Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - December 30, 2008

by Marianna Schmudlach / December 29, 2008 10:15 AM PST
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - December 30, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - December 30, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/MDrop-BUY
by Marianna Schmudlach / December 29, 2008 10:16 AM PST
Collapse -
Troj/AdClick-FH
by Marianna Schmudlach / December 29, 2008 10:17 AM PST
Collapse -
PlayMp3
by Marianna Schmudlach / December 29, 2008 10:18 AM PST
Collapse -
Hotbar
by Marianna Schmudlach / December 29, 2008 10:19 AM PST

Category Adware or PUA

Type Adware

Hotbar is advertising supported software from www.hotbar.com, www.wowpapers.com and www.easyscreensavers.com.

Hotbar consists of plugins for Microsoft Internet Explorer and Microsoft Outlook or Outlook Express.

When the browser is active Hotbar delivers advertisements (specific to the sites visited) in the form of links and popup ads.

Advertising links are added to outgoing email messages.

Hotbar may download and install updates of its software at any time without notification that it is doing so.

When Hotbar is installed the following files and folders are typically created:

http://www.sophos.com/security/analyses/adware-and-puas/hotbar.html?_log_from=rss

Collapse -
Trojan.Downexec.C!inf
by Marianna Schmudlach / December 29, 2008 10:23 AM PST
Collapse -
W32/Sdbot.worm!3AFA6720
by Marianna Schmudlach / December 29, 2008 10:25 AM PST

Type Virus SubType Internet Worm

Characteristics -

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following exploits may be used for this worms spread:

http://vil.mcafeesecurity.com/vil/content/v_153691.htm

Collapse -
Troj/Mdrop-BVN
by Marianna Schmudlach / December 29, 2008 11:29 PM PST
Collapse -
Troj/Mdrop-BVB
by Marianna Schmudlach / December 29, 2008 11:30 PM PST
Collapse -
Troj/DocDrop-F
by Marianna Schmudlach / December 29, 2008 11:31 PM PST
Collapse -
Troj/Dloadr-CDS
by Marianna Schmudlach / December 29, 2008 11:32 PM PST
Collapse -
Troj/Dload-ES
by Marianna Schmudlach / December 29, 2008 11:33 PM PST
Collapse -
Troj/Bckdr-QQU
by Marianna Schmudlach / December 29, 2008 11:34 PM PST
Collapse -
Troj/Bckdr-QQT
by Marianna Schmudlach / December 29, 2008 11:35 PM PST
Collapse -
Troj/Agent-IMN
by Marianna Schmudlach / December 29, 2008 11:35 PM PST
Collapse -
Troj/Agent-IMM
by Marianna Schmudlach / December 29, 2008 11:36 PM PST
Collapse -
Troj/Agent-IML
by Marianna Schmudlach / December 29, 2008 11:37 PM PST
Collapse -
SuperJuan
by Marianna Schmudlach / December 29, 2008 11:39 PM PST
Collapse -
Trojan.Downexec.C
by Marianna Schmudlach / December 30, 2008 12:04 AM PST
Collapse -
Email-Worm:W32/Waledac.A
by Marianna Schmudlach / December 30, 2008 12:06 AM PST

Name : Email-Worm:W32/Waledac.A
Aliases : Trojan:W32/Waledac.A (Microsoft)

Size: 387072
Type: Email-Worm
Category: Malware
Platform: W32

Summary
This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.

http://www.f-secure.com/v-descs/email-worm_w32_waledac_a.shtml

Collapse -
W32/SdBot-DKH
by Marianna Schmudlach / December 30, 2008 12:43 AM PST

Category Viruses and Spyware

Type Worm

W32/SdBot-DKH is a worm for the Windows platform.

When first run W32/SdBot-DKH copies itself to <System>\msddll.exe.

The file msddll.exe is registered as a new system driver service named "msddll", with a display name of "msddll" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\msddll

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions
GON
<pathname of the Trojan executable>

W32/SdBot-DKH may attempt to spread over weakly protected network shares and via exploiting MS04-011.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdkh.html?_log_from=rss

Collapse -
Troj/FakeVir-IX
by Marianna Schmudlach / December 30, 2008 12:44 AM PST
Collapse -
Troj/Dloadr-CDT
by Marianna Schmudlach / December 30, 2008 12:45 AM PST
Collapse -
Troj/Agent-IMC
by Marianna Schmudlach / December 30, 2008 12:46 AM PST
Collapse -
W32.Downadup.B
by Marianna Schmudlach / December 30, 2008 1:58 AM PST
Collapse -
Exploit:SymbOS/SMSCurse.A
by Marianna Schmudlach / December 30, 2008 1:59 AM PST

Name : Exploit:SymbOS/SMSCurse.A
Detection Names : Exploit:SymbOS/SMSCurse.A

Type: Exploit
Category: Malware
Platform: SymbOS

Summary
Exploit:/SymbOS/SMSCurse.A is a Denial-of-Service (DoS) exploit that affects messaging components of phones that use Symbian Series 60 versions 2.6, 2.8, 3.0, 3.1, and Sony Ericsson UiQ devices.

When the exploit crashes SMS messaging on a phone, the phone remains otherwise completely functional. The only effect is that it cannot receive any new SMS/MMS messages.

http://www.f-secure.com/v-descs/exploit_symbos_smscurse_a.shtml

Collapse -
W32/Confick-C
by Marianna Schmudlach / December 30, 2008 3:47 AM PST
Collapse -
Troj/Agent-IMP
by Marianna Schmudlach / December 30, 2008 3:48 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?