Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - December 3, 2009

by Marianna Schmudlach / December 2, 2009 10:37 PM PST
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - December 3, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-LWY
by Marianna Schmudlach / December 2, 2009 10:38 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Agent-LWY is a Trojan for the Windows platform. Troj/Agent-LWY includes functionality to:

- run automatically
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/Agent-LWY communicates via HTTP with the following locations:

webcomunicaobr . com
compteam . kinghost . net
varq . com . br

Registry entries are created under:

HKCU\Software\Microsoft\Visual Basic

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlwy.html?_log_from=rss

Collapse -
Troj/Bckdr-RAD
by Marianna Schmudlach / December 2, 2009 10:38 PM PST
Collapse -
Troj/Bdoor-AXX
by Marianna Schmudlach / December 2, 2009 10:39 PM PST
Collapse -
Troj/DwnLdr-HYS
by Marianna Schmudlach / December 2, 2009 10:40 PM PST
Collapse -
Troj/Iframe-CG
by Marianna Schmudlach / December 2, 2009 10:40 PM PST
Collapse -
Troj/VB-ELB
by Marianna Schmudlach / December 2, 2009 10:41 PM PST
Collapse -
Troj/VB-ELC
by Marianna Schmudlach / December 2, 2009 10:42 PM PST
Collapse -
Troj/Agent-LWX
by Marianna Schmudlach / December 2, 2009 10:43 PM PST
Collapse -
Troj/DwnLdr-HYP
by Marianna Schmudlach / December 2, 2009 10:43 PM PST
Collapse -
Alot Toolbar Installer
by Marianna Schmudlach / December 2, 2009 10:44 PM PST
Collapse -
Troj/PDFJs-FL
by Marianna Schmudlach / December 2, 2009 10:46 PM PST
Collapse -
Troj/FakeVir-PX
by Marianna Schmudlach / December 2, 2009 10:47 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/FakeVir-PX is a Trojan for the Windows platform.

Troj/FakeVir-PX includes functionality to:

- run automatically
- access the internet and communicate with a remote server via HTTP

Troj/FakeVir-PX communicates via HTTP with the following locations:

winsecure2010 . com

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures
no

HKCU\Software\Microsoft\Internet Explorer\Download
RunInvalidSignatures
0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
LowRiskFileTypes
.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation
0x00000001

Registry entries are created under:

HKCU\Software\Microsoft\Windows Script\Settings

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirpx.html?_log_from=rss

Collapse -
Troj/FakeAV-AJY
by Marianna Schmudlach / December 2, 2009 10:48 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Troj/FakeAV-AJY is a Trojan for the Windows platform.

Troj/FakeAV-AJY includes functionality to:

- run automatically
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/FakeAV-AJY communicates via HTTP with the following locations:

advanced-virus-remover-2011 . com

When Troj/FakeAV-AJY is installed the following files are created:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
<Desktop>\Advanced Virus Remover.lnk
<Start Menu>\Advanced Virus Remover.lnk
<Program Files>\AdvancedVirusRemover\AVR.exe

Registry entries are created under:

HKCU\Software\Mic

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavajy.html?_log_from=rss

Collapse -
Troj/DwnLdr-HYH
by Marianna Schmudlach / December 2, 2009 10:48 PM PST

Aliases

* Trojan-Downloader.Win32.Genome.zde
* W32/Downloader

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/DwnLdr-HYH is a Trojan for the Windows platform.

Troj/DwnLdr-HYH includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DwnLdr-HYH communicates via HTTP with the following locations:

disbooks . com

Troj/DwnLdr-HYH attempts to download a copy of Mal/Behav-214.

When Troj/DwnLdr-HYH is installed it creates the file <Windows>\server.dll.

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\DownloadManager

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhyh.html?_log_from=rss

Collapse -
Mal/Vilsel-C
by Marianna Schmudlach / December 2, 2009 10:49 PM PST
Collapse -
Mal/FakeDouf-B
by Marianna Schmudlach / December 2, 2009 10:50 PM PST
Collapse -
Mal/FakeAV-BX
by Marianna Schmudlach / December 2, 2009 10:51 PM PST
Collapse -
Mal/EncPk-LT
by Marianna Schmudlach / December 2, 2009 10:51 PM PST
Collapse -
Mal/EncPk-IQ
by Marianna Schmudlach / December 2, 2009 10:52 PM PST
Collapse -
Troj/Zbot-KJ
by Marianna Schmudlach / December 2, 2009 10:53 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Zbot-KJ is a Trojan for the Windows platform.

Troj/Zbot-KJ includes functionality to run automatically.

When Troj/Zbot-KJ is installed the following files are created:

<System>\lowsec\local.ds - can be safely removed
<System>\lowsec\user.ds - can be safely removed
<System>\sdra64.exe - detected as Troj/Zbot-KJ

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit

http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotkj.html?_log_from=rss

Collapse -
Troj/Agent-LWN
by Marianna Schmudlach / December 2, 2009 10:54 PM PST
Collapse -
Troj/MDrop-CIV
by Marianna Schmudlach / December 2, 2009 10:54 PM PST
Collapse -
Troj/Hiloti-Q
by Marianna Schmudlach / December 2, 2009 10:55 PM PST
Collapse -
Troj/DwnLdr-HYR
by Marianna Schmudlach / December 2, 2009 10:56 PM PST
Collapse -
Adware.Zwunzi
by Marianna Schmudlach / December 2, 2009 10:57 PM PST

Updated: December 3, 2009 12:59:34 AM
Type: Adware
Name: Zwunzi
Version: 1.0 build 128
Publisher: zwunzi.com
Risk Impact: High
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
Adware.Zwunzi is an adware program that installs itself as a Browser Search Plugin for Internet Explorer and Mozilla Firefox.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-120300-2741-99

Collapse -
Free Sound Recorder on CNET contains this adware.
by nezzle / December 8, 2009 10:26 PM PST
In reply to: Adware.Zwunzi

There is sufficient evidence from user reviews and through a simple search engine search that "Free Sound Recorder" (http://download.cnet.com/Free-Sound-Recorder/3000-2168_4-10698910.html) that is available on CNET Download contains the Zwunzi adware.

I myself have discovered it in my Firefox add-on file upon installing this software, and have subsequently removed it.

Is there going to be any investigation into this?

Furthermore, CNET states the program is free, yet does not state the limitation of saving the recorded file.

Collapse -
Free Sound Recorder........
by Marianna Schmudlach / December 9, 2009 12:08 AM PST

Hi,

I would suggest reporting at:


Download.com site feedback forum
Create a new thread


The CNET Download.com forum is the place to give feedback about CNET Download.com. If you have suggestions,
gripes or praise, ideas for improvement, trouble with any downloads, or just want to chew the fat with our Download.com
staff, this is the best place to do it.



http://forums.cnet.com/download-site-feedback-forum/?tag=forum-w;xNav

Collapse -
W32.SillyFDC.BBX
by Marianna Schmudlach / December 2, 2009 10:58 PM PST

Discovered: December 2, 2009
Updated: December 3, 2009 5:45:23 AM
Type: Worm
Infection Length: 705,283 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.SillyFDC.BBX is a worm that spreads by copying itself to removable and mapped drives. It also drops more malware, attempts to download files, lowers security settings, disables certain system software and alters certain system settings.


http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-120305-1106-99

Collapse -
Trojan:WinCE/Redoc
by Marianna Schmudlach / December 2, 2009 11:00 PM PST

Name : Trojan:WinCE/Redoc
Category: Malware
Type: Trojan
Platform: WinCE

Summary
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.


Additional Details
This is the Trojan:WinCE/Redoc family description.

Variants in this family are Trojan that infect Windows Mobile devices and send SMS messages to premium rate phone numbers, without the user's consent. This results in abnormally high phone charges. Alert users may detect the presence of an infection by

This Trojan's behavior is reminiscent of the malicious dialers of yesteryear, except that the targeted device is now a mobiel device rather than a computer connecting to the Internet via a modem.

More: http://www.f-secure.com/v-descs/trojan_wince_redoc.shtml

Collapse -
Trojan:W32/Agent.ANWQ
by Marianna Schmudlach / December 2, 2009 11:01 PM PST

Name : Trojan:W32/Agent.ANWQ
Detection Names : Trojan.Agent.ANWQ
Category: Malware
Type: Trojan
Platform: W32

Summary
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.


Additional Details
F-Secure Anti-Virus may detect certain bitmap images that are dropped by a malicious program as "Trojan.Agent.ANWQ". The presence of this bitmap image on the hard disk usually indicates that the system is infected by a malware.

More: http://www.f-secure.com/v-descs/trojan_w32_agent_anwq.shtml

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?