Generic28.AULI

Posted: May 21, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	66

First Seen:	May 21, 2012
OS(es) Affected:	Windows

Generic28.AULI is a recently-detected Trojan that's often installed along with other PC threats. Along with symptoms that are caused by related types of hostile software, Generic28.AULI may change your Windows Registry, but isn't likely to create other obvious symptoms – besides, of course, warning messages from any anti-malware programs that are installed on your PC. SpywareRemove.com malware analysts have found that some Generic28.AULI attacks have been preceded by fake Microsoft Windows updates, and note that such symptoms are, in and of themselves, often a sign of infection by a Trojan dropper or similar PC threat. Since Generic28.AULI's newness to the malware scene has left its complete payload obfuscated at the time of this writing, it's recommended that you scan your PC to find and remove Generic28.AULI and anything else that came with Generic28.AULI ASAP, instead of trying to determine the location or danger level of Generic28.AULI by yourself.

Generic28.AULI, the Trojan with a Spy at Your Back

All recent Generic28.AULI attacks have been found to include PSW.SpyEye (AKA Trojan:Win32/Spyeye, TR/Spy.SpyEyes.hug or TSPY_SPYEYE.VI), a banking Trojan. Like every other banking Trojan, Generic28.AULI's partner PSW.SpyEye specializes in stealing bank account data, but SpywareRemove.com malware researchers note that PSW.SpyEye also includes more generically-applicable spyware attacks, in addition to the potential damage that could be created by Generic28.AULI's yet-to-be-defined payload. Symptoms of attacks by either Generic28.AULI or PSW.SpyEye haven't been noted as being visible, although you may be able to detect their attacks by monitoring your computer's memory usage or other resources via the Windows Task Manager.

Since Generic28.AULI is, so far, always installed with other types of hostile software, you should avoid any attempt to delete Generic28.AULI or detect Generic28.AULI by itself. Instead, SpywareRemove.com malware analysts strongly encourage you to use thorough anti-malware products to scan your entire hard drive until both Generic28.AULI and related PC threats, including additional components such as their Registry entries, have been removed. Attempting to modify the Windows Registry or other Windows components to rid yourself of Generic28.AULI manually, while feasible in the hands of PC security experts, also runs the risk of damaging your PC permanently if done in an improper fashion.

Generic28.AULI may also need to be disabled before you can complete Generic28.AULI's removal, since some anti-malware programs have been found to experience difficulties in removing Generic28.AULI without shutting Generic28.AULI down before their scans. SpywareRemove.com malware researchers suggest Safe Mode as the easiest way to accomplish this, although other measures up to and including booting an operating system from a removable drive are also available.

Why Tampering Down on Generic28.AULI Isn't Something to Delay

Attacks that are associated with Generic28.AULI and PSW.SpyEye can cause various forms of harm to your computer or the information stored therein, with some of the worst possibilities encompassing:

Theft of information that's transferred through website forms such as login credentials for bank accounts.
Keylogging attacks that record and steal keyboard input-based information.
The presence of rootkit components that can hide Generic28.AULI or PSW.SpyEye so that their attacks can continue beneath your notice. SpywareRemove.com malware experts note that rootkit-based PC threats are often capable of running in Safe Mode and can require particularly dedicated anti-malware software to be removed.
Other PC threats that are downloaded by either Generic28.AULI or PSW.SpyEye, including updates to their software that make it difficult for them to be deleted or detected.

Aliases

Trojan.Win32.Alureon [Ikarus]Trojan/Win32.Scar [AhnLab-V3]Trojan:Win32/Alureon.FR [Microsoft]Troj/Scar-BP [Sophos]TR/Crypt.ZPACK.Gen8 [AntiVir]MalCrypt.Indus! [Comodo]Gen:Variant.Kazy.66341 [BitDefender]UDS:DangerousObject.Multi.Generic [Kaspersky]Win32:Alureon-ATA [Trj] [Avast]a variant of Win32/Kryptik.ADQT [NOD32]DNSChanger.dq [McAfee](Suspicious) - DNAScan [CAT-QuickHeal]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 86.01 KB (86016 bytes)
MD5: 94988cda4674e3f9742dfa08a80155f5
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 28, 2012