HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - April 15, 2008

by Marianna Schmudlach / April 14, 2008 11:27 AM PDT

Troj/KeyLog-KC


Category Viruses and Spyware

Type Trojan

Troj/KeyLog-KC is a keylogging Trojan for the Windows platform.

When run Troj/KeyLog-KC copies itself to <System>\mswebdvd.exe and sets the following registry entry:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{A8E168B0-53E9-A03B-E681-0E6C17A0EFBF}
StubPath
<System>\mswebdvd.exe

Troj/KeyLog-KC records keystrokes and stores the information to <System>\mswebdvd. Thils file can be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeylogkc.html

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - April 15, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - April 15, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
NetTool.Win32.Calc-Dnet.g
by Marianna Schmudlach / April 14, 2008 2:34 PM PDT

Type: Riskware
Category: Riskware
Platform: W32
Author: Distributed Computing Technologies, Inc.
Website: http://www.distributed.net/

Summary
NetTool.Win32.Calc-Dnet is a detection for distributed.net clients. It is a legitimate software that may be dropped by malware without authorization. If you have deliberately installed the software that is being detected as Riskware then you may exclude the application's folder from scans.

http://www.f-secure.com/sw-desc/nettool_win32_calc-dnet_g.shtml

Collapse -
BackDoor-CRX
by Marianna Schmudlach / April 14, 2008 4:08 PM PDT

Type Trojan

SubType Remote Access

Overview -

BackDoor-CRX trojan provides remote access capabilities to an attacker by opening a backdoor on the compromised machine

Aliases
Trojan.Dropper (Symantec) TrojanDownloader:Win32/DlRhifrem.gen!A (Microsoft)
Characteristics
Characteristics -

This trojan pretends to be an Acrobat install program , with the file name "Acrobat.exe" and the fake icon .

http://vil.mcafeesecurity.com/vil/content/v_133747.htm

Collapse -
W32/SillyFDC-CG
by Marianna Schmudlach / April 14, 2008 4:10 PM PDT
Collapse -
Troj/DwnLdr-HCJ
by Marianna Schmudlach / April 14, 2008 4:11 PM PDT
Collapse -
Troj/Dwnldr-HCI
by Marianna Schmudlach / April 14, 2008 4:12 PM PDT
Collapse -
W32/SillyFDC-CH
by Marianna Schmudlach / April 15, 2008 12:54 AM PDT
Collapse -
W32/Gach-A
by Marianna Schmudlach / April 15, 2008 12:55 AM PDT
Collapse -
Troj/Dwnldr-HCK
by Marianna Schmudlach / April 15, 2008 12:56 AM PDT

Aliases TSPY_ONLINEG.IA

Category Viruses and Spyware

Type Trojan

Troj/Dwnldr-HCK is a Trojan for the Windows platform.

Troj/Dwnldr-HCK includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Dwnldr-HCK copies itself to <Program Files>\Internet Explorer\smss.exe.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhck.html

Collapse -
System Ordnare
by Marianna Schmudlach / April 15, 2008 12:57 AM PDT
Collapse -
Troj/Agent-GWE
by Marianna Schmudlach / April 15, 2008 1:58 AM PDT

Aliases Trojan-PSW.Win32.LdPinch.fbq

Category Viruses and Spyware

Type Trojan

Troj/Agent-GWE is a Trojan for the Windows platform.

When first run Troj/Agent-GWE copies itself to <System>\temp.exe.

The following registry entries are created to run temp.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Bandook
<System>\temp.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}
StubPath
<System>\temp.exe

Registry entries are created under:

HKCU\Software\Microsoft

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentgwe.html

Collapse -
Troj/Agent-GWD
by Marianna Schmudlach / April 15, 2008 1:59 AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Agent-GWD is a Trojan for the Windows platform.

Troj/Agent-GWD includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Agent-GWD copies itself to <User>\Application Data\ivqtsfel\atulabov.exe.

The following registry entry is created to run atulabov.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
a9z1eizA1e
<User>\Application Data\ivqtsfel\atulabov.exe

Registry entries are created under:

HKCU\Software\Uninstall

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentgwd.html

Collapse -
Troj/Downld-W
by Marianna Schmudlach / April 15, 2008 2:01 AM PDT
Collapse -
Troj/Bdoor-AKJ
by Marianna Schmudlach / April 15, 2008 2:02 AM PDT
Collapse -
Troj/Agent-GWF
by Marianna Schmudlach / April 15, 2008 2:03 AM PDT
Collapse -
Malware writers cash in on Olympics
by Marianna Schmudlach / April 15, 2008 2:06 AM PDT

Rootkit-laden video is latest to exploit Tibet protests

Written by Shaun Nichols in California

vnunet.com, 15 Apr 2008

A video file laced with a malicious rootkit is the latest attempt by hackers to cash in on the Beijing Olympics.

The video appears to be a simple protest cartoon packaged in an executable file. But the 'Race for Tibet' movie also contains a piece of key-logging malware that installs itself as a driver.

The cartoon shows a Chinese gymnast performing in an event along with images from the recent riots and government crackdowns in Tibet. The user is then urged to join a 'race for Tibet' protest.

More: http://www.vnunet.com/vnunet/news/2214282/malware-writers-race-cash

Collapse -
W32/SillyFDC-CG.- Another Day Another Worm With A Love Messa
by Marianna Schmudlach / April 15, 2008 2:09 AM PDT

15 April 2008

Being on the ?other? side of the world, the Australian Lab virus analysts sometimes get the odd-looking malware in our time zone.

Just because we?re standing upside down (just kidding!) on this side of the planet compared with our North American and European colleagues doesn?t mean there?s any less shortage of malware authors. Take for instance, this love-lorn malware author who created W32/SillyFDC-CG.

As expected, the malware does its best to annoy you by:

- displaying a fake message on startup

More: http://www.sophos.com/security/blog/2008/04/1306.html

Collapse -
Troj/FakeAV-O
by Marianna Schmudlach / April 15, 2008 2:31 AM PDT
Collapse -
Troj/FakeAV-N
by Marianna Schmudlach / April 15, 2008 2:33 AM PDT
Collapse -
AdBand Installer
by Marianna Schmudlach / April 15, 2008 3:34 AM PDT
Collapse -
AdBand
by Marianna Schmudlach / April 15, 2008 3:35 AM PDT
Collapse -
SpySheriff Downloader
by Marianna Schmudlach / April 15, 2008 3:36 AM PDT
Collapse -
W32/Autorun-DB
by Marianna Schmudlach / April 15, 2008 7:39 AM PDT

Aliases WORM_DELF.FKZ
Worm.Win32.AutoIt.x

Category Viruses and Spyware

Type Worm

W32/Autorun-DB is a worm for the Windows platform.

When first run W32/Autorun-DB copies itself to:

<Windows>\regsvr.exe
<System>\regsvr.exe
<System>\svchost .exe

and creates the following files:

<System>\28463\svchost.001
<System>\28463\svchost.exe
<System>\setting.ini
<System>\setup.ini

The file svchost.exe is detected as Ardamax keylogger application. The file setup.ini will autorun regsvr.exe when removable storage device is accessed and should be deleted. The rest of the files are not malicious and also can be deleted.

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorundb.html?_log_from=rss

Collapse -
W32/Autorun-DD
by Marianna Schmudlach / April 15, 2008 7:40 AM PDT

Aliases W32/Autorun.worm.g
Win32/Autoit.BA worm
Mal_AUMAL-2

Category Viruses and Spyware

Type Worm

W32/Autorun-DD is a worm for the Windows platform.

W32/Autorun-DD includes functionality to download, install and run new software.

When first run W32/Autorun-DD copies itself to <System>\msmsgs.exe and creates the following files:

<Windows>\autorun.inf
<System>\bad1.exe
<System>\bad2.exe
<System>\bad3.exe

The file autorun.inf is detected as W32/SillyFDC-AP.

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorundd.html?_log_from=rss

Collapse -
W32/Rbot-Fam
by Marianna Schmudlach / April 15, 2008 7:42 AM PDT

Aliases Backdoor.Rbot.gen
W32/Sdbot.worm.gen.g
W32.Spybot.Worm

Category Viruses and Spyware

Type Worm

W32/Rbot-Fam is a family of worms which attempt to spread to remote network shares. The worms also contains backdoor Trojan functionality, allowing a malicious user remote access to the infected computer via IRC channels while running in the background as a service process. The worms have also been seen attempting to spread by email and via Instant Messenging programs.

W32/Rbot-Fam worms usually spread to network shares with weak passwords and via network security exploits, often only spreading as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotfam.html?_log_from=rss

Collapse -
Troj/Banloa-FE
by Marianna Schmudlach / April 15, 2008 8:29 AM PDT

Category Viruses and Spyware

Type Trojan

When first run Troj/Banloa-FE launches a browser which then attempts to open a malicious website.

Troj/Banloa-FE continues to run in the background attempting to download multiple files from another malicious site. Once downloaded Troj/Banloa-FE executes these files.

At the time of writing, the downloaded files were unavailable for download.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbanloafe.html

Collapse -
Troj/Dloadr-BKP
by Marianna Schmudlach / April 15, 2008 8:31 AM PDT
Collapse -
Troj/Dloadr-BKQ
by Marianna Schmudlach / April 15, 2008 8:32 AM PDT
Collapse -
Troj/Psyme-IF
by Marianna Schmudlach / April 15, 2008 8:33 AM PDT
Collapse -
Troj/Psyme-IG
by Marianna Schmudlach / April 15, 2008 8:35 AM PDT
Collapse -
Troj/Agent-GWG
by Marianna Schmudlach / April 15, 2008 8:36 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.