Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - April 3, 2009

by Marianna Schmudlach / April 2, 2009 12:51 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - April 3, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - April 3, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Waled-CK
by Marianna Schmudlach / April 2, 2009 12:52 PM PDT
Collapse -
W32/Waled-CJ
by Marianna Schmudlach / April 2, 2009 12:53 PM PDT
Collapse -
Troj/Inject-GH
by Marianna Schmudlach / April 2, 2009 12:53 PM PDT

Category

* Viruses and Spyware

Type

* Trojan


Troj/Inject-GH is a Trojan for the Windows platform.

Troj/Inject-GH installs itself to the following folder
C:\Documents and Settings\<HOST>\<HOST>.exe
where HOST is the host name of the computer.

Troj/Inject-GH injects itself into other processes and installs the following registry entry to run on startup
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
<HOST>
<path to EXE>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjectgh.html?_log_from=rss

Collapse -
Troj/Dloadr-CKF
by Marianna Schmudlach / April 2, 2009 12:54 PM PDT
Collapse -
Troj/Delf-FBX
by Marianna Schmudlach / April 2, 2009 12:55 PM PDT
Collapse -
Troj/CrisCras-A
by Marianna Schmudlach / April 2, 2009 12:56 PM PDT
Collapse -
Troj/BHODrop-E
by Marianna Schmudlach / April 2, 2009 12:57 PM PDT

Category

* Viruses and Spyware

Type

* Trojan


Troj/BHODrop-E is a Trojan for the Windows platform.

When Troj/BHODrop-E is installed it creates the file <Program Files>\Common\helper.dll or <Program Files>\WinBudget\Comon\helper.dll, detected as Mal/BHO-O.

Troj/BHODrop-E may attempt to delete registry entries under the following locations:

HKCU\Software\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhodrope.html?_log_from=rss

Collapse -
Troj/Arkdoor-C
by Marianna Schmudlach / April 2, 2009 12:58 PM PDT
Collapse -
Troj/FakeAV-OC
by Marianna Schmudlach / April 3, 2009 12:35 AM PDT
Collapse -
Troj/PSW-GT
by Marianna Schmudlach / April 3, 2009 12:36 AM PDT
Collapse -
Troj/MDrop-CAY
by Marianna Schmudlach / April 3, 2009 12:37 AM PDT
Collapse -
Troj/Iframe-BT
by Marianna Schmudlach / April 3, 2009 12:38 AM PDT
Collapse -
Troj/FakeVir-LT
by Marianna Schmudlach / April 3, 2009 12:38 AM PDT
Collapse -
Troj/Drppr-D
by Marianna Schmudlach / April 3, 2009 12:39 AM PDT
Collapse -
W32.Unruy.A
by Marianna Schmudlach / April 3, 2009 1:06 AM PDT
Collapse -
Trojan.PPDropper.H
by Marianna Schmudlach / April 3, 2009 1:07 AM PDT

Discovered: April 3, 2009
Updated: April 3, 2009 9:26:00 AM
Type: Trojan

Trojan.PPDropper.H is a Trojan that attempts to exploit the Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (BID 34351) in order to drop more files on to the compromised computer.

Symantec Security Response is currently investigating this threat and will post more information as it becomes available.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-040308-5452-99

Collapse -
W32.Relnek.A
by Marianna Schmudlach / April 3, 2009 1:08 AM PDT
Collapse -
TROJ_PPDROP.AB. - New Exploit Takes on MS PowerPoint
by Marianna Schmudlach / April 3, 2009 1:09 AM PDT

Apr3

by JM Hipolito (Technical Communications)

A new 0-day malware leveraging on a vulnerability found in Microsoft PowerPointis making rounds. Distributed as attachment to spam messages, specially crafted PowerPoint files are used for exploitation, which would grant cybercriminals access into the affected user?s system.

Here are screenshots of the said PowerPoint files:

More: http://blog.trendmicro.com/

Collapse -
Waledac Spamming Image Hosting and Italian Job Offers
by Marianna Schmudlach / April 3, 2009 1:11 AM PDT

by Joey Costoya (Advanced Threats Researcher)

If you have been swamped lately by email offering unlimited image hosting services at a certain site such as the one below, blame Waledac for that.

More: http://blog.trendmicro.com/

Collapse -
Win32/Vundo.CMS
by Marianna Schmudlach / April 3, 2009 1:13 AM PDT

Type : Trojan

Category : Win32

Also known as: Vundo(CA Anti-Spyware)


Description

Win32/Vundo is a large family of trojans that contain backdoor functionality that gives an unauthorized user access to an affected machine. They have been associated with adware.

For more detailed information regarding the functionality of the Win32/Vundo family, please visit the Win32/Vundo description elsewhere in our encyclopedia.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=78208

Collapse -
Win32/DfDoor.K
by Marianna Schmudlach / April 3, 2009 1:14 AM PDT

Type : Trojan

Category : Win32

Also known as: Infostealer.Banker.C (Symantec), Troj/Bckdr-QSL (Sophos), BackDoor-DUV (McAfee)


Description

This malware is detected by CA Anti-Virus solutions. Please see above for the relevant signature updates.

This malware is being dissected by the CA Security Advisor Team - a detailed analysis will be available shortly.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=78206

Collapse -
Win32/Kollah.ADB
by Marianna Schmudlach / April 3, 2009 1:15 AM PDT

Type : Trojan

Category : Win32

Also known as: Spy-Agent.bw (McAfee), Trojan.Win32.Agent.bxlf (Kaspersky), Troj/Agent-JJP (Sophos), PWS:Win32/Zbot.J (MS OneCare)


Description

Win32/Kollah.ADB is from a family of trojans that steal sensitive information. Some Kollah variants also download and execute additional unwanted rogue software.

For more detailed information regarding the functionality of the Win32/Kollah family, please visit the Win32/Kollah description elsewhere in our encyclopedia.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=78205

Collapse -
Win32/Kollah.ACW
by Marianna Schmudlach / April 3, 2009 1:16 AM PDT

Type : Trojan

Category : Win32

Also known as: Trojan.Win32.Agent.bxge (Kaspersky), Troj/Agent-JIV (Sophos), PWS:Win32/Zbot.J (MS OneCare)


Description

Win32/Kollah.ACW is from a family of trojans that steal sensitive information. Some Kollah variants also download and execute additional unwanted rogue software.

For more detailed information regarding the functionality of the Win32/Kollah family, please visit the Win32/Kollah description elsewhere in our encyclopedia.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=78204

Collapse -
XCmdSvc
by Marianna Schmudlach / April 3, 2009 1:17 AM PDT

Aliases

* RemAdm-ProcLaunch

Category

* Adware or PUA

Type

* Remote Administration Tool


XCmdSvc is an application which can be used to execute commands on a remote computer.

XCmdSvc may install components of itself as a service call, typically using names such as xCmdSvc or rexecsrv.

http://www.sophos.com/security/analyses/adware-and-puas/xcmdsvc.html

Collapse -
ExeScript
by Marianna Schmudlach / April 3, 2009 1:18 AM PDT
Collapse -
Mal/VidHtml-H - FauxBook
by Marianna Schmudlach / April 3, 2009 1:20 AM PDT

3 April 2009

I?m a Facebook addict. I would login and check out all the lovely ladies everyday. I?m sure millions of men are doing the same and malware authors have already gotten onto the bandwagon.

Another variant also comes as a faux email from faux Facebook.


Who can resist a video of their drunken friend doing a striptease? Following the link will bring us to a Facebook-like looking page with dodgy scripts to download malware. Sophos detects the dodgy script as Mal/VidHtml-H and the downloaded malware as Troj/Dloadr-CKF. The malware also contains password stealing functionalities.

More: http://www.sophos.com/security/blog/2009/04/3860.html

Collapse -
TROJ_PPDROP.AB
by Marianna Schmudlach / April 3, 2009 1:22 AM PDT

Malware type: Trojan

Description:

This is the Trend Micro detection for Powerpoint files that are compromised with malicious codes.

This Trojan may be downloaded unknowingly by a user when visiting malicious Web site(s).

Once the file is opened by an unsuspecting user, it drops the following malicious files:

* BKDR_KUPS.F
* TROJ_KUPS.F

As a result, malicious routines of the dropped files may also be exhibited on the affected system.

It exploits the following zero-day software vulnerability to allow itself to drop and execute embedded files:

* Microsoft Security Advisory (969136)

More information regarding this vulnerability can be found in the following webpages:

More: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PPDROP.AB

Collapse -
W32/Autorun-ADY
by Marianna Schmudlach / April 3, 2009 3:07 AM PDT
Collapse -
W32/Autorun-ADX
by Marianna Schmudlach / April 3, 2009 3:08 AM PDT
Collapse -
Troj/Monkif-D
by Marianna Schmudlach / April 3, 2009 3:08 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.