Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 14, 2007

by Marianna Schmudlach / March 13, 2007 3:26 PM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 14, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 14, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Looked-CI
by Marianna Schmudlach / March 13, 2007 3:28 PM PDT
Collapse -
JS_FEEBS.JM
by Marianna Schmudlach / March 13, 2007 3:30 PM PDT

Alert ID : FrSIRT/ALRT-2007-01753
Aliases : N/A
Size : Varies
Rated as : Low Risk
Release Date : 2007-03-14


Description

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below. Malware OverviewThis malicious JavaScript is usually embedded in a malicious Web site and is run on a system when a user visits the said Web site.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_FEEBS.JM

Credits

Reported by Trend Micro

Collapse -
Patched-Import.com
by Marianna Schmudlach / March 13, 2007 3:31 PM PDT

Alert ID : FrSIRT/ALRT-2007-01754
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-14


Description

This is a heuristic detection that will get triggered in case a malware tries to hide itself or prevent detection using Import Address Table Patching technique. There are many rootkit's like Qoolaid and Adcliker-BA to name a few that patches IAT of processes in order to stealth. Characteristics If a detection "Patched-Import.com" is found on users' system, it may be possible that a rootkit or a trojan has patched memory for performing malicious activity.

References

http://vil.nai.com/vil/content/v_141721.htm

Credits

Reported by McAfee

Collapse -
Win32/Nirbot Family
by Marianna Schmudlach / March 13, 2007 3:53 PM PDT

Type: Worm

Win32/Nirbot is a family of IRC-controlled backdoors that can be used to gain unauthorized access to a victim's machine. They can also exhibit worm-like functionality by exploiting many different software vulnerabilities, including SYM06-010 and MS06-040.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61701

Collapse -
W32/LCPrank-C
by Marianna Schmudlach / March 14, 2007 12:57 AM PDT
Collapse -
Troj/VidCach-A
by Marianna Schmudlach / March 14, 2007 12:58 AM PDT
Collapse -
W32/Chode-Z
by Marianna Schmudlach / March 14, 2007 1:00 AM PDT
Collapse -
Troj/Agent-EEJ
by Marianna Schmudlach / March 14, 2007 1:01 AM PDT
Collapse -
Troj/Dropper-NY
by Marianna Schmudlach / March 14, 2007 1:02 AM PDT
Collapse -
Troj/Tibs-QT
by Marianna Schmudlach / March 14, 2007 1:03 AM PDT
Collapse -
Troj/Krone-C
by Marianna Schmudlach / March 14, 2007 1:04 AM PDT
Collapse -
Mal/QQPass-A
by Marianna Schmudlach / March 14, 2007 1:06 AM PDT
Collapse -
JS/EncIFra-A
by Marianna Schmudlach / March 14, 2007 1:07 AM PDT
Collapse -
Mal/QQPassDrp-A
by Marianna Schmudlach / March 14, 2007 1:09 AM PDT
Collapse -
Backdoor.Mydopam
by Marianna Schmudlach / March 14, 2007 1:11 AM PDT
Collapse -
W32/Fujacks.dll
by Marianna Schmudlach / March 14, 2007 1:13 AM PDT
Collapse -
W32/HLLP.Philis.hc
by Marianna Schmudlach / March 14, 2007 1:14 AM PDT

W32/HLLP.Philis.hc is a file infecting virus. It searches for executable files on the infected machine to prepend its viral code and due to a bug in virus code it may corrupt the executables. It is also responsible for dropping a .DLL file, which dow...

http://vil.nai.com/vil/content/v_141628.htm

Collapse -
Downloader-AZN.dr
by Marianna Schmudlach / March 14, 2007 1:16 AM PDT

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspe...

http://vil.nai.com/vil/content/v_141719.htm

Collapse -
Downloader-AZN.ini
by Marianna Schmudlach / March 14, 2007 1:17 AM PDT

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspe...

http://vil.nai.com/vil/content/v_141718.htm

Collapse -
Symbian malware, SYMBOS_FEAKS
by Marianna Schmudlach / March 14, 2007 2:14 AM PDT

Similar to SYMBOS_MREX.A, the recently discovered Symbian malware, SYMBOS_FEAKS.A, also affects devices that run on UIQ platform.


UIQ is a software platform or GUI based upon Symbian OS. Like the other Symbian platform S60, it provides additional components to the core operating system, thus enabling compatible mobile devices to run third-party applications.


Currently, there are only a number of devices that support UIQ. Targeting the said devices clearly suggests that the malware author is trying to prove a point, rather than aiming to actually spread the Symbian malware and cause an outbreak.


SYMBOS_FEAKS.A attempts to spread by sending the following SMS message to the affected mobile phone?s contacts:


hey check this link out bye
http://www.{BLOCKED}.ucsb.edu/%7efeakk/feakk.zip


More: http://blog.trendmicro.com/

Collapse -
W32.Looked.BK!gen
by Marianna Schmudlach / March 14, 2007 8:34 AM PDT
Collapse -
W32.Fujacks.BH
by Marianna Schmudlach / March 14, 2007 8:37 AM PDT
Collapse -
W32/Nyxem-H
by Marianna Schmudlach / March 14, 2007 11:13 AM PDT

Type

* Worm

Aliases

* Win32/Nyxem.NAA worm
* WORM_NYXEM.AA
* Email-Worm.Win32.Nyxem.e


W32/Nyxem-H is an email and network worm for the Windows platform.

W32/Nyxem-H includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Nyxem-H may drop an empty file to the Windows system folder with the same name as itself but with a ZIP extension and attempts to open it in order to hide its functionality.

W32/Nyxem-H may periodically attempt to download and run an update of itself.

W32/Nyxem-H tries to terminate and remove selected anti-virus and security related applications and deletes registry entries to prevent applications from running on startup

W32/Nyxem-H is also capable of disabling the mouse and keyboard of the affected system.

W32/Nyxem-H sends itself to email addresses it harvests from files on the infected computer, sending itself as if from one contact to another. The emails sent have the following characteristics:

Subject lines include the following, or may be blank:

More: http://www.sophos.com/security/analyses/w32nyxemh.html

Collapse -
Troj/QQHelp-DW
by Marianna Schmudlach / March 14, 2007 11:15 AM PDT
Collapse -
Troj/QQHelp-Gen
by Marianna Schmudlach / March 14, 2007 11:16 AM PDT

Type

* Trojan

Aliases

* Trojan-Downloader.Win32.Agent.bbb
* Trojan-Downloader.Win32.Agent.bdd

Troj/QQHelp-Gen is a downloader Trojan which will download, install and run advertising software without notification that it is doing so.

Troj/QQHelp-Gen can arrive as a result of web browsing. Visiting certain web sites may initiate the installation of Troj/QQHelp-Gen.

http://www.sophos.com/security/analyses/trojqqhelpgen.html

Collapse -
Troj/Tonick-A
by Marianna Schmudlach / March 14, 2007 11:18 AM PDT
Collapse -
W32/Resik-B
by Marianna Schmudlach / March 14, 2007 11:19 AM PDT
Collapse -
HideXLS
by Marianna Schmudlach / March 14, 2007 11:22 AM PDT

Type Trojan

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

http://vil.nai.com/vil/content/v_141740.htm

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?