4 Replies Latest reply on Nov 9, 2013 5:47 AM by Peter M

    Trying To Find Info On Malware File Titled: Univ.script/99c

    southerntrouble

      Good Evening/Morning (Depending upon what time zone you're in)!

       

      I have a couple of questions that, thus far, no one has been able to help answer!

       

      About 10 days ago I was downloading a trial version of a game from a site that I use all of the time!  (Never had any problem with them regarding anything!)  When getting one of their games, you must first download the file, then install, then activate.  You must give the computer permission twice in this process.  It was right as the game finished installing, McAfee popped up stating that a Trojan by the name of Univ.script/99c had been detected.  After it was quarantine, I went to look at the file to see if it was linked with the game I just installed.  Both the game file and the Trojan were downloaded within 60 seconds of each other.  I've contacted the game site and they've had their people go through but cannot get it the issue to reinact for them, so they're presuming it had nothig to do with their site.  But in all honesty, I have a hard time believing this was simply coincidental!  Anyone have an explanation as to how this may have happened from the game site but still be undetected on their end?

       

      My second question I could find no information on either which is what does this file do (Univ.script/99c)?  I've googled it, I've searched McAfee and several other security sites and no one explains what this one does.  Anyone out here have any idea?

       

      Thanks for any opinions or information!  I appreciate it!

       

      Sincerely,

       

      Elizabeth J. Darsey

        • 1. Re: Trying To Find Info On Malware File Titled: Univ.script/99c
          Peacekeeper

          As it came down at similar time best way is to remove same file and retry the install if you get it again I would say that is partly proof.

           

          Re malware that is an old detection maybe restore the file and submit it to Virus total and see what they say.

          http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=101194

           

           

           

          on 09/11/13 6:28:24 EST AM
          • 2. Re: Trying To Find Info On Malware File Titled: Univ.script/99c
            conductorwho

            I had something similar to this happen to me earlier on this year when I installed a program called MicroDEM, albeit it quarantined the program uninstaller via heuristics (how I know was its Artemis.**** designation). It's very likely that some kind of trojan was packaged with the software or a sample very similar to said trojan was detected via heuristics.

             

            Could you put the link (albeit with a break between the name and .com so it's not an active hyperlink) lto the site where you downloaded it? There's a user/moderator by the name of Hayton on here who might be of some assistance and be able to inspect the site.

             

            FYI: I'd also suggest downloading SiteAdvisor. If the site you visited had a green check, it's likely legit. However if it's got anything else...well, ya might want to submit it for review, or in the case of a red "X" just avoid 'em until they straighten things out.

             

            Message was edited by: conductorwho on 11/8/13 6:54:27 PM CST
            • 3. Re: Trying To Find Info On Malware File Titled: Univ.script/99c
              spc3rd

              Hello Elizabeth and welcome to the McAfee Community Forums,

               

                   In addition to the information & recommendations kindly-provided by Moderator Tony & conductorwho, I would also suggest you check out ANY game site you visit...BEFORE you actually visit it...even if it is a site you have visited numerous times before

               

              I've experienced a couple of occasions where I have downloaded games without any problems from a game site which wasn't blacklisted or otherwise flagged by any of the sources I use to check out a website. 

               

              Then several months - 1 year later, when I re-visited the websites, I discovered some of the security resources I use (including McAfee's SiteAdvisor) were now flagging the sites for issues ranging from spamming/misleading advertising up to exploits & other serious malware issues.

               

              Some security resources you can use to check out websites you visit include:

               

              - Securi.net

              - VirusTotal

              - URLvoid

              - IPvoid (You need to enter the game site's actual numerical IP address here)

              - hosts-file.net 

              - Web of Trust (aka WOT)

               

              Message was edited by: spc3rd on 11/9/13 6:42:05 AM EST
              • 4. Re: Trying To Find Info On Malware File Titled: Univ.script/99c
                Peter M

                I moved this to Malware Discussions > Home User Assistance  as a possibly better spot for it.