Page 1 of 1

winsync (winsync.exe) file information

Posted: Sat Oct 23, 2004 7:49 pm
by Red Squirrel
Threat type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.

Threat category: Enabler - While not spyware, it provides functionality that spyware products have been known to exploit. Normally, these applications are okay to have running on your machine, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it.

Threat risk:
Explaination... High Risk
High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Description: Windows SyncroAd downloads files from the Internet and then saves them to the users computer.

The following are the URLs where the Trojan downloads files from:

http://vsbi.biz/counts/allnt.php
http://veiz.biz/counts/ncount.php
http://67.19.51.10/enter/aes.asp?user=stealth
http://www.vesbiz.biz/d/1346.exe
http://virgin-tgp.net/wioon.exe
http://selearch.biz/2.exe

Windows SyncroAd downloads the following files and saves them in the Windows system folder:

com.exe
host32.exe
ide21201.vxd
mouse.exe
mwvlfqxx.exe
printer.exe
printer32.exe

The file HOST32.EXE downloads and executes the files from the said URLs.

Advise: Remove This software is not necessarily hazardous unless it is used by a particular spyware threat. If you quarantine or remove all of the spyware threats from your computer you do not necessarily need to remove this program. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly.


GIANT Genetic Fingerprint: d38694a4-b586-467f-8893-faf406c705b8

File details reported from SpyNet

Name: WinSync.exe
File size: 17920 bytes
Partial MD5 hash: 6d687d69c3811a8849ce25585...
Reported: 10/4/2004 8:59:05 AM

Name: WinSync.exe
File size: 17920 bytes
Partial MD5 hash: 6d687d69c3811a8849ce25585...
Reported: 10/4/2004 8:58:09 AM

Name: WinSync.exe
File size: 17920 bytes
Partial MD5 hash: 6d687d69c3811a8849ce25585...
Reported: 10/4/2004 8:50:34 AM

Name: WinSync.exe
File size: 17920 bytes
Partial MD5 hash: 6d687d69c3811a8849ce25585...
Reported: 10/4/2004 8:49:31 AM

Name: WinSync.exe
File size: 17920 bytes
Partial MD5 hash: 6d687d69c3811a8849ce25585...
Reported: 10/4/2004 8:46:19 AM


***More info***

Archived topic from Iceteks, old topic ID:2778, old post ID:22827