Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 6, 2008

by Marianna Schmudlach / February 5, 2008 1:52 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 6, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 6, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-GWA
by Marianna Schmudlach / February 5, 2008 1:54 PM PST

First Report: 2008-02-06

Description:
W32/Rbot-GWA is a worm for the Windows platform. W32/Rbot-GWA spreads  - to computers vulnerable to common exploits, including: ASN.1 (MS04-007) and Symantec (SYM06-010)  - to network shares W32/Rbot-GWA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the comp...

http://www.sophos.com/security/analyses/w32rbotgwa.html

Collapse -
Troj/Dload-BH
by Marianna Schmudlach / February 5, 2008 1:55 PM PST
Collapse -
Troj/DwLdr-B
by Marianna Schmudlach / February 5, 2008 1:56 PM PST

First Report: 2008-02-06

Description:
Troj/DwLdr-B is a Trojan for the Windows platform. Troj/DwLdr-B includes functionality to access the internet and communicate with a remote server via HTTP. Troj/DwLdr-B includes functionality to download, install and run new software.

http://www.sophos.com/security/analyses/trojdwldrb.html

Collapse -
Troj/FakeAV-A
by Marianna Schmudlach / February 5, 2008 1:58 PM PST

First Report: 2008-02-06

Description:
Troj/FakeAV-A is a Trojan for the Windows platform. Troj/FakeAV-A fraudulently reports a users system as infected and will not clean up these fraudulent reports until the users pays and registers the application.

http://www.sophos.com/security/analyses/trojfakeava.html

Collapse -
Troj/BankDL-DF
by Marianna Schmudlach / February 5, 2008 2:00 PM PST
Collapse -
Troj/Dloadr-BIH
by Marianna Schmudlach / February 5, 2008 2:01 PM PST
Collapse -
Troj/PSWSys-A
by Marianna Schmudlach / February 5, 2008 2:02 PM PST
Collapse -
Troj/Agent-GOT
by Marianna Schmudlach / February 5, 2008 2:04 PM PST
Collapse -
Troj/Dload-BG
by Marianna Schmudlach / February 5, 2008 2:05 PM PST

First Report: 2008-02-06

Description:
Troj/Dload-BG is a Trojan for the Windows platform. Troj/Dload-BG includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Dload-BG will attempt to download and execute additional files.

http://www.sophos.com/security/analyses/trojdloadbg.html

Collapse -
Troj/Dloadr-BIG
by Marianna Schmudlach / February 5, 2008 2:07 PM PST

First Report: 2008-02-06

Description:
Troj/Dloadr-BIG is a Trojan for the Windows platform. Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update.

http://www.sophos.com/security/analyses/trojdloadrbig.html

Collapse -
Troj/Bckdr-QLQ
by Marianna Schmudlach / February 5, 2008 2:08 PM PST

First Report: 2008-02-06

Description:
Troj/Bckdr-QLQ is a backdoor Trojan for the Windows platform. Troj/Bckdr-QLQ registers itself as a system service named "Network Connection Service" with the display name "Network Connection Service". Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Network Connection Service <several entries>

http://www.sophos.com/security/analyses/trojbckdrqlq.html

Collapse -
Troj/PcClien-LE
by Marianna Schmudlach / February 5, 2008 2:09 PM PST
Collapse -
IRCFast2 Installer
by Marianna Schmudlach / February 5, 2008 2:11 PM PST
Collapse -
EXPL_EXECOD.A
by Marianna Schmudlach / February 5, 2008 2:17 PM PST

It seems that cyber criminals are hoping to take advantage of the Chinese New Year.

A few hours ago, Trend Micro researchers were alerted to malicious URLs that were supposedly exploiting a certain Chinese gaming application. Research Project Manager Ivan Macalintal was later on able to confirm that these URLs indeed carried lines of code attempting to exploit popular Chinese gaming platform Lianzong.

Thankfully, Trend Micro Web Threat Protection proactively detects this as EXPL_EXECOD.A, and so Trend Micro users have, in fact, already been protected against this threat at the onset.

This exploit resides in a line of code which references an exploitable DLL file. This code downloads a Trojan downloader from a certain URL, which in turn downloads a configuration file from another URL. The said URL contains links to several malicious executables hosted in other domains known to house malware.

More: http://blog.trendmicro.com/

Collapse -
Troj/Banker-EKV
by Marianna Schmudlach / February 5, 2008 11:48 PM PST
Collapse -
Mal/JSClkLnk-A
by Marianna Schmudlach / February 5, 2008 11:49 PM PST
Collapse -
Troj/Bancos-BDU
by Marianna Schmudlach / February 5, 2008 11:51 PM PST
Collapse -
Troj/Bckdr-QLS
by Marianna Schmudlach / February 5, 2008 11:52 PM PST

First Report: 2008-02-06

Description:
Troj/Bckdr-QLS is a Trojan for the Windows platform. Troj/Bckdr-QLS can be used to: - download code from a remote website - act as a spamming tool to send messages to other users via MSN Messenger

http://www.sophos.com/security/analyses/trojbckdrqls.html

Collapse -
Troj/Nuclear-BE
by Marianna Schmudlach / February 5, 2008 11:53 PM PST

First Report: 2008-02-06

Description:
Troj/Nuclear-BE is a backdoor Trojan for the Windows platform that provides an unauthorized remote access to the infected computer. When first run Troj/Nuclear-BE copies itself to <WINDOWS>\NR\example.exe Troj/Nuclear-BE attempts to drop a file which is also dectected as Troj/Nuclear-BE. The dropped file has the capability to take system snapshots,...

http://www.sophos.com/security/analyses/trojnuclearbe.html

Collapse -
Troj/DwnLdr-HAP
by Marianna Schmudlach / February 5, 2008 11:55 PM PST

First Report: 2008-02-06

Description:
Troj/DwnLdr-HAP is a Trojan for the Windows platform. Troj/DwnLdr-HAP includes functionality to access the internet and communicate with a remote server via HTTP. Troj/DwnLdr-HAP also includes functionality to download code from internet along with emailing capabilities.

http://www.sophos.com/security/analyses/trojdwnldrhap.html

Collapse -
Troj/PcClien-LD
by Marianna Schmudlach / February 5, 2008 11:56 PM PST

First Report: 2008-02-06

Description:
Troj/PcClien-LD is a Trojan for the Windows platform. Troj/PcClien-LD includes functionality to access the internet and communicate with a remote server via HTTP. The Trojan also attempts to download files from other remote websites.

http://www.sophos.com/security/analyses/trojpcclienld.html

Collapse -
Troj/DwnLdr-HAR
by Marianna Schmudlach / February 5, 2008 11:57 PM PST

First Report: 2008-02-06

Description:
Troj/DwnLdr-HAR is a Trojan for the Windows platform. Troj/DwnLdr-HAR includes functionality to access the internet and communicate with a remote server via HTTP. Troj/DwnLdr-HAR also includes functionality to start and stop services and processes.

http://www.sophos.com/security/analyses/trojdwnldrhar.html

Collapse -
Troj/DwnLdr-HAQ
by Marianna Schmudlach / February 5, 2008 11:59 PM PST

First Report: 2008-02-06

Description:
Troj/DwnLdr-HAQ is a Trojan for Windows platform. Troj/DwnLdr-HAQ includes functionality to access the internet and communicate with a remote server via HTTP. Troj/DwnLdr-HAQ includes functionality to download, install and run new software.

http://secunia.com/virus_information/44917/dwnldr-haq/

Collapse -
Troj/Uploade-C
by Marianna Schmudlach / February 6, 2008 12:00 AM PST
Collapse -
Troj/Bancos-BDV
by Marianna Schmudlach / February 6, 2008 12:01 AM PST

First Report: 2008-02-06

Description:
Troj/Bancos-BDV is a Trojan for the Windows platform. The following registry entry is set: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run MessengerSharing <Windows>\System32 The Trojan also attempts to overwrite the Windows host file with its own pre-defined hosts file.

http://www.sophos.com/security/analyses/trojbancosbdv.html

Collapse -
Troj/DwnLdr-HAO
by Marianna Schmudlach / February 6, 2008 12:03 AM PST
Collapse -
Troj/DwnLdr-HAT
by Marianna Schmudlach / February 6, 2008 12:04 AM PST
Collapse -
Trojan.Js.Downloader.BDS
by Marianna Schmudlach / February 6, 2008 12:59 AM PST
Collapse -
Adware.Mywebsearch.DV
by Marianna Schmudlach / February 6, 2008 1:01 AM PST

SYMPTOMS:

A toolbar for Internet Explorer named MyWebSearch.
A process with the name "mwsoemon.exe" listed under TaskManager's "Processes" list.
TECHNICAL DESCRIPTION:

The toolbar is an utility bar for searching the net. It uses other known search engines routed through its own site http:\\www.mywebsearch.com. It stores information about search keywords.

More: http://www.bitdefender.com/VIRUS-1000252-en--Adware.Mywebsearch.DV.html

Collapse -
Adware.Mywebsearch.AV
by Marianna Schmudlach / February 6, 2008 1:02 AM PST

SYMPTOMS:

A toolbar for Internet Explorer named MyWebSearch.
A process with the name "mwsoemon.exe" listed under TaskManager's "Processes" list.
TECHNICAL DESCRIPTION:

The toolbar is an utility bar for searching the net. It uses other known search engines routed through its own site http:\\www.mywebsearch.com. It stores information about search keywords.

More: http://www.bitdefender.com/VIRUS-1000253-en--Adware.Mywebsearch.AV.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?