Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - December 3, 2009

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - December 3, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-LWY

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Agent-LWY is a Trojan for the Windows platform. Troj/Agent-LWY includes functionality to:

- run automatically
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/Agent-LWY communicates via HTTP with the following locations:

webcomunicaobr . com
compteam . kinghost . net
varq . com . br

Registry entries are created under:

HKCU\Software\Microsoft\Visual Basic

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlwy.html?_log_from=rss

Collapse -
Troj/Bckdr-RAD

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/Bdoor-AXX

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/DwnLdr-HYS

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/Iframe-CG

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/VB-ELB

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/VB-ELC

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/Agent-LWX

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/DwnLdr-HYP

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Alot Toolbar Installer

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/PDFJs-FL

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/FakeVir-PX

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/FakeVir-PX is a Trojan for the Windows platform.

Troj/FakeVir-PX includes functionality to:

- run automatically
- access the internet and communicate with a remote server via HTTP

Troj/FakeVir-PX communicates via HTTP with the following locations:

winsecure2010 . com

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures
no

HKCU\Software\Microsoft\Internet Explorer\Download
RunInvalidSignatures
0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
LowRiskFileTypes
.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation
0x00000001

Registry entries are created under:

HKCU\Software\Microsoft\Windows Script\Settings

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirpx.html?_log_from=rss

Collapse -
Troj/FakeAV-AJY

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Troj/FakeAV-AJY is a Trojan for the Windows platform.

Troj/FakeAV-AJY includes functionality to:

- run automatically
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/FakeAV-AJY communicates via HTTP with the following locations:

advanced-virus-remover-2011 . com

When Troj/FakeAV-AJY is installed the following files are created:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
<Desktop>\Advanced Virus Remover.lnk
<Start Menu>\Advanced Virus Remover.lnk
<Program Files>\AdvancedVirusRemover\AVR.exe

Registry entries are created under:

HKCU\Software\Mic

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavajy.html?_log_from=rss

Collapse -
Troj/DwnLdr-HYH

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Aliases

* Trojan-Downloader.Win32.Genome.zde
* W32/Downloader

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/DwnLdr-HYH is a Trojan for the Windows platform.

Troj/DwnLdr-HYH includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DwnLdr-HYH communicates via HTTP with the following locations:

disbooks . com

Troj/DwnLdr-HYH attempts to download a copy of Mal/Behav-214.

When Troj/DwnLdr-HYH is installed it creates the file <Windows>\server.dll.

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\DownloadManager

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhyh.html?_log_from=rss

Collapse -
Mal/Vilsel-C

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Mal/FakeDouf-B

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Mal/FakeAV-BX

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Mal/EncPk-LT

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Mal/EncPk-IQ

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/Zbot-KJ

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Zbot-KJ is a Trojan for the Windows platform.

Troj/Zbot-KJ includes functionality to run automatically.

When Troj/Zbot-KJ is installed the following files are created:

<System>\lowsec\local.ds - can be safely removed
<System>\lowsec\user.ds - can be safely removed
<System>\sdra64.exe - detected as Troj/Zbot-KJ

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit

http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotkj.html?_log_from=rss

Collapse -
Troj/Agent-LWN

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/MDrop-CIV

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/Hiloti-Q

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Troj/DwnLdr-HYR

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Collapse -
Adware.Zwunzi

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Updated: December 3, 2009 12:59:34 AM
Type: Adware
Name: Zwunzi
Version: 1.0 build 128
Publisher: zwunzi.com
Risk Impact: High
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
Adware.Zwunzi is an adware program that installs itself as a Browser Search Plugin for Internet Explorer and Mozilla Firefox.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-120300-2741-99

Collapse -
Free Sound Recorder on CNET contains this adware.

In reply to: Adware.Zwunzi

There is sufficient evidence from user reviews and through a simple search engine search that "Free Sound Recorder" (http://download.cnet.com/Free-Sound-Recorder/3000-2168_4-10698910.html) that is available on CNET Download contains the Zwunzi adware.

I myself have discovered it in my Firefox add-on file upon installing this software, and have subsequently removed it.

Is there going to be any investigation into this?

Furthermore, CNET states the program is free, yet does not state the limitation of saving the recorded file.

Collapse -
Free Sound Recorder........

In reply to: Free Sound Recorder on CNET contains this adware.

Hi,

I would suggest reporting at:


Download.com site feedback forum
Create a new thread


The CNET Download.com forum is the place to give feedback about CNET Download.com. If you have suggestions,
gripes or praise, ideas for improvement, trouble with any downloads, or just want to chew the fat with our Download.com
staff, this is the best place to do it.



http://forums.cnet.com/download-site-feedback-forum/?tag=forum-w;xNav

Collapse -
W32.SillyFDC.BBX

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Discovered: December 2, 2009
Updated: December 3, 2009 5:45:23 AM
Type: Worm
Infection Length: 705,283 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.SillyFDC.BBX is a worm that spreads by copying itself to removable and mapped drives. It also drops more malware, attempts to download files, lowers security settings, disables certain system software and alters certain system settings.


http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-120305-1106-99

Collapse -
Trojan:WinCE/Redoc

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Name : Trojan:WinCE/Redoc
Category: Malware
Type: Trojan
Platform: WinCE

Summary
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.


Additional Details
This is the Trojan:WinCE/Redoc family description.

Variants in this family are Trojan that infect Windows Mobile devices and send SMS messages to premium rate phone numbers, without the user's consent. This results in abnormally high phone charges. Alert users may detect the presence of an infection by

This Trojan's behavior is reminiscent of the malicious dialers of yesteryear, except that the targeted device is now a mobiel device rather than a computer connecting to the Internet via a modem.

More: http://www.f-secure.com/v-descs/trojan_wince_redoc.shtml

Collapse -
Trojan:W32/Agent.ANWQ

In reply to: VIRUS \ SPYWARE ALERTS - December 3, 2009

Name : Trojan:W32/Agent.ANWQ
Detection Names : Trojan.Agent.ANWQ
Category: Malware
Type: Trojan
Platform: W32

Summary
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.


Additional Details
F-Secure Anti-Virus may detect certain bitmap images that are dropped by a malicious program as "Trojan.Agent.ANWQ". The presence of this bitmap image on the hard disk usually indicates that the system is infected by a malware.

More: http://www.f-secure.com/v-descs/trojan_w32_agent_anwq.shtml

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.