WARNING:
Modified Mobile Master installation (e.g. from RapidShare) installs malware.
Please, never download installations from suspicious web sites like Rapid Share.
Today, we found a modified Mobile Master Installation, that installs malware.
If you did install such a modified Mobile Master Installation, please check the temp folder (Start->Run-> type in %temp% -> OK), if there are the files epxlorer.exe and svchost.exe. They are hidden, so make sure that hidden files are shown (explorer->Tools->Options).
If both files are in the temp folder then you probably got infected.
We have reported that to Kasperksy Labs and they confirmed that. It should be detected with the next update of their signatures.
 |
How do I found out if I have an original Mobile Master Installation?
MobileMasterInst.exe is signed digitally. Start the Mobile Master Installation only if it has a valid digital signature.
Right click at the Mobile Master Installation file and select properties. There must be a tab 'Digital Signature' (see picture). If that tab is missing do not start that installation. Best is to delete that file immediately with Shift + Del.
Please only load installation from known websites.
Update, 23.03.2009, 16:40
Kaspersky has confirmed that the modified installation conatains a trajan (Trojan.Win32.Inject.qom)and has updated its signatures. though with the signatures the from 19.3.2009 or later the trojan will be detected.
Avira (Antivir) has confirmed as well (they named the trojan DR/Inject.qom), and will update its signatures with the next update.
Christoph Güntner