Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - December 10, 2008

W32/Tilebot-LA


Category Viruses and Spyware

Type Worm

W32/Tilebot-LA is a worm for the Windows platform.

When run W32/Tilebot-LA copies itself to <System>\dfrhost.exe and creates the files:

<System>\packet.dll - not malicious
<System>\wpcap.dll - not malicious
<System>\npf.sys - not malicious

W32/Tilebot-LA sets the following registry entries:

HKCU\Software\Microsoft\OLE
GPS driver
dfrhost.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
GPS driver
dfrhost.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GPS driver
dfrhost.exe

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32tilebotla.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - December 10, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - December 10, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Autorun-RZ

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Aliases Worm.Win32.AutoRun.wp

Category Viruses and Spyware

Type Worm

W32/Autorun-RZ is a worm for the Windows platform.

When first run W32/Autorun-RZ copies itself to the Windows folder and to <Root>\gg.exe and creates the file <Root>\autorun.inf.

The following registry entry is created to run W32/Autorun-RZ on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
<Windows>\<original worm filename>

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0


http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunrz.html?_log_from=rss

Collapse -
Troj/Zbot-BI

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Fakevir-IB

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Dloadr-CCW

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Dloadr-CCV

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Buzus-AC

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Agent-ILJ

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Category Viruses and Spyware

Type Trojan

Troj/Agent-ILJ is a Trojan for the Windows platform and is a member of the Virtumundo family of Trojans.

When run Troj/Agent-ILJ creates the files:
<System>\<file 1 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 2 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 3 with name made of random characters>.dll - detected as Troj/Agent-ILJ

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
(default)
<System>\<file 1 with name made of random characters>.dll

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
ThreadingModel
Both

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentilj.html?_log_from=rss

Collapse -
Troj/Agent-ILI

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Aliases Trojan.Win32.Agent.atkb

Category Viruses and Spyware

Type Trojan

Troj/Agent-ILI is a Trojan for the Windows platform.

Troj/Agent-ILI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When Troj/Agent-ILI is installed the following files are created:

<Temp>\decrypted.exe
<Root>\system\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe

The files explorer.exe and decrypted.exe are detected as W32/Autoham-Fam.


http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentili.html?_log_from=rss

Collapse -
Mal/Renos-E

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/PSW-GC

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Mdrop-BXL

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Inject-DM

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Category Viruses and Spyware

Type Trojan

Troj/Inject-DM is a Trojan for the Windows platform.

When run Troj/Inject-DM copies itself to <System>\msw32prt.exe and creates the file <System>\msw32prt (which can be deleted).

Troj/Inject-DM sets the following registry entry to run itself on startup:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7FAE9F2-901F-2CF6-912D-530424EF4BD5}
StubPath
<System>\msw32prt.exe


http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjectdm.html?_log_from=rss

Collapse -
OSX/RSPlug-B

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Aliases Trojan-Downloader.OSX.Jahlav.b
OSX_RSPLUG.A
TrojanDownloader:MacOS/Jahlav.A
OSX.RSPlug.A
HASH(0xa6d8248)

Category Viruses and Spyware

Type Trojan

OSX/RSPlug-B is a dysfunctional Trojan installer for Apple OSX.

OSX/RSPlug-B is a disk image that contains an installer that fails to run correctly. The installer claims to install "MacAccess" and will require 376kb of space.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxrsplugb.html?_log_from=rss

Collapse -
C-NMedia

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/DwnLdr-HLS

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Agent-ILL

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Agent-ILK

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Mal/Tibs-A

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
W32/Patched-A

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
W32/Confick-B

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
W32/AutoRun-SB

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Category Viruses and Spyware

Type Worm

W32/AutoRun-SB is a worm for the Windows platform.

When run W32/AutoRun-SB attempts to overwrite files on the system with copies of itself.

W32/AutoRun-SB sets the following registry entries:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
open
<System>\<original name of worm executable>

W32/AutoRun-SB also copies itself to:
- <Root>\.exe
- <Root>\<original name of worm executable>.exe

W32/AutoRun-SB creates the file <Root>\HelloPhilippines.txt. This file can be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunsb.html?_log_from=rss

Collapse -
Troj/JSShell-E

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/DNSChan-MO

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Troj/Agent-ILM

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Onzemeia

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Spyware-Guard

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
JS_DLOAD.MD

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Bloodhound.Exploit.219

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Backdoor.Tidns

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Collapse -
Worm:W32/Downadup

In reply to: VIRUS \ Spyware ALERTS - December 10, 2008

Name : Worm:W32/Downadup
Type: Worm
Category: Malware
Platform: W32

Summary
A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.

More: http://www.f-secure.com/v-descs/worm_w32_downadup.shtml

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.