HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 16, 2007

by Marianna Schmudlach / August 15, 2007 3:04 PM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 16, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 16, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloadr-BDB
by Marianna Schmudlach / August 15, 2007 3:05 PM PDT
Collapse -
Troj/PSW-CO
by Marianna Schmudlach / August 15, 2007 3:06 PM PDT
Collapse -
TROJ_AGENT.AATE
by Marianna Schmudlach / August 15, 2007 3:19 PM PDT

First Report: 2007-08-16

Malware type: Trojan

This Trojan is downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it searches for the following legitimate files:

FlashFxp.exe
LeapFtp.exe
It hides these files, and rename them to iEXPLORE.EXE. It then drops its component file, which is also detected as TROJ_AGENT.AATE, on the same folder, and uses the names FLASHFXP.EXE and LEAPFTP.EXE. These routines are intended to trick the users into thinking that they are legitimate files.

When the dropped file is executed, it runs carrying the name of the legitimate files as it does its malicious routines. This makes the user not determine that the actual file running is malicious.

It connects to a certain Web site to download possibly malicious files. As a result, routines of the downloaded files are also exhibited on the affected system.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FAGENT%2EAATE

Collapse -
Troj/DDos-AA
by Marianna Schmudlach / August 16, 2007 12:13 AM PDT
Collapse -
Troj/Dwnldr-GXL
by Marianna Schmudlach / August 16, 2007 12:14 AM PDT
Collapse -
Troj/Banloa-EJ
by Marianna Schmudlach / August 16, 2007 12:15 AM PDT
Collapse -
W32/Sdbot-DHA
by Marianna Schmudlach / August 16, 2007 12:17 AM PDT
Collapse -
Troj/Ntroot-B
by Marianna Schmudlach / August 16, 2007 12:18 AM PDT
Collapse -
W32/Sdbot-DHB
by Marianna Schmudlach / August 16, 2007 12:20 AM PDT
Collapse -
Mal/TinyDL-L
by Marianna Schmudlach / August 16, 2007 12:23 AM PDT

Type Malicious Behavior

Side effects Downloads code from the internet

Aliases Trojan-Downloader.Win32.Small.ezc

Mal/TinyDL-L is a family of downloader Trojans for the Windows platform

Protection available since 16 August 2007

http://www.sophos.com/security/analyses/maltinydll.html

Collapse -
Sus/ComPack-D
by Marianna Schmudlach / August 16, 2007 12:24 AM PDT

Type Suspicious files

Sus/ComPack-D has been protected with a commercially available packing/
encrypting utility. Please send a sample to Sophos support if this file
is not part of a known installation.

Protection available since 16 August 2007

http://www.sophos.com/security/analyses/suscompackd.html

Collapse -
W32/Pahati.worm
by Marianna Schmudlach / August 16, 2007 12:49 AM PDT

First Report: 2007-08-16

Aliases: TR/Agent.VB.CA
Trojan.Agent.VB.CA
Virus.Win32.VB.ef
W32/Pahati.worm
W32/VB.EF
Win32/VB.NKT
Worm.VB.amk
Worm.Win32.VB.NKT
Worm/VB.BDI

Description:
Detection was added to cover protection against a worm originally called "word32.exe" , having a filesize of 32.768 bytes.

http://vil.nai.com/vil/content/v_142962.htm

Collapse -
BackDoor-DMD
by Marianna Schmudlach / August 16, 2007 12:51 AM PDT

First Report: 2007-08-16

Aliases: BackDoor-DMD
BackDoor.Generic.1411
Generic2.SDA
TR/Genlot.WY
Trj/VB.SP
Trojan.Genlot.WY
Trojan.VB.wiv

Description:
Detection was added to cover protection against a backdoor trojan originally called "mspass.exe" , having a filesize of 108.032 bytes.

http://vil.nai.com/vil/content/v_142963.htm

Collapse -
Spyware.PCPandora
by Marianna Schmudlach / August 16, 2007 12:53 AM PDT
Collapse -
TROJ_SMALL.ITG
by Marianna Schmudlach / August 16, 2007 12:55 AM PDT
Collapse -
Trojan:SymbOS/Fontal
by Marianna Schmudlach / August 16, 2007 12:59 AM PDT
Collapse -
Spyware.CheaterChecker
by Marianna Schmudlach / August 16, 2007 1:27 AM PDT
Collapse -
A sandwich virus
by Marianna Schmudlach / August 16, 2007 1:29 AM PDT

16 August 2007

One of the simplest methods of file infection is to put the virus at the start of the file, leaving the host at the end. A less common way is to put the host first and save the virus at the end. W32/Kies-A does both.

A Kies-infected file starts with a virus executable, followed by the stored host, and finally another virus executable.

The first part of the virus extracts the host and other component to the current folder in order to run both. It also deals with connecting to the internet, in order to ring home and download more files.
The host gets run, but without any command line arguments, so it may not always work as the user intended.
The second part of the virus performs the infection routine, searching for executables on the local drive and network shares.

More: http://www.sophos.com/security/blog/2007/08/497.html

Collapse -
Troj/Banker-EIT
by Marianna Schmudlach / August 16, 2007 5:46 AM PDT
Collapse -
Mal/Dropper-M
by Marianna Schmudlach / August 16, 2007 5:47 AM PDT
Collapse -
Mal/Dorf-E
by Marianna Schmudlach / August 16, 2007 5:48 AM PDT
Collapse -
Mal/Banspy-E
by Marianna Schmudlach / August 16, 2007 5:50 AM PDT
Collapse -
Infostealer.Monstres
by Marianna Schmudlach / August 16, 2007 5:54 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.