General discussion

VIRUS \ SPYWARE ALERTS - April 7, 2010

Troj/Agent-MWQ

Aliases

* TR/ATRAPS.Gen
* Trojan-Banker.Win32.Agent.aoi
* PWS-Banker!fzw trojan
* Trojan.ATRAPS.Gen

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Agent-MWQ is a Trojan for the Windows platform.

Troj/Agent-MWQ includes functionality to:

- steal confidential information
- access the internet and communicate with a remote server via HTTP

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmwq.html?_log_from=rss

Discussion is locked
Follow
Reply to: VIRUS \ SPYWARE ALERTS - April 7, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VIRUS \ SPYWARE ALERTS - April 7, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
TrojanSpy:Win32/Bancos.TM

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.TM&ThreatID=-2147334768

- Collapse -
TrojanSpy:Win32/Bancos.TN

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.TN&ThreatID=-2147334764

- Collapse -
Trojan:Win32/FakeSmoke

Aliases
SystemCop (other)
QuickHealCleaner (other)
TrustWarrior (other)
SaveArmor (other)
SecureVeteran (other)
SecuritySoldier (other)
SafeFighter (other)
TrustSoldier (other)
TrustFighter (other)
SoftCop (other)
TRE AntiVirus (other)
SoftBarrier (other)
BlockKeeper (other)
BlockScanner (other)
BlockProtector (other)
SystemFighter (other)
SystemVeteran (other)
SystemWarrior (other)
AntiAID (other)
Win32/WinBlueSoft.A (CA)
Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky)
WinBlueSoft (other)
WiniBlueSoft (other)
Winishield (other)
SaveKeep (other)
WiniFighter (other)
TrustNinja (other)
SaveDefense (other)
BlockDefense (other)
SaveSoldier (other)
WiniShield (other)
SafetyKeeper (other)
SoftSafeness (other)
SafeDefender (other)
Trustcop (other)
SecureWarrior (other)
SecureFighter (other)
SoftSoldier (other)
SoftVeteran (other)
SoftStronghold (other)
ShieldSafeness (other)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.1379.0
Released: Apr 07, 2010

Summary
Trojan:Win32/FakeSmoke is a family of trojans consisting of a fake Security Center interface and a fake antivirus program. The fake Security Center interface displays fake security notifications in the system and is designed to look identical to the legitimate Windows Security Center. It prompts the user to register the fake antivirus program.

The fake antivirus program may be known by several names, including WinBlueSoft and WiniBlueSoft. This program pretends to scan for malware infections and then displays a fake notification that malware has been detected in the system. It then prompts the user to enter a registration code, which is available only if the user purchases the fake product.

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeSmoke&ThreatID=-2147341732

- Collapse -
TrojanDownloader:Win32/FakeSmoke

Aliases
Trojan.Win32.FraudPack.wjj (Kaspersky)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.1379.0
Released: Apr 07, 2010

Summary
TrojanDownloader:Win32/FakeSmoke is a downloading component of Win32/FakeSmoke - a family of trojans consisting of a fake Security Center interface and a fake antivirus program. The fake Security Center interface displays fake security notifications in the system and is designed to look identical to the legitimate Windows Security Center. It prompts the user to register the fake antivirus program.

The fake antivirus program may be known by several names, including WinBlueSoft and WiniBlueSoft. This program pretends to scan for malware infections and then displays a fake notification that malware has been detected in the system. It then prompts the user to enter a registration code, which is available only if the user purchases the fake product.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/FakeSmoke&ThreatID=-2147338681

- Collapse -
TrojanDropper:Win32/FakeSmoke

Aliases
TrustWarrior (other)
WiniBlueSoft (other)
WinBlueSoft (other)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.1379.0
Released: Apr 07, 2010

Summary
TrojanDropper:Win32/FakeSmoke is a component of Win32/FakeSmoke - a family of trojans consisting of a fake Security Center interface and a fake antivirus program. The fake Security Center interface displays fake security notifications in the system and is designed to look identical to the legitimate Windows Security Center. It prompts the user to register the fake antivirus program.

The fake antivirus program may be known by several names, including WinBlueSoft and WiniBlueSoft. This program pretends to scan for malware infections and then displays a fake notification that malware has been detected in the system. It then prompts the user to enter a registration code, which is available only if the user purchases the fake product.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/FakeSmoke&ThreatID=-2147341733

- Collapse -
Trojan:Win32/Harebot.A

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Harebot.A&ThreatID=-2147334769

- Collapse -
Trojan:Win32/Harebot.B

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Harebot.B&ThreatID=-2147334770

- Collapse -
TrojanDropper:Win32/Oficla.K

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Oficla.K&ThreatID=-2147334758

- Collapse -
Trojan:Win32/Oficla.O

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Oficla.O&ThreatID=-2147334759

- Collapse -
Trojan:Win32/Opachki.B

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Opachki.B&ThreatID=-2147334757

- Collapse -
TrojanDownloader:Win32/Renos.LF

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Renos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Renos.LF&ThreatID=148881

- Collapse -
TrojanDownloader:Win32/Renos.LG

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Renos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Renos.LG&ThreatID=148882

- Collapse -
TrojanDownloader:Win32/Renos.LH

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Renos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Renos.LH&ThreatID=148883

- Collapse -
VirTool:Win32/Vbinder.gen!H

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/Vbinder.gen!H&ThreatID=-2147334763

- Collapse -
VirTool:Win32/Vbinder.gen!I

Encyclopedia entry
Published: Apr 07, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.1379.0
Released: Apr 07, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/Vbinder.gen!I&ThreatID=-2147334762

CNET Forums

Forum Info