Home / malware Program:Win32/Pameseg.BU
First posted on 14 March 2012.
Source: MicrosoftAliases :
Program:Win32/Pameseg.BU is also known as W32/ArchSMS.A.gen!Eldorado (Command), Trojan.SMSSend.1950 (Dr.Web), Win32/Packed.ZipMonster.E application (ESET), Hoax.Win32.ArchSMS (Ikarus), SMSFraud.ax (McAfee).
Explanation :
Program:Win32/Pameseg.BU is an installer file that requires the user to send an SMS message to a premium number to successfully install certain programs.
Top
Program:Win32/Pameseg.BU is an installer file that requires the user to send an SMS message to a premium number to successfully install certain programs.
Installation
Program:Win32/Pameseg.BU may arrive as an archive created using a tool called "ZipMonster":
More commonly, however, it may arrive as an installer for programs that are usually availabale for free. In the wild, Program:Win32/Pameseg.BU has been known to arrive as an installer for the following programs:
Adobe Flash Player
AeroPowder 2 Theme for Windows 7
Edge
Foxit PDF Editor
Google drivers
Grand Theft Auto
Mozilla Firefox
Opera
Skype
Steam
uTorrent
Winamp
Payload
Installs free programs for a fee
Program:Win32/Pameseg.BU requests that the user send a premium SMS to a certain number to complete installation of the program. However, since the program is usually available for free, the cost of the premium SMS is not necessary. The SMS number and its cost vary depending on what country the user is currently located in.
Adobe Flash Player
AeroPowder 2 Theme for Windows 7
Edge
Foxit PDF Editor
Google drivers
Grand Theft Auto
Mozilla Firefox
Opera
Skype
Steam
uTorrent
Winamp
In some instances, the program offers the option of a web service for payment. The user may pay, unnecessarily, for the program via e-money systems, credit card, or phone. In this case, the user may see an interface similar to the following:
Analysis by Daniel Chipiristeanu
Last update 14 March 2012
