| Red Squirrel - Oct-23-2004 server time |
| Threat type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. Threat category: Enabler - While not spyware, it provides functionality that spyware products have been known to exploit. Normally, these applications are okay to have running on your machine, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it. Threat risk: Explaination... High Risk High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Description: Windows SyncroAd downloads files from the Internet and then saves them to the users computer. The following are the URLs where the Trojan downloads files from: http://vsbi.biz/counts/allnt.php http://veiz.biz/counts/ncount.php http://67.19.51.10/enter/aes.asp?user=stealth http://www.vesbiz.biz/d/1346.exe http://virgin-tgp.net/wioon.exe http://selearch.biz/2.exe Windows SyncroAd downloads the following files and saves them in the Windows system folder: com.exe host32.exe ide21201.vxd mouse.exe mwvlfqxx.exe printer.exe printer32.exe The file HOST32.EXE downloads and executes the files from the said URLs. Advise: Remove This software is not necessarily hazardous unless it is used by a particular spyware threat. If you quarantine or remove all of the spyware threats from your computer you do not necessarily need to remove this program. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly. GIANT Genetic Fingerprint: d38694a4-b586-467f-8893-faf406c705b8 File details reported from SpyNet Name: WinSync.exe File size: 17920 bytes Partial MD5 hash: 6d687d69c3811a8849ce25585... Reported: 10/4/2004 8:59:05 AM Name: WinSync.exe File size: 17920 bytes Partial MD5 hash: 6d687d69c3811a8849ce25585... Reported: 10/4/2004 8:58:09 AM Name: WinSync.exe File size: 17920 bytes Partial MD5 hash: 6d687d69c3811a8849ce25585... Reported: 10/4/2004 8:50:34 AM Name: WinSync.exe File size: 17920 bytes Partial MD5 hash: 6d687d69c3811a8849ce25585... Reported: 10/4/2004 8:49:31 AM Name: WinSync.exe File size: 17920 bytes Partial MD5 hash: 6d687d69c3811a8849ce25585... Reported: 10/4/2004 8:46:19 AM ***More info*** |