Avira Virus Lab

‹ Back

PUA/Startfenster.EL.6234123

Summary
  • Name
    PUA/Startfenster.EL.6234123
  • Date discovered
    Jul 17, 2017
  • VDF version
    7.14.17.194 (2017-07-17 11:42)
Description

This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user's privacy and the security of the local system. These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted. A PUA application classification is the result of software, an advert, or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications. This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user's privacy or system security might be compromised. Disabling this detection is only recommended for advanced users who understand the risks and how to use these applications.

  • VDF
    7.14.17.194 (2017-07-17 11:42)
  • Files
    The following files are deleted:
    • %TEMPDIR%\nsx1.tmp
    • %TEMPDIR%\nsm2.tmp
    The following files are created:
    • %TEMPDIR%\nsx1.tmp
    • %TEMPDIR%\nsm2.tmp
    • %TEMPDIR%\nsm2.tmp\ioSpecial.ini
    • %TEMPDIR%\nsm2.tmp\modern-wizard.bmp
    • %TEMPDIR%\nsm2.tmp\InstallOptions.dll
  • Injections
    • %SYSDIR%\services.exe{<-\RPC Control\ntsvcs}
  • Aliases
    G Data: Win32.Application.Gnilohb.A