||||
Symantec.com > Security Response > Threats and Risks > PCHealthPlan
PRINT THIS PAGE

PCHealthPlan

Printer Friendly Page

Updated: February 13, 2007 11:49:23 AM
Type: Misleading Application
Publisher: pchealthplan.com
Risk Impact: Medium
File Names: %UserProfile%\Desktop\PC Health Plan.lnk %UserProfile%\Local Settings\Temp\Trak.html %UserProfil
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When PCHealthPlan is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Desktop\PC Health Plan.lnk
    • %UserProfile%\Local Settings\Temp\Trak.html
    • %UserProfile%\Start Menu\PC Health Plan.lnk
    • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\PC Health Plan\PC Health Plan.lnk
    • %SystemDrive%\logerrorPCHP.txt
    • %ProgramFiles%\PC Health Plan\DebugLogs\*.log
    • %ProgramFiles%\PC Health Plan\Def.DAT
    • %ProgramFiles%\PC Health Plan\pages.ini
    • %ProgramFiles%\PC Health Plan\PC Health Plan.exe
    • %ProgramFiles%\PC Health Plan\SKIN\*.jpg
    • %ProgramFiles%\PC Health Plan\SKIN\scan.swf
    • %ProgramFiles%\PC Health Plan\SKIN\skin.ini
    • %ProgramFiles%\PC Health Plan\SKIN\vssver.scc
    • %ProgramFiles%\PC Health Plan\unins000.dat
    • %ProgramFiles%\PC Health Plan\unins000.exe
    • %Windir%\PCHP.exe.lnk


      Notes:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Plan_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\PC Health Plan
    HKEY_CURRENT_USER\Software\Microsoft\PingPixel
  3. Incorrectly detects clean files as infected, and gives exaggerated reports of errors in the registry.

  4. Uses these false results in an attempt to persuade users to register the product for a fee.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS