Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - December 10, 2008

by Marianna Schmudlach / December 9, 2008 10:36 AM PST

W32/Tilebot-LA


Category Viruses and Spyware

Type Worm

W32/Tilebot-LA is a worm for the Windows platform.

When run W32/Tilebot-LA copies itself to <System>\dfrhost.exe and creates the files:

<System>\packet.dll - not malicious
<System>\wpcap.dll - not malicious
<System>\npf.sys - not malicious

W32/Tilebot-LA sets the following registry entries:

HKCU\Software\Microsoft\OLE
GPS driver
dfrhost.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
GPS driver
dfrhost.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GPS driver
dfrhost.exe

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32tilebotla.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - December 10, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - December 10, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Autorun-RZ
by Marianna Schmudlach / December 9, 2008 10:37 AM PST

Aliases Worm.Win32.AutoRun.wp

Category Viruses and Spyware

Type Worm

W32/Autorun-RZ is a worm for the Windows platform.

When first run W32/Autorun-RZ copies itself to the Windows folder and to <Root>\gg.exe and creates the file <Root>\autorun.inf.

The following registry entry is created to run W32/Autorun-RZ on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
<Windows>\<original worm filename>

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0


http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunrz.html?_log_from=rss

Collapse -
Troj/Zbot-BI
by Marianna Schmudlach / December 9, 2008 10:38 AM PST
Collapse -
Troj/Fakevir-IB
by Marianna Schmudlach / December 9, 2008 10:39 AM PST
Collapse -
Troj/Dloadr-CCW
by Marianna Schmudlach / December 9, 2008 10:40 AM PST
Collapse -
Troj/Dloadr-CCV
by Marianna Schmudlach / December 9, 2008 10:41 AM PST
Collapse -
Troj/Buzus-AC
by Marianna Schmudlach / December 9, 2008 10:42 AM PST
Collapse -
Troj/Agent-ILJ
by Marianna Schmudlach / December 9, 2008 10:43 AM PST

Category Viruses and Spyware

Type Trojan

Troj/Agent-ILJ is a Trojan for the Windows platform and is a member of the Virtumundo family of Trojans.

When run Troj/Agent-ILJ creates the files:
<System>\<file 1 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 2 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 3 with name made of random characters>.dll - detected as Troj/Agent-ILJ

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
(default)
<System>\<file 1 with name made of random characters>.dll

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
ThreadingModel
Both

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentilj.html?_log_from=rss

Collapse -
Troj/Agent-ILI
by Marianna Schmudlach / December 9, 2008 10:44 AM PST

Aliases Trojan.Win32.Agent.atkb

Category Viruses and Spyware

Type Trojan

Troj/Agent-ILI is a Trojan for the Windows platform.

Troj/Agent-ILI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When Troj/Agent-ILI is installed the following files are created:

<Temp>\decrypted.exe
<Root>\system\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe

The files explorer.exe and decrypted.exe are detected as W32/Autoham-Fam.


http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentili.html?_log_from=rss

Collapse -
Mal/Renos-E
by Marianna Schmudlach / December 9, 2008 10:45 AM PST
Collapse -
Troj/PSW-GC
by Marianna Schmudlach / December 9, 2008 1:44 PM PST
Collapse -
Troj/Mdrop-BXL
by Marianna Schmudlach / December 9, 2008 1:45 PM PST
Collapse -
Troj/Inject-DM
by Marianna Schmudlach / December 9, 2008 1:46 PM PST

Category Viruses and Spyware

Type Trojan

Troj/Inject-DM is a Trojan for the Windows platform.

When run Troj/Inject-DM copies itself to <System>\msw32prt.exe and creates the file <System>\msw32prt (which can be deleted).

Troj/Inject-DM sets the following registry entry to run itself on startup:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7FAE9F2-901F-2CF6-912D-530424EF4BD5}
StubPath
<System>\msw32prt.exe


http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjectdm.html?_log_from=rss

Collapse -
OSX/RSPlug-B
by Marianna Schmudlach / December 9, 2008 1:47 PM PST

Aliases Trojan-Downloader.OSX.Jahlav.b
OSX_RSPLUG.A
TrojanDownloader:MacOS/Jahlav.A
OSX.RSPlug.A
HASH(0xa6d8248)

Category Viruses and Spyware

Type Trojan

OSX/RSPlug-B is a dysfunctional Trojan installer for Apple OSX.

OSX/RSPlug-B is a disk image that contains an installer that fails to run correctly. The installer claims to install "MacAccess" and will require 376kb of space.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxrsplugb.html?_log_from=rss

Collapse -
C-NMedia
by Marianna Schmudlach / December 9, 2008 1:49 PM PST
Collapse -
Troj/DwnLdr-HLS
by Marianna Schmudlach / December 10, 2008 12:14 AM PST
Collapse -
Troj/Agent-ILL
by Marianna Schmudlach / December 10, 2008 12:15 AM PST
Collapse -
Troj/Agent-ILK
by Marianna Schmudlach / December 10, 2008 12:16 AM PST
Collapse -
Mal/Tibs-A
by Marianna Schmudlach / December 10, 2008 12:17 AM PST
Collapse -
W32/Patched-A
by Marianna Schmudlach / December 10, 2008 12:18 AM PST
Collapse -
W32/Confick-B
by Marianna Schmudlach / December 10, 2008 12:19 AM PST
Collapse -
W32/AutoRun-SB
by Marianna Schmudlach / December 10, 2008 12:20 AM PST

Category Viruses and Spyware

Type Worm

W32/AutoRun-SB is a worm for the Windows platform.

When run W32/AutoRun-SB attempts to overwrite files on the system with copies of itself.

W32/AutoRun-SB sets the following registry entries:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
open
<System>\<original name of worm executable>

W32/AutoRun-SB also copies itself to:
- <Root>\.exe
- <Root>\<original name of worm executable>.exe

W32/AutoRun-SB creates the file <Root>\HelloPhilippines.txt. This file can be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunsb.html?_log_from=rss

Collapse -
Troj/JSShell-E
by Marianna Schmudlach / December 10, 2008 12:21 AM PST
Collapse -
Troj/DNSChan-MO
by Marianna Schmudlach / December 10, 2008 12:21 AM PST
Collapse -
Troj/Agent-ILM
by Marianna Schmudlach / December 10, 2008 12:22 AM PST
Collapse -
Onzemeia
by Marianna Schmudlach / December 10, 2008 12:26 AM PST
Collapse -
Spyware-Guard
by Marianna Schmudlach / December 10, 2008 12:27 AM PST
Collapse -
JS_DLOAD.MD
by Marianna Schmudlach / December 10, 2008 1:37 AM PST
Collapse -
Bloodhound.Exploit.219
by Marianna Schmudlach / December 10, 2008 1:43 AM PST
Collapse -
Backdoor.Tidns
by Marianna Schmudlach / December 10, 2008 1:44 AM PST
Collapse -
Worm:W32/Downadup
by Marianna Schmudlach / December 10, 2008 1:48 AM PST

Name : Worm:W32/Downadup
Type: Worm
Category: Malware
Platform: W32

Summary
A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.

More: http://www.f-secure.com/v-descs/worm_w32_downadup.shtml

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?