Home / malwarePDF  

Program:Win32/Microbillsys


First posted on 04 February 2009.
Source: SecurityHome

Aliases :

Program:Win32/Microbillsys is also known as Also Known As:Trojan.Win32.Agent.aghn (Kaspersky), Platte (McAfee).

Explanation :

Program:Win32/Microbillsys is a program from Platte International that processes payments made to the company's website. It cannot be removed from the Add/Remove Programs list in Control Panel; rather, a user requires an "uninstall code" before program removal can take place.

Symptoms
System ChangesThe following system changes may indicate the presence of Program:Win32/Microbillsys

  • The presence of the following registry entry:
    Added value: "plsi"
    With data: "<system folder>pm_proc1.exe"
    To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
  • The display of the following interface:


    • Program:Win32/Microbillsys is a program from Platte International that processes payments made to the company's website. It cannot be removed from the Add/Remove Programs list in Control Panel; rather, a user requires an "uninstall code" before program removal can take place. Upon execution, Program:Win32/Microbillsys creates the following registry entry to enable the program to automatically run every time Windows starts: Adds value: "plsi"
    With data: "<system folder>pm_proc1.exe"
    To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun Upon execution of the actual program, it displays the following interface: It also attempts to connect to "platteregistrations.com" to verify if the user is a valid customer.

    Analysis by Andrei Florin Saygo

    Last update 04 February 2009

     

    TOP

    Malware :