Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - August 22, 2009

by Marianna Schmudlach / August 22, 2009 12:04 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - August 22, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - August 22, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeAle-PG
by Marianna Schmudlach / August 22, 2009 12:05 AM PDT
Collapse -
Troj/Dloadr-CSQ
by Marianna Schmudlach / August 22, 2009 12:06 AM PDT
Collapse -
Troj/Bifros-B
by Marianna Schmudlach / August 22, 2009 12:06 AM PDT
Collapse -
Troj/BHO-NM
by Marianna Schmudlach / August 22, 2009 12:07 AM PDT
Collapse -
Mal/FakeAv-BB
by Marianna Schmudlach / August 22, 2009 12:08 AM PDT
Collapse -
Troj/Vwealr-Gen
by Marianna Schmudlach / August 22, 2009 12:09 AM PDT
Collapse -
Troj/DwnLdr-HVS
by Marianna Schmudlach / August 22, 2009 12:09 AM PDT

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/DwnLdr-HVS is a Trojan for the Windows platform.

In order to run automatically when Windows starts up Troj/DwnLdr-HVS copies
itself to the file "Wsetup_wm.exe" in the Program Files folder and
creates the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
"Setup Windows Media Player"
"C:\\Program Files\\Windows Media Player\\Wsetup_wm.exe"

and

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Setup Windows Media Player"
"C:\\Program Files\\Windows Media Player\\Wsetup_wm.exe"

and updates

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"
"Explorer.exe winsock32.scr"

But module "winsock32.scr" could absent.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhvs.html?_log_from=rss

Collapse -
Troj/DwnLdr-HVR
by Marianna Schmudlach / August 22, 2009 12:10 AM PDT
Collapse -
Troj/Agent-KXN
by Marianna Schmudlach / August 22, 2009 12:11 AM PDT
Collapse -
Ultrasurf!c7c5c826feca
by Marianna Schmudlach / August 22, 2009 12:12 AM PDT

Type
Program
SubType
-
Discovery Date
08/21/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName u.exe
McAfee Artemis Artemis!c7c5c826feca
McAfee Detection Ultrasurf
Length 93,184 bytes
CRC 24199F11
MD5 C7C5C826FECACFA2F7DD48A762DF1B2E
SHA1 BA088B3F66944BB8F47C9E23EA46ACF59A4CB029

Other Common Detection Aliases

Company Name Detection Name
avast Win32:Downloader-TZ [Trj]
AVG (GriSoft) Agent.EKV
BitDefender Virtool.6266
Dr.Web Tool.Proxy.2515
EMSI Software Trojan-Downloader.Agentsmall.G!IK
eSafe (Alladin) Win32.Trojan
Eset ~a variant of Win32/Agent
FortiNet Misc/Ultrasurf
microsoft trojandownloader:win32/agentsmall.g
norman w32/dloader.gfqz
panda Generic Trojan
Symantec Trojan Horse
V-Buster Trojan.DL.Agentsmall.IO

Avert

Collapse -
Downloader-Fenomen.gen.a!be92856333e6
by Marianna Schmudlach / August 22, 2009 12:14 AM PDT

Type
Program
SubType
Downloader
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!be92856333e6
McAfee Detection Downloader-Fenomen.gen.a
Length 162,431 bytes
CRC 62F7FCBA
MD5 BE92856333E6DCA81AADF417E9905E8A
SHA1 A6098A285C69BD23F98777D795EA45AABAF6767E

Other Common Detection Aliases

More: http://vil.nai.com/vil/content/v_209247.htm

Collapse -
Generic PUP.z!y!3e696d4b26b8
by Marianna Schmudlach / August 22, 2009 12:14 AM PDT

Type
Program
SubType
-
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Adware-TryMedia!c2047421a381
by Marianna Schmudlach / August 22, 2009 12:15 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!c2047421a381
McAfee Detection Adware-TryMedia
Length 140,616 bytes
CRC 9D055B99
MD5 c2047421a38171738df2cecffc42dd64
SHA1 6546DB994B800D1DDC5EBBF2D7B0CD06C242334F

Other Common Detection Aliases

Company Name Detection Name
Avira GAME/Dldr.TryMedia.Gen
clamav Adware.Trymedia-6
Eset Win32/Adware.Trymedia (application)
FortiNet Adware/Trymedia
F-Prot W32/Trymedia.A.gen!Eldorado
Trend Micro HeurSpy_Trymed
V-Buster Adware.Trymedia.E (trojan)

Avert

Collapse -
Adware-TryMedia!c93122704e98
by Marianna Schmudlach / August 22, 2009 12:17 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!c93122704e98
McAfee Detection Adware-TryMedia
Length 140,616 bytes
CRC 9FB26E47
MD5 c93122704e98b42d1e62076b3e54ffc8
SHA1 73EF1A2C32A60439360EE9514275364FBDD300F2

Other Common Detection Aliases

More: http://vil.nai.com/vil/content/v_209320.htm

Collapse -
Downloader-Fenomen.gen.a!ca1068a2722c
by Marianna Schmudlach / August 22, 2009 12:18 AM PDT

Type
Program
SubType
Downloader
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!ca1068a2722c
McAfee Detection Downloader-Fenomen.gen.a
Length 162,423 bytes
CRC DA53C14C
MD5 CA1068A2722C92C5AE5482E0E9522840
SHA1 9122E2F5020D79C75DE37507D3FEEF6D9A974A47

Other Common Detection Aliases

More: http://vil.nai.com/vil/content/v_209325.htm

Collapse -
Dialer-Generic!ccdf43fffbec
by Marianna Schmudlach / August 22, 2009 12:18 AM PDT

Type
Program
SubType
Dialer
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!ccdf43fffbec
McAfee Detection Dialer-Generic
Length 98,184 bytes
CRC 802F3790
MD5 CCDF43FFFBEC56A52542C0B11CC82354
SHA1 BDDA2EEA5542328EA383466A61BAD83B7A38A830

Other Common Detection Aliases

More: http://vil.nai.com/vil/content/v_209344.htm

Collapse -
Adware-TryMedia!cda810ba2326
by Marianna Schmudlach / August 22, 2009 12:19 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!cda810ba2326
McAfee Detection Adware-TryMedia
Length 140,616 bytes
CRC E6F20466
MD5 cda810ba2326e0a90aa751f99be82f53
SHA1 7304C19E69716173D5042B80B2EE54BC0A1C6A9E

Other Common Detection Aliases

Company Name Detection Name
Avira GAME/Dldr.TryMedia.Gen
clamav Adware.Trymedia-6
Eset Win32/Adware.Trymedia (application)
FortiNet Adware/Trymedia
F-Prot W32/Trymedia.A.gen!Eldorado
Trend Micro HeurSpy_Trymed
V-Buster Adware.Trymedia.E (trojan)

Avert

Collapse -
Packed.Generic.247
by Marianna Schmudlach / August 22, 2009 12:20 AM PDT

Discovered: August 21, 2009
Updated: August 21, 2009 11:27:02 PM
Type: Trojan, Virus
Infection Length: 375,296 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Packed.Generic.247 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.


http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-082123-1409-99

Collapse -
BKDR_REDOLAB.AL
by Marianna Schmudlach / August 22, 2009 12:21 AM PDT

Laptop Delivery Note Contains Malware

Just today, we at the Content Security team received a large number of spam with a ZIP attachment that contains a backdoor. The said email informs the user that the product he/she has ordered/purchased online is already sent. It then asks the user to view the tracking document details by opening the attachment.

The attachment is not an Office file, it is instead an executable which Trend Micro detects as BKDR_REDOLAB.AL. This backdoor?s main duty appears to be to download TROJ_RENOS.BAV. Renos variants are known downloaders of rogue antivirus components/software. Our engineers are currently analyzing the capabilities of this Trojan.

Various Web-based infection vectors have been used in connection with rogue antivirus scams. In the last couple of months, rogue antivirus has been the final payload of blackhat SEO attacks (as in the case of malicious links that come up when users searched for news about Corazon Aquino?s death and the latest solar eclipse) and malicious Twitter posts. The last we have seen of malicious attachments that lead to rogue antivirus was in the Reconfigure Your Outlook spam.

More: http://blog.trendmicro.com/

Collapse -
Troj/FakeAV-YH
by Marianna Schmudlach / August 22, 2009 1:35 AM PDT
Collapse -
Troj/FakeAV-YG
by Marianna Schmudlach / August 22, 2009 1:35 AM PDT
Collapse -
Troj/Backdr-AP
by Marianna Schmudlach / August 22, 2009 1:36 AM PDT
Collapse -
GameVance.gen.b!8e1c962f3cc0
by Marianna Schmudlach / August 22, 2009 3:47 AM PDT

Type
Program
SubType
-
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!8e1c962f3cc0
McAfee Detection GameVance.gen.b
Length 105,984 bytes
CRC 653D9E04
MD5 8E1C962F3CC0D081929DB157C8BD3C3A
SHA1 F2D86AA340C3388EC9D99B2174AC9F4D909FAD96

Other Common Detection Aliases

Company Name Detection Name
ahnlab Win-Trojan/Xema.variant
avast Win32:Trojan-gen {Other}
BitDefender Gen:Trojan.Heur.6030CFE4E4
norman w32/obfuscated.bn!genr

Avert

Collapse -
Adware-DoubleD.dll!18a3fd2bd42c
by Marianna Schmudlach / August 22, 2009 3:48 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Adware-Ndware!c5d1bd0c6821
by Marianna Schmudlach / August 22, 2009 3:49 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName epx30105.exe
McAfee Artemis Artemis!c5d1bd0c6821
McAfee Detection Adware-Ndware
Length 36,352 bytes
CRC 4AF37343
MD5 C5D1BD0C682106929F3FB2EFBEBC7F48
SHA1 47CB652FA3389880E39182B1D4F0B4ABF2ECBB29

Other Common Detection Aliases

Company Name Detection Name
avast Win32:Trojan-gen {Other}
AVG (GriSoft) Downloader.Generic.YH (Trojan horse)
Avira TR/Dldr.Lastad.P
BitDefender Trojan.Downloader.Lastad.P
clamav Trojan.Downloader.Lastad-4
Dr.Web Trojan.DownLoader.2905
Eset Win32/TrojanDownloader.Lastad.P trojan
FortiNet W32/Lastad.P!tr
F-Prot W32/DownloaderX.IEI
Kaspersky Trojan-Downloader.Win32.Lastad.p
microsoft trojan:win32/agent
norman W32/Lastad.P
panda Trj/Downloader.CZM
rising Trojan.DL.Lastad.p
Sophos Mal/Behav-004
Symantec Adware.NeededWare
Trend Micro TROJ_NDWARE.B
vba32 Trojan-Downloader.Win32.Lastad.p
V-Buster Trojan.DL.Agent.BHAX (trojan)
Vet (Computer Associates)
Win32/Lastad.G

Avert

Collapse -
Adware-Ndware!444468cd001d
by Marianna Schmudlach / August 22, 2009 3:50 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName thuowuw.exe
McAfee Artemis Artemis!444468cd001d
McAfee Detection Adware-Ndware
Length 40,008 bytes
CRC 08636012
MD5 444468CD001DE3408ED91F1B98CA631D
SHA1 976537DF31503BC04F2604D80E4AF4C789B540EE

Other Common Detection Aliases

Company Name Detection Name
avast Win32:Trojano-1402 [Trj]
AVG (GriSoft) Downloader.Generic.RU (Trojan horse)
Avira TR/Dldr.Lastad.h.2
BitDefender Trojan.Downloader.Lastad.H
Dr.Web Trojan.DownLoader.2980
Eset Win32/TrojanDownloader.Lastad trojan
FortiNet W32/Lastad.H!tr
F-Prot W32/Downloader.CQV
Kaspersky Trojan-Downloader.Win32.Lastad.h
microsoft trojan:win32/agent
norman W32/Lastad.H
panda Adware/Ndware (spyware)
rising Trojan.DL.Lastad.g
Sophos Mal/Behav-004
Symantec Adware.NeededWare
Trend Micro ADW_NDWARE.A
vba32 Trojan-Downloader.Win32.Lastad.h
V-Buster Trojan.DL.Lastad.D (trojan)
Vet (Computer Associates)
Win32/Lastad.F

Avert

Collapse -
Adware-TryMedia!d6cfc7f645b9
by Marianna Schmudlach / August 22, 2009 3:51 AM PDT

Type
Program
SubType
Adware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!d6cfc7f645b9
McAfee Detection Adware-TryMedia
Length 140,616 bytes
CRC CB79ABDC
MD5 d6cfc7f645b91a05b79cc6cb045fab5e
SHA1 30AA8A3F268A96E63365BB4553722B0ACDC050D3

Other Common Detection Aliases

Company Name Detection Name
Avira GAME/Dldr.TryMedia.Gen
clamav Adware.Trymedia-6
Eset Win32/Adware.Trymedia (application)
FortiNet Adware/Trymedia
F-Prot W32/Trymedia.A.gen!Eldorado
Trend Micro HeurSpy_Trymed
V-Buster Adware.Trymedia.E (trojan)

Avert

Collapse -
Spyware-LoverSpy!9064a594933c
by Marianna Schmudlach / August 22, 2009 3:52 AM PDT

Type
Program
SubType
Spyware
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!9064a594933c
McAfee Detection Spyware-LoverSpy
Length 1,695,232 bytes
CRC B56B071E
MD5 9064A594933CE678676DC0318179044E
SHA1 9FE51CE3888E972E661223BDD64CF626E8018AE6

Other Common Detection Aliases

Company Name Detection Name
ahnlab Win-Trojan/Xema.variant
avast Win32:Delf-EQB
AVG (GriSoft) BackDoor.Generic3.EAT
Avira SPR/PassView.A
BitDefender Trojan.Spy.Delf.NMY
clamav Trojan.Spy-8125
Dr.Web BackDoor.Simplecode
eSafe (Alladin) Suspicious file
Eset a variant of Win32/Delf.NCO
FortiNet W32/Delf.LV!tr
F-Prot W32/Trojan.ALSE
Kaspersky Trojan-Spy.Win32.Delf.uz
microsoft MonitoringTool:Win32/Eagleagent
panda Suspicious file
rising Backdoor.VB.qbf
Sophos Mal/HckPk-D
Trend Micro PAK_Generic.001
vba32 Trojan-Spy.Win32.Delf.uz
Vet (Computer Associates)
Win32/AMalum.AIS

Avert

Collapse -
MWS!17c7770230c6
by Marianna Schmudlach / August 22, 2009 5:57 AM PDT

Type
Program
SubType
-
Discovery Date
08/22/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following registry elements have been created:

More: http://vil.nai.com/vil/content/v_209492.htm

Collapse -
Troj/Zapchas-EM
by Marianna Schmudlach / August 22, 2009 8:15 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?