Name: OpenSetream Category: Spyware Alias: Java.OpenSetream, Shinwow, TrojanDownloader.Java.OpenSetream.c, JS/Shinwow, Trojan.ByteVerify Advice: Remove Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Description: OpenSetream is a trojan that downloads a variant of another trojan to the affected computer. This variant then downloads and runs other malware, especially spyware and adware programs. The affected computer slows down, which impedes normal work. OpenSetream modifies the home page of the browser Internet Explorer. OpenSetream creates the following files: TWAMP0D1.EXE, D.EXE, PR.EXE, CHILD.EXE and MSLOAD.EXE in the Windows Desktop. Other files and icons, such as FREE XXX, ¡PROTECT YOUR DATA, DOMAINS, ACCESS, MAP.TXT, etc. OpenSetream is downloaded to the affected computer when certain web pages are accessed. It reaches the computer in a file called LOADERADVX.JAR, where X stands for a random number that could have several digits. The file inside the JAR file is called MATRIX.CLASS. Signatures: process: twmp0d1.exe: MD5 Hash: d5338228b7c92ebd1cc... process: twmp0d1.exe: MD5 Hash: 28770fd1231c88c34cc... process: random.exe: MD5 Hash: 32c232d4a57ecc379f1... process: slx.exe: MD5 Hash: 20d0f4357fe9a84f8e6... process: lmlecgci.exe: MD5 Hash: 8bc292df6dc01940f53... process: msload.exe: MD5 Hash: 51b3630ad09b53c24dd.. Type: Spyware - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.