|
NicTech.BM2 Trojan Downloader Information
| Name: |
NicTech.BM2 |
| Category: |
Trojan Downloader |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Description:
|
NicTech.BM2 is an ActiveX download installed as BM2.cab. After installation it installs two randomley named files in the system directory that attempt to hide form processes by locading themselves into running applications.
Once installed BM2 downloads other adware/spyware applications without the users conscent such as Virtual Bouncer.
BM2 downloads advertsiments from http://inqwire.com. The display of advertisements seems to be generated from one of the installed dlls via a ShellExecute of Internet Explorer.
BM2 also downloads and installs the Virtumundo trojan.
From the EULA:
"During the process of installing the SOFTWARE PRODUCT, you may install software from third party software vendors pursuant to licenses or other arrangements between such vendors and yourself (“Third Party Software”). By installing and using this Third Party Software you accept these Third Party Software licenses or other arrangements. the Company does not sell, resell, or license any of this Third Party Software, and the Company disclaims to the maximum extent permitted by applicable law, any responsibility for or liability related to the Third Party Software. Any questions, complaints or claims related to the Third Party Software should be directed to the appropriate vendor. The Company makes no representations or warranties of any kind concerning the quality, safety or suitability of this Third Party Software, either express or implied, including without limitation any implied warranties of merchantability, fitness for a particular purpose, or non-infringement to the maximum extent permitted by applicable law, in no event will the Company be liable for any indirect, punitive, special, incidental or consequential damages however they may arise and even if the Company has been previously advised of the possibility of such damages. There are inherent dangers in the use of any software available for downloading on the Internet, and the Company cautions you to make sure that you completely understand the potential risks before agreeing to install any of the Third Party Software. You are solely responsible for adequate protection and backup of the data and equipment used in connection with any of the Third Party Software, and the Company will not be liable for any damages that you may suffer in connection with using, modifying or distributing any of the Third Party Software.
I UNDERSTAND AND AGREE THE SOFTWARE PRODUCT WILL MODIFY, REMOVE, AND ADD ENTRIES TO MY COMPUTER OPERATING SYSTEM, NETWORK PARAMETERS, AND OTHER INSTALLED FILES THAT WILL CHANGE THE PRIOR DEFAULT SETTINGS, AND/OR INSTALL SOFTWARE FROM THIRD PARTIES WITHOUT USER INTERVENTION. I UNDERSTAND THAT THIRD PARTY SOFTWARE may be subject to different licenses or other arrangements. I AGREE TO accept these Third Party Software licenses or other arrangements. THE COMPANY DISTRIBUTES, BUT does not sell, resell, or license any of this Third Party Software, and the Company disclaims to the maximum extent permitted by applicable law, any responsibility for or liability related to the Third Party Software. Any questions, complaints or claims related to the Third Party Software should be directed to the appropriate vendor. the Company makes no representations or warranties of any kind concerning the quality, safety or suitability of this Third Party Software, either express or implied, including without limitation any implied warranties of merchantability, fitness for a particular purpo
|
| Signatures:
|
process: updinstall.exe: MD5 Hash: 7ffa872f143c5b91c54...
process: updinstall.exe: MD5 Hash: d7bbcda1fec3dc84b21.. |
| Type: |
Trojan Downloader - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well. |
Top Trojan Downloader Visited Pages:
TrojanDownloader:Win32/Small.ADO - 338 visits
Trojan.Downloader.Slvr - 201 visits
Trojan.Downloader.Small.ADR - Alias: TrojanDownloader:Win32/Small.ADR - 61 visits
Peper - Alias: Backdoor.VB.nb, pepar trojan, Quadro - 55 visits
Bagle.HP - 47 visits
Bagle.BV - 46 visits
Trojan.Downloader.U - 46 visits
Trojan.Dropper.AV - Alias: Troj/Dropper-AV - 44 visits
Trojan.Downloader.Small.HS - Alias: TrojanDownloader:Win32/Small.HS - 41 visits
eXact.Downloader - 41 visits
Random Trojan Downloader Pages:
Trojan.Downloader.Small.popcorn - Alias: TrojanDownloader:Win32/Small.MA
Trojan.Downloader.Slvr
G0te Uploader - Alias: BackDoor-AUF, BackDoor-AUF.svr, TrojanDownloader.Win32.Gotecom
ActiveInstaller
ZGet - Alias: Downloader-AA trojan, Downloader.cfg trojan, TrojanDownloader.Win32.ZombGet.02.e
Msstask Download Trojan - Alias: BackDoor-AAF, BackDoor-FB.svr.gen trojan, BackDoor-FB.svr.gen, Backdoor/Win32.Myparty, I-Worm.Mypart
DynaWeb
Atmaca Downloader
Trojan.Downloader.Small.AAO - Alias: TrojanDownloader:Win32/Small.AAO
Bagle.BW
|
