 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/FakeVir-IY
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeviriy.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhme.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/DownLnk-B is a Windows Shortcut (.lnk) file which executes a command prompt with paramaters to download and execute a file from the internet.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdownlnkb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcdx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcdw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcdv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcdu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhoiy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimq.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimo.html?_log_from=rss
Malware type: Worm
This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may arrive bundled with malware packages as a malware component.
It drops copies of itself. This technique prevents dropping of several copies of itself on already affected systems. It also locks its dropped copy to prevent users from reading, writing, and deleting it.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries.
It drops a copy of itself in all available removable and network drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It creates mutex(es) to ensure that only one instance of itself is running in memory.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDOWNAD%2EAD
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32confickc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Renos-CF is a Trojan for the Windows platform.
When run Troj/Renos-CF creates the file <System>\msxml71.dll (detected as Troj/Renos-CF) and creates the following registry entries:
HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\InprocServer32
ThreadingModel
Apartment
HKCR\{500BCA15-57A7-4eaf-8143-8C619470B13D}
Install
OK
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}
(default)
XML module
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrenoscf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeviriz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimt.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentims.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimr.html?_log_from=rss
Category Adware or PUA
Type Adware
Affected operating systems Windows
http://www.sophos.com/security/analyses/adware-and-puas/internetspeedmon_0vOYXIId.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobamc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsaxj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbvq.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavhw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavhu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcdy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-IMV is a Trojan that may arrive in an email as "Christmas Monkeys.exe".
When run Troj/Agent-IMV will attempt to install a file detected as Mal/RootKit-A.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-IMU is a Trojan for the Windows platform.
When run the Trojan will copy itself to the system folder as the file csrcs.exe and set the following registry to ensure that it is executed on system restart.
HKLM\Software\Microsoft\Windows\Current Version\Policies\Explorer\Run\Csrcs
<system>\csrcs.exe
Malicious behaviours of Troj/Agent-IMU will be detected and prevented by the following HIPS Runtime Behavior Analysis rules:
HIPS/FileMod-001
HIPS/ProcMod-002
HIPS/RegMod-002
HIPS/RegMod-012
HIPS/RegMod-009
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentimm.html?_log_from=rss
Aliases AdWare.Win32.TrafficSol
Win32/Adware.GooochiBiz
Category Adware or PUA
Type Adware
SuperiorAds is an adware-related application, including a plugin for Microsoft Internet Explorer.
SuperiorAds installs a Browser Helper Object with registry entries set under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SuperiorAds may also have a run-key registry entry set to re-register the plugin on startup using the existing <System>\rundll32.exe application.
http://www.sophos.com/security/analyses/adware-and-puas/superiorads.html?_log_from=rss
Updated: December 31, 2008 12:40:37 PM
Type: Misleading Application
Name: ExpressAntiVirus2009
Publisher: ExpressAntiVirus2009.com
BehaviorExpressAntiVirus2009 is a misleading application that may give exaggerated reports of threats on the computer
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-123111-2625-99
Updated: December 31, 2008 4:28:10 PM
Type: Spyware
Name: Net Screen Watcher
Version: 1.0.0.0
Publisher: Net Screen Watcher Soft
BehaviorSpyware.NetScreenWatch is a spyware program that monitors user activity on the compromised computer.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-123115-5458-99
Category Viruses and Spyware
Type Malicious Behavior
Mal/EncPk-EM is a program that has been packed with a protection system typically used by malware authors.
http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkem.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic