Home / malwarePDF  

Program:Win32/Pameseg.BX


First posted on 29 September 2012.
Source: Microsoft

Aliases :

There are no other names known for Program:Win32/Pameseg.BX.

Explanation :



Program:Win32/Pameseg.BX is a fake installer file that requires the user to send an SMS message to a premium number, or pay online, to complete installation of a program.



Installation

Program:Win32/Pameseg.BX is a fake installer for a legitimate program. The program is usually available for free from official sources; however, Program:Win32/Pameseg.BX is not from the official source.

It may have file names such as or similar to the following:

  • acdsee pro 5.exe
  • activator windows 7.exe
  • adobe flash player.exe
  • adobe photoshop cs3.exe
  • avast! free antivirus 7.0.exe
  • ccleaner.exe
  • cfosspeed.exe
  • counter-strike 1.6.exe
  • crysis 2 crack.exe
  • daemon tools pro 4.41.exe
  • directx11.exe
  • disksmartview 1.02.exe
  • dr.web cureit!.exe.part
  • firefox setup 15.0b1.exe
  • flash player.exe
  • flashplayer.exe
  • google chrome 11.exe
  • icq7 setup.exe
  • install.exe
  • itunes 10.exe.dmf
  • java.exe
  • kb909241x.exe
  • lovivkontakte.exe
  • mail.ru agent 5.9.exe
  • mcafee internet security 2011.exe
  • microsoft directx 11.exe
  • microsoft visio 2007.exe.dmf
  • minecraft 1.8.exe
  • minecraft.exe
  • mozilla firefox 10.exe.part
  • ms excel2010.exe
  • ms office 2003.exe
  • ms office 2007 rus.exe
  • ms powerpoint 2010.exe
  • ms powerpoint2010.exe
  • ms word 2007.exe
  • nero 10.exe
  • nero vision 8.exe
  • nero.exe
  • office activator.exe
  • office2010.exe
  • opera 11.exe
  • opera.exe
  • photoshop.exe
  • picasa 4.exe
  • quicktime.exe
  • raidcall.exe
  • skype.exe
  • steam.exe
  • ultraiso premium.exe
  • utorrent.exe
  • vkbot.exe
  • vkontakte dj 3.40.exe
  • vksaver.exe
  • vmware workstation.exe
  • winamp.exe
  • windows 7.exe
  • windows media player 12.exe
  • winrar 4.1.exe
  • winrar.exe
  • wot.exe
  • yahoomessenger.exe


When run, Program:Win32/Pameseg.BX may display an interface similar to the original installer.

The main difference between Program:Win32/Pameseg.BX and the original installer is that, with Program:Win32/Pameseg.BX, at some point during the installation process, you are asked to send an SMS message to a premium number, or do an online payment, to complete the installation, for example:











If you are asked to pay online, your browser may open to a page in the website "zipmonster.ru":



Note that most of the imitated programs are available for free; therefore no payment is necessary if you download the program from legitimate sources.

Additional resources
  • Easy Money: Program:Win32/Pameseg (part one)
  • Easy Money: Program:Win32/Pameseg (part two)




Analysis by Ricardo Robielos

Last update 29 September 2012

 

TOP

Malware :

Family: