Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS \ Spyware ALERTS - April 25, 2008

by Marianna Schmudlach / April 24, 2008 11:59 PM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS \ Spyware ALERTS - April 25, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS \ Spyware ALERTS - April 25, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
TROJ_TIBS.AYH
by Marianna Schmudlach / April 25, 2008 12:01 AM PDT
Collapse -
Troj/XRootMod-A
by Marianna Schmudlach / April 25, 2008 12:02 AM PDT
Collapse -
Mal/ObfJS-AJ
by Marianna Schmudlach / April 25, 2008 12:04 AM PDT
Collapse -
Troj/Bckdr-QNE
by Marianna Schmudlach / April 25, 2008 12:05 AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Bckdr-QNE is a Trojan for the Windows platform.

When run Troj/Bckdr-QNE copies itself to <System>\msxbde40.exe and sets the following registry entry:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0A3ECD5-B001-AD79-5DBC-C7988C8EEBC4}
StubPath
<System>\msxbde40.exe

The Trojan also creates the file <System>\msxbde40. This file can be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqne.html

Collapse -
Troj/Mdrop-BRY
by Marianna Schmudlach / April 25, 2008 12:06 AM PDT
Collapse -
PE_SALITY.M
by Marianna Schmudlach / April 25, 2008 12:08 AM PDT

Description:
This file infector may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. It infects by appending its code to target host files. It infects specific files. It avoids folders with certain strings. It drops a file, which is detected by Trend Micro as TROJ_AGENT.XOO. It then executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. It terminates certain services if found on the system. It also deletes certain registry keys, most of which are related to antivirus and security applications. The said routine makes it difficult to remove this malware from the affected system. It creates mutex(es) to ensure that only one instance of itself is running in memory. It downloads files, which are detected by Trend Micro as TSPY_AGENT.AMEZ, from certain URLs. The downloaded files are executed on the affected machine, thus, routines of the downloaded files are also exhibited on the affected system.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE%5FSALITY%2EM

Collapse -
TROJ_SHEZAN.C
by Marianna Schmudlach / April 25, 2008 1:32 AM PDT
Collapse -
Trojan-Downloader.Win32.Small.tor
by Marianna Schmudlach / April 25, 2008 2:39 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1897 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313429

Collapse -
Trojan-Downloader.Win32.Small.tne
by Marianna Schmudlach / April 25, 2008 2:40 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1913 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313428

Collapse -
Trojan-Downloader.Win32.Small.tnd
by Marianna Schmudlach / April 25, 2008 2:41 AM PDT

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1901 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313427

Collapse -
Troj/BackDr-V
by Marianna Schmudlach / April 25, 2008 2:42 AM PDT
Collapse -
Troj/Agent-GXC
by Marianna Schmudlach / April 25, 2008 2:44 AM PDT
Collapse -
Troj/MDrop-BRZ
by Marianna Schmudlach / April 25, 2008 2:45 AM PDT
Collapse -
Troj/Hosts-D
by Marianna Schmudlach / April 25, 2008 2:46 AM PDT
Collapse -
Troj/Banker-ELJ
by Marianna Schmudlach / April 25, 2008 2:48 AM PDT
Collapse -
Ophcrack Password Cracker Installer
by Marianna Schmudlach / April 25, 2008 2:49 AM PDT
Collapse -
Ophcrack Password Cracker
by Marianna Schmudlach / April 25, 2008 2:50 AM PDT
Collapse -
Relytec Key Logger Setup
by Marianna Schmudlach / April 25, 2008 2:51 AM PDT
Collapse -
Trojan-Spy.Win32.Iespy.od
by Marianna Schmudlach / April 25, 2008 8:04 AM PDT

Technical details

This malicious program is a Trojan. It is a Windows PE EXE file. It is 7205 bytes in size. It is packed using FSG. The unpacked file is approximately 40KB in size. It is written in C++.

Payload

This Trojan uses a BHO object during installation.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313436

Collapse -
Trojan-Spy.Win32.Iespy.oc.oc
by Marianna Schmudlach / April 25, 2008 8:06 AM PDT

Technical details

This malicious program is a Trojan. It is a Windows PE EXE file. It is 7241 bytes in size. It is packed using FSG. The unpacked file is approximately 40KB in size. It is written in C++.

Payload

This Trojan uses a BHO object during installation.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313435

Collapse -
Trojan-Downloader.Win32.Zanoza.gi
by Marianna Schmudlach / April 25, 2008 8:07 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1893 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

Payload

Once launched, the Trojan launches a system process called "svchost.exe" and injects its code into the address space of this process. The Trojan code downloads four files from the following links:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313434

Collapse -
Trojan-Downloader.Win32.Zanoza.ey
by Marianna Schmudlach / April 25, 2008 8:08 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1897 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

Payload

Once launched, the Trojan launches a system process called "svchost.exe" and injects its code into the address space of this process. The Trojan code downloads four files from the following links:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313433

Collapse -
Trojan-Downloader.VBS.Agent.ch
by Marianna Schmudlach / April 25, 2008 8:10 AM PDT

Technical details

This Trojan downloads other files via the Internet and launches them for execution on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 18716 bytes in size.

Payload

Once launched, the Trojan injects its code into the memory of the process which has the following mutex in the system registry:

{BD96C556-65A3-11D0-983A-00C04FC29E36}
The Trojan then uses a vulnerability in the Microsoft.XMLHTTP ActiveX component to download a file from the following URL:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=162691

Collapse -
Trojan-Downloader.VBS.Agent.cd
by Marianna Schmudlach / April 25, 2008 8:11 AM PDT

Technical details

This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user?s knowledge or consent. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 4774 bytes in size.

Payload

Once launched, the Trojan injects its code into the memory of the process which has the following mutex in the system registry:

{BD96C556-65A3-11D0-983A-00C04FC29E36}
The Trojan then uses a vulnerability in the Microsoft.XMLHTTP ActiveX component to download a file from the following URL:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=162030

Collapse -
Trojan-Downloader.VBS.Agent.bk
by Marianna Schmudlach / April 25, 2008 8:13 AM PDT

Technical details

This Trojan downloads other files via the Internet and launches them for execution on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 1238 bytes in size.

Payload

Once launched, the Trojan injects its code into the memory of the process which has the following mutex in the system registry:

{BD96C556-65A3-11D0-983A-00C04FC29E36}
The Trojan then uses a vulnerability in the Microsoft.XMLHTTP ActiveX component to download a file from the following URL:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=160279

Collapse -
Trojan-Downloader.Win32.Zanoza.bf
by Marianna Schmudlach / April 25, 2008 8:14 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1893 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

Payload

Once launched, the Trojan launches a system process called "svchost.exe" and injects its code into the address space of this process. The Trojan code downloads four files from the following links:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=274091

Collapse -
Trojan-Downloader.Win32.Tiny.aly
by Marianna Schmudlach / April 25, 2008 8:16 AM PDT

Technical details

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1877 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

Payload

Once launched, the Trojan launches a system process called "svchost.exe" and injects its code into the address space of this process. The Trojan code downloads two files from the following links:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313432

Collapse -
Trojan-Downloader.Win32.Small.tot.tot
by Marianna Schmudlach / April 25, 2008 8:17 AM PDT

This Trojan downloads other programs to the victim machine via the Internet and launches them for execution without the user's knowledge or consent. It is a Windows PE EXE file. It is 1929 bytes in size. It is packed using FSG. The unpacked file is approximately 14KB in size. It is written in C++.

Payload

Once launched, the Trojan launches a system process called "svchost.exe" and injects its code into the address space of this process. The Trojan code downloads four files from the following links:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=313431

Collapse -
W32/Sdbot.worm!54D1EEB9
by Marianna Schmudlach / April 25, 2008 8:19 AM PDT

Type Internet Worm

Internet Relay Chat Worm

Overview -

W32/Sdbot.worm!54D1EEB9 is an internet relay chat controlled backdoor, which provides an attacker with unauthorized remote access to the compromised computer. An attacker can gain control over the compromised computer and use it to send spam, install adware or launch a DDos attack on internet systems.

There are multiple versions of the W32/Sdbot family of worms that use IRC (Internet Relay Chat) as a command and control mechanism. Such worms typically use exploits and weak password to spread to vulnerable machines on the network.

http://vil.mcafeesecurity.com/vil/content/v_144458.htm

Collapse -
W32/Allaple-F
by Marianna Schmudlach / April 25, 2008 8:28 AM PDT

Aliases Net-Worm.Win32.Allaple.e
W32.Rahack.W
Worm:Win32/Allaple.A
WORM_ALLAPLE.IK
W32/RAHack virus
W32/Virut.W

Category Viruses and Spyware

Type Worm

W32/Allaple-F is a worm for the Windows platform.

W32/Allaple-F spreads to other network computers protected by weak passwords.

When first run W32/Allaple-F moves itself to the Windows system folder with a randomly generated filename and registers itself as a new file system driver service named "MSWindows", with a display name of "Network Windows Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\MSWindows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32allaplef.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.