Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - April 8, 2010

by Marianna Schmudlach / April 8, 2010 6:42 AM PDT

Troj/Zbot-NV
Aliases

* VirTool:Win32/Obfuscator.GQ
* W32/Bancos.ANGT
* Generic PWS.ew trojan
* Backdoor.Trojan
* Trojan-Spy.Win32.Zbot.afhi

Category

* Viruses and Spyware

Type

* Trojan

Affected operating systems Windows
Protection available since 8 April 2010 18:22:07 (GMT)

roj/Zbot-NV is a Trojan for the Windows platform.

Troj/Zbot-NV includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
- access the internet and communicate with a remote server via HTTP

Troj/Zbot-NV communicates via HTTP with the following locations:

windows-update . cn


When Troj/Zbot-NV is installed the following files are created:

<System>\lowsec\local.ds
<System>\lowsec\user.ds
<System>\lowsec\user.ds.lll
<System>\sdra64.exe

Registry entries are set as follows:

more: http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotnv.html?_log_from=rss

Post a reply
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - April 8, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - April 8, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/VBorn-Gen
by Marianna Schmudlach / April 8, 2010 6:43 AM PDT
Collapse -
Troj/DwnLdr-IDA
by Marianna Schmudlach / April 8, 2010 6:44 AM PDT

Aliases

* TR/Spy.Banker.Gen
* Mal_Banker

Category

* Viruses and Spyware

Type

* Trojan

Affected operating systems Windows
Protection available since 8 April 2010 18:22:07 (GMT)

Troj/DwnLdr-IDA is a Trojan for the Windows platform.

Troj/DwnLdr-IDA includes functionality to download, install and run new software.

Troj/DwnLdr-IDA communicates via HTTP with the following locations:

qualimedsaude . com . br
loga . hit-parade . com
ecarteweb . com


Registry entries are created under:

HKLM\SOFTWARE\Microsoft\DownloadManager
HKCU\Software\Enigma Protector

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrida.html?_log_from=rss

Collapse -
Troj/Daonol-H
by Marianna Schmudlach / April 8, 2010 6:44 AM PDT
Collapse -
Troj/Bredo-BV
by Marianna Schmudlach / April 8, 2010 6:45 AM PDT
Collapse -
Troj/Agent-MXA
by Marianna Schmudlach / April 8, 2010 6:46 AM PDT
Collapse -
Troj/Agent-MWY
by Marianna Schmudlach / April 8, 2010 6:47 AM PDT
Collapse -
Mal/VBInject-Q
by Marianna Schmudlach / April 8, 2010 6:47 AM PDT
Collapse -
Mal/Kilo-A
by Marianna Schmudlach / April 8, 2010 6:48 AM PDT
Collapse -
Mal/Bckdr-G
by Marianna Schmudlach / April 8, 2010 6:49 AM PDT
Collapse -
NSPServer
by Marianna Schmudlach / April 8, 2010 6:50 AM PDT
Collapse -
VirtuaGirl2 Installer
by Marianna Schmudlach / April 8, 2010 6:51 AM PDT
Collapse -
Worm:VBS/Autorun.BC
by Marianna Schmudlach / April 8, 2010 6:52 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:VBS/Autorun.BC&ThreatID=-2147334730

Collapse -
Worm:Win32/Autorun.WU
by Marianna Schmudlach / April 8, 2010 6:53 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Autorun.WU&ThreatID=-2147334729

Collapse -
Trojan:Win32/Delfbus.A
by Marianna Schmudlach / April 8, 2010 6:54 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delfbus.A&ThreatID=-2147334739

Collapse -
TrojanDropper:Win32/Duberath.A
by Marianna Schmudlach / April 8, 2010 6:55 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Duberath.A&ThreatID=-2147334737

Collapse -
Trojan:Win32/Duberath.B
by Marianna Schmudlach / April 8, 2010 6:56 AM PDT
Collapse -
Trojan:Win32/Palevo.A
by Marianna Schmudlach / April 8, 2010 6:57 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Palevo.A&ThreatID=-2147334738

Collapse -
TrojanDownloader:Win32/Parkchicers.A
by Marianna Schmudlach / April 8, 2010 6:58 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Parkchicers.A&ThreatID=-2147334733

Collapse -
TrojanDownloader:Win32/Parkchicers.B
by Marianna Schmudlach / April 8, 2010 6:59 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Parkchicers.B&ThreatID=-2147334732

Collapse -
TrojanDownloader:Win32/Parkchicers.C
by Marianna Schmudlach / April 8, 2010 6:59 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Parkchicers.C&ThreatID=-2147334731

Collapse -
Worm:Win32/Pushbot.QZ
by Marianna Schmudlach / April 8, 2010 7:00 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

More details are available in the Family description of Win32/Pushbot

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Pushbot.QZ&ThreatID=-2147334727

Collapse -
TrojanDownloader:Win32/Renos.KO
by Marianna Schmudlach / April 8, 2010 7:01 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
TrojanDownloader:Win32/Renos.KO is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Renos.KO&ThreatID=-2147335891

Collapse -
VirTool:Win32/VBInject.EY
by Marianna Schmudlach / April 8, 2010 7:02 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/VBInject.EY&ThreatID=-2147334728

Collapse -
Trojan:Win32/Vbsnap.A
by Marianna Schmudlach / April 8, 2010 7:03 AM PDT

Encyclopedia entry
Published: Apr 08, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1432.0
Released: Apr 08, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Vbsnap.A&ThreatID=-2147334740

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.