TROJ_AGENT.MGSM
Posted: October 4, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | October 4, 2012 |
|---|---|
| OS(es) Affected: | Windows |
TROJ_AGENT.MGSM is an alert for a browser hijacker, MyGeeksmail.dll, which exploits ISAPI filtering to cause browser redirects to unwanted websites. The TROJ_AGENT.MGSM-detected variant of MyGeeksmail.dll includes an Adobe certificate that seemingly confirms its identity as a trustworthy program, although SpywareRemove.com malware researchers note that this is clearly the consequence of an Adobe server breach that allowed criminals to gain limited access to Adobe's certificate information. TROJ_AGENT.MGSM, like all browser hijackers, is a danger to your PC and can expose you to harmful content – or just block you from visiting desirable websites. To delete TROJ_AGENT.MGSM safely, anti-malware software is recommended, since TROJ_AGENT.MGSM can conceal itself in unusual or sensitive locations (such as your Windows System folder).
The Agent of Browser Redirects Gets a Little Help from Hackers
A recent security compromise for an Adobe build server allowed criminals to access certificate-related information that, under normal circumstances, would only be available for the purposes of certifying official Adobe programs. TROJ_AGENT.MGSM was one of the two offspring of this effort, with the second being the spyware program PwDump7 (AKA HTKL_PWDUMP). Whereas PwDump7 steals passwords from Windows, TROJ_AGENT.MGSM is designed to redirect HTML requests to unwarranted destinations. SpywareRemove.com malware analysts have found similar browser-hijacking functions to be linked to phishing attacks, drive-by-download exploits, adware, negatively impacted search results and websites being blocked by fake warning pages.
Because TROJ_AGENT.MGSM uses an Adobe certificate to make itself seem trustworthy, SpywareRemove.com malware experts especially caution against downloading or launching files on the basis of their certificates alone. Adobe is scheduled to revoke the abused certificates early in October, but this revocation will not remove the certificates from PC threats like TROJ_AGENT.MGSM that already have them. Anti-malware software shouldn't experience any problems in detecting TROJ_AGENT.MGSM, regardless of its fraudulent identity credentials.
Getting Your Browser Back on the Straight and Narrow
The only major symptom of a TROJ_AGENT.MGSM infection is a series of browser redirects that take you to sites that are unrelated to your intended destinations. If you start to see redirects that you suspect to be from TROJ_AGENT.MGSM or another source, you should consider the likelihood of a security compromise and use anti-malware software for TROJ_AGENT.MGSM's detection and removal. In most circumstances, including those pertaining to TROJ_AGENT.MGSM, changes to browser settings are inadequate for preventing such attacks, which can attack multiple types of browsers.
TROJ_AGENT.MGSM is limited to Windows PCs and hasn't shown any form of defense to anti-malware software-based removal. Hence, the main danger of TROJ_AGENT.MGSM lies in its Adobe certificate, which is indicative of the increasing usage of social engineering by criminals who would prefer that their victims install malware of their own free will. As always, sites with downloads that may not be trustworthy should be avoided. If you must download a file that could turn out to be TROJ_AGENT.MGSM, SpywareRemove.com malware researchers can recommend no defense better than scanning it beforehand.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:myGeeksmail.dll'
File name: myGeeksmail.dll'Mime Type: unknown/dll'
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.