Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 20, 2007

Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 20, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 20, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mal/Busboy-A

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Troj/Drop-C

In reply to: VIRUS ALERTS - December 20, 2007

Name Troj/Drop-C
Type Trojan

Affected operating systems Windows

Side effects Installs itself in the Registry
Installs a browser helper object

Aliases Trojan-Dropper.Win32.Agent.deg

Protection available since 20 December 2007

http://www.sophos.com/security/analyses/trojdropc.html

Collapse -
W32/Busboy-B

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Troj/Soleno-F

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
ErrorInspector

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Troj/BDoor-AIY

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
W32/Sdbot-DJK

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
WinFixer Downloader

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Troj/Agent-GJQ

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Mal/Emogen-T

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Mal/Emogen-V

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
WM97/Odious-Fam

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
Troj/Lineag-CU

In reply to: VIRUS ALERTS - December 20, 2007

Name Troj/Lineag-CU
Type Spyware Trojan

Affected operating systems Windows

Side effects Steals information
Installs itself in the Registry
Leaves non-infected files on computer
Monitors system activity

Protection available since 20 December 2007

http://www.sophos.com/security/analyses/trojlineagcu.html

Collapse -
Worm.Win32.Huhk.c. ... Kaspersky

In reply to: VIRUS ALERTS - December 20, 2007

False alarm triggered by Kaspersky paralyses Windows computers

Russian anti-virus vendor Kaspersky distributed a virus signature update last night that identifies the explorer.exe file ? which, among other things, provides users with the Windows desktop ? as Worm.Win32.Huhk.c. This prompted several users of the software and of anti-virus software based on it, for example Gdata, to permanently remove the file. However, this causes the system to become inoperable after a reboot.

The situation is particularly likely to occur if Windows File Protection has been deactivated and Windows can't automatically restore explorer.exe. In addition, users may have deleted all copies of the file on their system, which would also result in Windows not being able to restore the file. In this case, however, Windows could be successfully recovered from the Windows installation CD by retrieving the file either through the recovery console or the emergency installation.

More: http://www.heise-security.co.uk/news/100926

Collapse -
Antivirus protection worse than a year ago

In reply to: VIRUS ALERTS - December 20, 2007

The effectiveness of antivirus software has fallen off, and more and more pests can now slip past these barriers. This is the sobering conclusion the german computer magazine c't comes to in issue 1/08 with a test on 17 antivirus solutions. For the first time, c't also tested the behavioural blocking system they use.

In standard tests, the virus scanners have to recognize known malware. When tested by c't with more than a million pests that have appeared over the last six months, Avira Antivir and Gdata Antivirus 2008 identified over 99 per cent by their signatures, but Avast, AVG Anti Malware and BitDefender also achieved very good results.

More: http://www.heise-security.co.uk/news/100900

Collapse -
QHosts-95

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
EXPL_REALPLAY.H

In reply to: VIRUS ALERTS - December 20, 2007

First Report: 2007-12-20

Malware type: Exploit

Malware Overview

This exploit is hosted on a Web site and runs when a user accesses the said Web site.

It takes advantage of a known vulnerability in several versions of the media player RealPlayer that causes a stack overflow and allows the download of possibly malicious files on the affected system. More information on this vulnerability can be found on this Web page.

Once this exploit successfully uses the said vulnerability, it connects to a certain URL to download a malicious file detected by Trend Micro as PE_MUMAWOW.AO-O. As a result, malicious routines of the downloaded file may be exhibited on the affected system.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=EXPL%5FREALPLAY%2EH

Collapse -
W32/SillyFDC-BQ. - Definitely Not Shakespeare

In reply to: VIRUS ALERTS - December 20, 2007

We at SophosLabs encountered a new variant of the W32/SillyFDC family of worms today, detected as W32/SillyFDC-BQ.

Besides its usual habits of spreading via removable drives, masquerading as a Microsoft file and terminating Internet security applications, this variant also modifies one of the the registry entries inside

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

with a rather unusual message. As a result, when the user logs into the infected computer, a message box appears on the screen with a title of:

?Kaget ya mas, Santai mas, santai!!!!!!!!!!! - Angelo425″

and the following message:

?Woman?s heart is like deep ocean to keep their secret

Although love is like mbhuerruh things ruwet semrawut

but this is ?.

ANGELO425?.By : AnkrinkComClbbr?

What?s next, Shakespeare?

http://www.sophos.com/security/blog/2007/12/905.html

Collapse -
another Troj/Pushdo-Gen malware spamming

In reply to: VIRUS ALERTS - December 20, 2007

Don't do Pushdo
As the year comes to an end we see another Troj/Pushdo-Gen malware spamming. Traditionally, we have seen these Pushdo spamming on Wednesdays will we see another next Wednesday on Boxing/St Stephen?s Day?

My colleague who is working that day will not be too bothered because we have been proactively detecting Troj/Pushdo-Gen for months now.

Our automation systems spotted this wave of Troj/Pushdo-Gen hitting our spamtraps last night.

As ever, the messages reference a selection of female celebrities, for example our friend Angelina in the example below:

More: http://www.sophos.com/security/blog/2007/12/906.html

Collapse -
Troj/Agent-GJR

In reply to: VIRUS ALERTS - December 20, 2007

Collapse -
VBS/Edibara-B

In reply to: VIRUS ALERTS - December 20, 2007

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!