Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - December 16, 2008

by Marianna Schmudlach / December 15, 2008 10:52 AM PST
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - December 16, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - December 16, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloadr-CCZ
by Marianna Schmudlach / December 15, 2008 10:53 AM PST
Collapse -
W32.Delezium (from Symantec)/Impair.A (from Sophos) virus
by Marianna Schmudlach / December 15, 2008 1:33 PM PST

W32.Delezium/Impair.A virus being seen
Published: 2008-12-15,
Last Updated: 2008-12-15 20:40:10 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s) We've gotten reports that the W32.Delezium (from Symantec)/Impair.A (from Sophos) virus is floating around and being a general pain in the neck. The detection from Symantec (as "W32.Delezium/inf") only catches infected files, not the virus itself.

The Symantec report is more detailed than the Sophos report, there are some contradictions between the two on how the virus is spreading. The virus is a standard file infector but will also insert a registry entry to enable it to run every startup.

From the Symantec report-

"Next, the virus searches all local, removable and network drives for files with the following extensions, which it subsequently deletes:

More: http://isc.sans.org/diary.html?storyid=5491

Collapse -
Troj/PcBkdr-Fam
by Marianna Schmudlach / December 15, 2008 1:51 PM PST
Collapse -
Troj/Dloadr-BZI
by Marianna Schmudlach / December 15, 2008 1:52 PM PST
Collapse -
OneClickReward Installer
by Marianna Schmudlach / December 15, 2008 1:54 PM PST
Collapse -
OneClickReward
by Marianna Schmudlach / December 15, 2008 1:55 PM PST
Collapse -
NetObserve Installer
by Marianna Schmudlach / December 15, 2008 1:56 PM PST
Collapse -
NetObserve
by Marianna Schmudlach / December 15, 2008 1:57 PM PST
Collapse -
W32/AutoRun-CT
by Marianna Schmudlach / December 16, 2008 12:01 AM PST

Category Viruses and Spyware

Type Worm


W32/AutoRun-CT is a worm for the Windows platform.

When first run W32/AutoRun-CT copies itself to:

<Startup>\SinoSiBatman.exe
<Startup>\VisualGayAdvance.exe
<Startup>\eduardo0.exe
<Startup>\psvx.exe
<Root>\SinoSiBatman.exe
<Root>\VisualGayAdvance.exe
<Root>\judith.exe
<Windows>\SinoSiBatman.exe
<Windows>\VisualGayAdvance.exe
<Windows>\eduardo0.exe
<Windows>\judith.exe

and creates the following files:

<Root>\autorun.inf - detected as W32/AutoRun-CT
<Windows>\autorun.inf - detected as W32/AutoRun-CT


http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunct.html?_log_from=rss

Collapse -
Troj/Iframe-BO
by Marianna Schmudlach / December 16, 2008 12:02 AM PST
Collapse -
Troj/Dwnld-B
by Marianna Schmudlach / December 16, 2008 12:03 AM PST
Collapse -
Troj/Bancos-BDB
by Marianna Schmudlach / December 16, 2008 12:04 AM PST
Collapse -
Troj/Agent-HDS
by Marianna Schmudlach / December 16, 2008 12:05 AM PST
Collapse -
Troj/Agent-GLI
by Marianna Schmudlach / December 16, 2008 12:06 AM PST
Collapse -
Mal/Poison-A
by Marianna Schmudlach / December 16, 2008 12:07 AM PST
Collapse -
W32/AutoIt-AL
by Marianna Schmudlach / December 16, 2008 12:08 AM PST
Collapse -
Troj/Fakevir-IJ
by Marianna Schmudlach / December 16, 2008 12:09 AM PST
Collapse -
Troj/Dloadr-CDA
by Marianna Schmudlach / December 16, 2008 12:10 AM PST
Collapse -
Bloodhound.Exploit.214
by Marianna Schmudlach / December 16, 2008 12:52 AM PST
Collapse -
Bloodhound.Exploit.215
by Marianna Schmudlach / December 16, 2008 12:53 AM PST
Collapse -
It's Christmas for cyber-criminals too
by Marianna Schmudlach / December 16, 2008 1:20 AM PST

16 December 2008

According to security company Trend Micro, in 2007, during the key shopping period between September and December, cyber-crime attacks rose by 500 per cent and a similar trend is detectable this year. Trend Micro report that it's also a boom time for the sale of cyber-crime resources. They list twelve such items on the cyber-criminals Christmas shopping lists, along with the typical prices paid.

More: http://www.heise-online.co.uk/security/It-s-Christmas-for-cyber-criminals-too--/news/112265

Collapse -
Suspicious.MH690
by Marianna Schmudlach / December 16, 2008 3:53 AM PST
Collapse -
BKDR_AGENT.VBI.
by Marianna Schmudlach / December 16, 2008 3:56 AM PST

A Word(pad) of Caution

by Roderick Ordo

Collapse -
W32/Sohana-BQ
by Marianna Schmudlach / December 16, 2008 4:08 AM PST
Collapse -
Troj/Vundeb-A
by Marianna Schmudlach / December 16, 2008 4:09 AM PST
Collapse -
Troj/FakeVir-IK
by Marianna Schmudlach / December 16, 2008 4:10 AM PST

Category Viruses and Spyware

Type Trojan

Troj/FakeVir-IK is a fraudulent security product for the Windows platform.

When run the Trojan will attempt to download and install components from a remote website before prentending to scan the computer.

The scan will report phantom infections and agressively request a registration fee to cleanup the non-existant infections.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirik.html?_log_from=rss

Collapse -
Troj/BHO-HD
by Marianna Schmudlach / December 16, 2008 4:11 AM PST
Collapse -
Troj/AutoIT-AM
by Marianna Schmudlach / December 16, 2008 4:11 AM PST
Collapse -
Troj/Agent-HFN
by Marianna Schmudlach / December 16, 2008 4:12 AM PST
Collapse -
Troj/Agent-HEX
by Marianna Schmudlach / December 16, 2008 4:13 AM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!