Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:DR/Cinmus.dol
Date discovered:25/07/2008
Type:Dropper
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:174.521 Bytes
MD5 checksum:c5d61213ae4e6ab03df1307ddd348b5b
IVDF version:7.00.05.168 - Friday, July 25, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: not-a-virus:AdWare.Win32.Cinmus.nfa
   •  F-Secure: AdWare.Win32.Cinmus.nfa
   •  Sophos: Mal/Emogen-N
   •  Grisoft: Rootkit-Agent.B
   •  VirusBuster: Rootkit.Cinmus.Gen.6
   •  Eset: a variant of Win32/Adware.Cinmus application
   •  Bitdefender: Trojan.Agent.AITX


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a file
   • Drops malicious files

 Files The following files are created:

– A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\%four-digit random character string%.tmp\System.dll

%PROGRAM FILES%\Microsoft Office\SYSTEM\scm14.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Agent.16384.56

%PROGRAM FILES%\Microsoft Office\SYSTEM\23.sys Further investigation pointed out that this file is malware, too. Detected as: TR/Rootkit.Gen

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • NSIS

Description inserted by Thomas Wegele on Friday, August 8, 2008
Description updated by Philipp Wolf on Monday, August 11, 2008

Back . . . .