RAT warning: Drumsite

Discussion in 'malware problems & news' started by Notok, Feb 13, 2005.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    A friend had installed a piece of software called Drumsite (a software drumkit kind of thing, this is a demo of paware), and found that it installed an adware dropper called InstaFinder. When this adware installed, it also placed a file PTCORE.EXE to the Windows directory (without needing to download), which KAV based scanners & TDS3 detected as a remote access trojan called Agent.BG. Although many scanners seem to have this in their database, this variant only seems to be detected by a very small number of scanners.

    So, for anyone that has installed this software, you've got some scanning to do :) Samples have been submitted to AV & AT companies, and the author of Drumsite was finally convinced to remove this from his installer.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.