NewMediaCodec and Ultimate Cleaner

By secgeeks - Posted on July 15th, 2007

Tagged:

113

The new, updated NewMedicaCodec does all things that the old one used to do. It hijacks Desktop background and IE start page, generates fake security alerts etc. Now, it tries to install another rogue software named Ultimate Cleaner. As of now, not all AVs detect this. VirusTotal scan results of some of the NewMediaCodec related files shown below:

File: UltimateCleaner_Installer.exe Antivirus - Result AhnLab-V3 - no virus found AntiVir - no virus found Authentium - Possibly a new variant of W32/SelfStarterInternetTrojan!Maximus Avast - no virus found AVG - Potentially harmful program WinFixer.IP BitDefender - no virus found CAT-QuickHeal - no virus found ClamAV - no virus found DrWeb - no virus found eSafe - suspicious Trojan/Worm eTrust-Vet - Win32/Matefender.A Ewido - Adware.UltimateDefender FileAdvisor - no virus found Fortinet - Misc/Ultimate F-Prot - W32/SelfStarterInternetTrojan!Maximus Ikarus - not-a-virus:.FraudTool.Win32.UltimateDefender.a Kaspersky - not-a-virus:FraudTool.Win32.UltimateDefender.c McAfee - potentially unwanted program Ultimate Microsoft - no virus found NOD32v2 - probably a variant of Win32/Adware.UltimateDefender Norman - no virus found Panda - Generic Malware Sophos - no virus found Sunbelt - Trojan-Downloader.MisleadApp Symantec - Downloader.MisleadApp TheHacker - no virus found VBA32 3.12.- no virus found VirusBuster - no virus found Webwasher-Gateway - Worm.Win32.ModifiedUPX.gen!90 (suspicious) Aditional information File size: 97328 bytes MD5: f6dd6623dce0f12c425376ccaa0aaf34 SHA1: c888d886a5473e3e096ad6e9e52a83ea93da1bb9 packers: UPX packers: UPX packers: UPX

File: UltimateCleaner.exe Antivirus - Update Result AhnLab-V3 - no virus found AntiVir - no virus found Authentium - no virus found Avast - no virus found AVG - no virus found BitDefender - no virus found CAT-QuickHeal - no virus found ClamAV - no virus found DrWeb - Trojan.Fakealert.289 eSafe - no virus found eTrust-Vet - no virus found Ewido - no virus found FileAdvisor - no virus found Fortinet - Misc/Ultimate F-Prot - no virus found Ikarus - no virus found Kaspersky - no virus found McAfee - no virus found Microsoft - no virus found NOD32v2 - no virus found Norman - no virus found Panda - no virus found Sophos - Ultimate Cleaner Sunbelt - no virus found Symantec - UltimateCleaner TheHacker - no virus found VBA32 - suspected of Trojan.Agent.16 (paranoid heuristics) VirusBuster - no virus found Webwasher-Gateway - Riskware.Fake.UltimCl.A Aditional information File size: 1336776 bytes MD5: 59279dd75bd78f6840cf1bc919adf703 SHA1: afaffcba441239e3d4e06ecb7be844bae9e06280

Files dropped by NewMediaCodecInstaller.exe are:
Au_.exe ddxplugin.exe main_uninstaller.exe msddx.dll msqnx.dll qnxplugin.dll UltimateCleaner_Installer.exe udefender_setup.exe rs.txt dat.txt

UltimateCleaner can be removed either manually by following the instructions present at BleepingComputer or automatically by using Malwarebytes RogueRemover.

Bookmark/Search this post with: