Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 31, 2007

by Marianna Schmudlach / January 30, 2007 2:19 PM PST

W32/Fujacks-M

Type Virus

Aliases WORM_FUJACK.H

W32/Fujacks-M is an attempted virus and worm with backdoor functionality for the Windows platform.

W32/Fujacks-M spreads to other network computers.

W32/Fujacks-M runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Fujacks-M includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/security/analyses/w32fujacksm.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 31, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 31, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Rbot-GCY
by Marianna Schmudlach / January 30, 2007 2:21 PM PST
Collapse -
Troj/Zlob-YV
by Marianna Schmudlach / January 30, 2007 2:22 PM PST
Collapse -
Troj/PWS-AEY
by Marianna Schmudlach / January 30, 2007 2:24 PM PST
Collapse -
Trojan.Mdropper.X
by Marianna Schmudlach / January 30, 2007 2:38 PM PST
Collapse -
W32/Bobandy-F
by Marianna Schmudlach / January 30, 2007 11:35 PM PST
Collapse -
Mal/BenDl-A
by Marianna Schmudlach / January 30, 2007 11:37 PM PST

Type Malicious Behavior

Mal/BenDl-A is a family of downloader Trojans for the Windows platform.

Once running, Mal/BenDl-A has the functionality to connect to a remote server and download other content, executing it on the victim's computer.

http://www.sophos.com/virusinfo/analyses/malbendla.html

Collapse -
Troj/Banloa-ATI
by Marianna Schmudlach / January 30, 2007 11:38 PM PST
Collapse -
Troj/Banloa-BC
by Marianna Schmudlach / January 30, 2007 11:39 PM PST
Collapse -
Troj/Delf-DZY
by Marianna Schmudlach / January 30, 2007 11:40 PM PST
Collapse -
Troj/Oscor-J
by Marianna Schmudlach / January 30, 2007 11:41 PM PST
Collapse -
W32/Fujacks-Y
by Marianna Schmudlach / January 30, 2007 11:42 PM PST
Collapse -
Troj/Clagger-AT
by Marianna Schmudlach / January 30, 2007 11:44 PM PST
Collapse -
W32/Dref-Y
by Marianna Schmudlach / January 31, 2007 12:29 AM PST

Type Worm

Aliases Email-Worm.Win32.Zhelatin.k
Win32/Nuwar.gen
Tibs

W32/Dref-Y is a virus with mass-mailing capabilities.

Messages sent by the worm have the following characteristics:

Subject: chosen at random from a list

Attachment name: chosen at random from a list including

Postcard.exe
Greeting Card.exe
Greeting Postcard.exe
Flash Postcard.exe

W32/Dref-Y terminates several anti-virus applications as well as the registry editor.

http://www.sophos.com/security/analyses/w32drefy.html

Collapse -
Mal/Psyme-A
by Marianna Schmudlach / January 31, 2007 12:30 AM PST
Collapse -
Mal/JSShell-A
by Marianna Schmudlach / January 31, 2007 12:31 AM PST
Collapse -
W32/VB-CXA
by Marianna Schmudlach / January 31, 2007 12:32 AM PST
Collapse -
W32/VB-CXC
by Marianna Schmudlach / January 31, 2007 12:33 AM PST
Collapse -
Perlovga.A
by Marianna Schmudlach / January 31, 2007 12:39 AM PST

Alias: Virus.Win32.Perlovga.a, W32/Perlovga
Type: Virus
Category: Virus

Summary
Perlovga.A copies itself to the Windows folder.

Detailed Description
Upon execution, Perlovga.a acquires the drive letter from which the file is executed. It then opens the root folder of that drive and copies itself as xcopy.exe to the %windir%\xcopy.exe. It then copies the file host.exe from the root drive of the current drive to %windir%\svchost.exe.

It then copies autorun.inf from the rot drive of the current directory as %windir%\autorun.inf, executes the file %windir%\svchost.exe and then exits.

For more details, read about it on our blog at http://www.f-secure.com/weblog/archives/archive-012007.html#00001097

Collapse -
Small.QP
by Marianna Schmudlach / January 31, 2007 12:42 AM PST

Alias: Trojan-Dropper:W32/Small.qp, Trojan-Dropper.Win32.Small.qp
Type: Trojan-Dropper
Category: Trojan

Summary
Small.QP copies itself to the Windows folder and attempts to download and install other malware to the system.

Detailed Description
Upon execution, this malware creates the mutex _Win_Loader_ to ensure that only one instance of itself is running in memory.

http://www.f-secure.com/v-descs/small_qp.shtml

Collapse -
W32/Waspy-A
by Marianna Schmudlach / January 31, 2007 5:48 AM PST

Type Worm

Aliases Virus.Win32.VB.cx

W32/Waspy-A is a worm for the Windows platform.

W32/Waspy-A spreads by copying itself to folders found on locally accessible drives. The worm may also overwrite files with any of the following file extensions with a harmless data file:

.html
.txt
.doc
.xls
.cpp
.htm

http://www.sophos.com/security/analyses/w32waspya.html

Collapse -
Troj/Agent-EBJ
by Marianna Schmudlach / January 31, 2007 5:49 AM PST
Collapse -
Troj/Proxy-FZ
by Marianna Schmudlach / January 31, 2007 5:50 AM PST
Collapse -
W32/Rbot-GCZ
by Marianna Schmudlach / January 31, 2007 5:52 AM PST

Type Worm

W32/Rbot-GCZ is a worm and backdoor Trojan for the Windows platform.

W32/Rbot-GCZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgcz.html

Collapse -
Troj/WowPWS-AR
by Marianna Schmudlach / January 31, 2007 5:53 AM PST
Collapse -
Mal/Dial-A
by Marianna Schmudlach / January 31, 2007 5:55 AM PST
Collapse -
Trojan.Killwma
by Marianna Schmudlach / January 31, 2007 7:53 AM PST
Collapse -
W32.Reploret
by Marianna Schmudlach / January 31, 2007 7:55 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?