Posted 28 June 2005 - 09:55 AM
I am a level 2 tech at a leading anti virus company (that will remain unnamed). I recently have been researching a surge in infections with the W32/Alemod aka W32/Destophijack and an intresting thing came up.
The Smitfraud, or Smithfraud, that has recently been plaguing users uses a file (wp.bmp) and several registry edits to hijack your desktop as some of you may know. The Alemod/Desktophijack attempts to do the same, but hasn't seemed to actually succeed from the cases I have studied. The Alemod tries to download the files from ftp.psguard.com, and intrestingly enough, Spyware-Agent.H is actually a program called psguardinstall.exe.
I dont know if this is the right forum for this.. if not move it where you want. Any questions could probably be directed to psguard support (firstname.lastname@example.org). ;)