox 9.0 comes with a faster JavaScript engine but the main thing it brings is fixes to four serious vulnerabilities that affect its earlier versions (except v3.6). The security hole could allow an attacker to execute malicious code on a machine using a specially arranged web page. Firefox 9.0 version fixed flaw that enabled the hackers to access out-of-bounds memory areas. Moreover, Firefox 9. Read more.


News categories

Latest news