RAT warning: Drumsite

Discussion in 'malware problems & news' started by Notok, Feb 13, 2005.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    A friend had installed a piece of software called Drumsite (a software drumkit kind of thing, this is a demo of paware), and found that it installed an adware dropper called InstaFinder. When this adware installed, it also placed a file PTCORE.EXE to the Windows directory (without needing to download), which KAV based scanners & TDS3 detected as a remote access trojan called Agent.BG. Although many scanners seem to have this in their database, this variant only seems to be detected by a very small number of scanners.

    So, for anyone that has installed this software, you've got some scanning to do :) Samples have been submitted to AV & AT companies, and the author of Drumsite was finally convinced to remove this from his installer.
Thread Status:
Not open for further replies.