General discussion

VIRUS \ SPYWARE ALERTS - April 1, 2010

Discussion is locked

Follow
Reply to: VIRUS \ SPYWARE ALERTS - April 1, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VIRUS \ SPYWARE ALERTS - April 1, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Mal/VBInject-K
- Collapse -
Mal/FakeAV-CX
- Collapse -
Mal/DelfAgnt-A
- Collapse -
Troj/LspDwg-A
- Collapse -
W32/Tupym-B

Aliases

* W32.SillyFDC
* Worm:Win32/Tupym.A
* Worm.Win32.AutoRun.fnc

Category

* Viruses and Spyware

Type

* Worm


Affected operating systems Windows
Characteristics

* Drops more malware


W32/Tupym-B is a worm for the Windows platform.

W32/Tupym-B includes functionality to:

- copy itself to the <WINDOWS> folder
- run automatically
- copy itself to the <System> folder
- access the internet and communicate with a remote server via HTTP

W32/Tupym-B communicates via HTTP with the following locations:

balu000 . 0catch . com
h1 . ripway . com


When W32/Tupym-B is installed the following files are created:

http://www.sophos.com/security/analyses/viruses-and-spyware/w32tupymb.html

- Collapse -
Mal/Behav-321
- Collapse -
Mal/Dropper-AB

Category

* Viruses and Spyware

Type

* Malicious Behavior


Affected operating systems Windows
Characteristics

* Drops more malware
* Installs itself in the registry


Mal/Dropper-AB is a malicious program for the Windows platform.

Mal/Dropper-AB includes functionality to:

- run automatically
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Mal/Dropper-AB communicates via HTTP with the following locations:

radyonet . de

When Mal/Dropper-AB is installed the following files are created:

<System>\sdra64.exe - copy of self
<System>\lowsec\user.ds - not detectworthy
<System>\lowsec\user.ds.lll - not detectworthy

The following registry entry is changed to run sdra64.exe on startup:

http://www.sophos.com/security/analyses/viruses-and-spyware/maldropperab.html

- Collapse -
Troj/Banker-EXH
- Collapse -
Troj/Banker-EXI

Aliases

* Trojan-Downloader.Win32.Agent.dklx

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Banker-EXI is a Trojan for the Windows platform.

Troj/Banker-EXI includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Banker-EXI communicates via HTTP with the following locations:

sanx04 . hpg . ig . com . br
freetimes . boxvirtual . info

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankerexi.html

- Collapse -
Win32/Oficla.DI
- Collapse -
Win32/FakeAV.CFZ

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Generic FakeAlert!gs (McAfee), Packed.Win32.Katusha.j (Kaspersky), Trojan:Win32/FakeRean (Microsoft)


Description
Win32/FakeAV is a family of Trojans disguised as legitimate anti-virus and anti-spyware software. FakeAV variants prompt the user with false warnings, popups, and fake scan results, and may also download additional malware.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83071

- Collapse -
Win32/Bancos.VPL

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Description
The Win32/Bancos family name is used to describe many varied trojans, which all share one common feature - they attempt to steal sensitive information that can be used to gain unauthorized access to bank accounts via Internet Banking. The name Bancos is representative of the fact that most variants target Brazilian banks. The first Bancos trojan was discovered in 2003, and there are now well over 14,000 distinct variants, with more being discovered every day.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83072

- Collapse -
Win32/SillyDl.VCM
- Collapse -
Win32/FakeAV.CGA

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: QHosts-139 (McAfee), Trojan:Win32/FakeVimes (Microsoft), VirusDoctor (Symantec)


Description
Win32/FakeAV is a family of Trojans disguised as legitimate anti-virus and anti-spyware software. FakeAV variants prompt the user with false warnings, popups, and fake scan results, and may also download additional malware.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83074

- Collapse -
Win32/Iconasp.A

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Generic BackDoor.u (McAfee), Troj/Agent-LOT (Sophos)


Description
Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83075

- Collapse -
Win32/Pigeon.BBPY

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Backdoor.Win32.Hupigon.jgym (Kaspersky), PePatch-poly.a (McAfee)


Description
Win32/Pigeon is a family of multi-component Trojan mainly designed to drop and install a backdoor server to enable remote attacker gain control over an infected system.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83076

- Collapse -
Win32/Tnega.ALM

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Generic.dx!qmg (McAfee), Trojan.Win32.Agent2.cmiw (Kaspersky)


Description
Win32/Tnega is a family of Trojan that drops a malicious DLL component file and connects to a server for its Backdoor routines.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83077

- Collapse -
Win32/SillyAutorun.CXD

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Worm

Category : Win32

Also known as: Suspect-1E!C19F50F9E003 (McAfee), Trojan:Win32/Malex.gen!E (Microsoft), Worm.Win32.AutoRun.hcq (Kaspersky)


Description
Win32/SillyAutorun is a family of self-replicating programs that spreads via removable and physical drives.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83078

- Collapse -
Win32/IrcBot.AFR

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Generic.dx!qfw (McAfee), W32.IRCBot (Symantec)


Description
Win32/IRCBot is a multi-component IRC bot controlled Worm designed to exploit known system vulnerabilities in order to propagate across a network.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83079

- Collapse -
JS/Realpl.A

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category :

Also known as: Exploit.JS.RealPlr.qz (Kaspersky), Exploit:JS/Repl.I (Microsoft)


Description
Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83080

- Collapse -
PHP/Cnshell.A

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category :

Also known as: Backdoor.PHP.C99Shell.cy (Kaspersky), Backdoor:PHP/C99shell.H (Microsoft), PHP.Backdoor.Trojan (Symantec)


Description
Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83081

- Collapse -
Win32/FakeAlert.BFD

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: FakeAlert-MY (McAfee), Packed.Win32.Katusha.j (Kaspersky), Trojan:Win32/FakeRean (Microsoft)


Description
Win32/FakeAlert is a family of Trojans that download other malware such as Win32/FakeAV variants. It can also display fake warnings and messages to deceive the user into installing rogue security products. Some variants inject code into processes and register as a Browser Helper Object. FakeAlert may also modify the wallpaper and screensaver on the compromised machine.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83082

- Collapse -
Win32/Zbot.BBG

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Trojan.Win32.Sasfis.akal (Kaspersky), Trojan.Zbot (Symantec), VirTool:Win32/CeeInject.gen!BV (Microsoft)


Description
Win32/Zbot is a family of Trojans designed to steal sensitive information including users' online banking credentials.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83083

- Collapse -
Win32/Zbot.BBH

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Generic PWS.y!cfv (McAfee), PWS:Win32/Zbot.AH (Microsoft), Trojan.Zbot (Symantec)


Description
Win32/Zbot is a family of Trojans designed to steal sensitive information including users' online banking credentials.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83084

- Collapse -
Win32/Zbot.BBI

Date Published:
1 Apr 2010

Last Updated:
1 Apr 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: PWS:Win32/Zbot.A (Microsoft), Trojan.Zbot (Symantec), Trojan-Spy.Win32.Zbot.pj (Kaspersky)


Description
Win32/Zbot is a family of Trojans designed to steal sensitive information including users' online banking credentials.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=83085

- Collapse -
Backdoor:Win32/Advo

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.982.0
Released: Apr 01, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Advo&ThreatID=-2147336517

- Collapse -
Spammer:Win32/Chopanez
- Collapse -
Trojan:Win32/VB.LN

CNET Forums

Forum Info