Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - February 2, 2009

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - February 2, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - February 2, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloadr-CFX

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
WORM_AQPLAY.A.

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Google Video Searches Being Poisoned

The Yahoo! open search redirection threat we blogged about just days ago may be from a totally different cybercriminal gang, but this new blackhat SEO poisoning makes clear that online search tools are quickly becoming favorite platforms for online criminals in their operations.

Search traffic on Google Video were found to be polluted: instead of legitimate videos researchers found some 400,000 queries returning video results that have a single redirection point, and one that eventually leads to malware download and execution.

Trend Micro detects the malicious executable as WORM_AQPLAY.A. This worm - file name FlashPlayer.v3.181.exe and from that alone one can already guess the social engineering strategy - spreads via removable and network drives when autorun is enabled. It masquerades as an Adobe Flash installer, which users who visit certain spoofed versions of video streaming websites are prompted to download and install.

More: http://blog.trendmicro.com/

Collapse -
Troj/Banker-EPD

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITG

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Zbot-CE

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/SWFdldr-M

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/FakeAV-KF

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Dload-EY

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Bckdr-QRM

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITH

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Mal/EncPk-GS

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Black hats poison Google video search

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Game for a hack

By John Leyden
2nd February 2009

Miscreants have poisoned Google Video search results in a bid to trick the unwary into getting infected with malware.

Instead of video clips, researchers at Trend Micro discovered that around 400,000 queries returning malicious results that lead to a single redirection point, which leads onto an array of maliciously constructed websites designed to load malware onto vulnerable Windows PCs. The strain of malware spread using the attack - named as AQPlay-A by Trend Micro - poses as a Abode Flash Player update that's supposedly needed to view video content.

Running the software on unprotected PCs leads to infection. The malware is also programmed to spread via removable and network drives.

More: http://www.theregister.co.uk/2009/02/02/google_video_search_poisoned/

Collapse -
W32/Karab-A

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Category Viruses and Spyware

Type Worm

W32/Karab-A is a USB aware worm.

W32/Karab-A may display a picture of Barack Obama on your computer.

When W32/Karab-A infects it will copy itself to many areas on the system. Folders will have a file created in them with the name "<Folder Name> .exe" and "readme.txt .exe" (typically ~90 spaces).

W32/Karab-A will also create:

Autorun.inf
Sandisk.exe
Bootsect.dll
"readme.txt .exe"

http://www.sophos.com/security/analyses/viruses-and-spyware/w32karaba.html?_log_from=rss

Collapse -
Troj/Skintrim-M

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/FakeAV-KG

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-KG is a Trojan for the Windows platform.

When first run Troj/FakeAV-KG copies itself to <Program Files>\RealAV\RealAV.exe and creates the following files:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk
<Desktop>\RealAV.lnk
<Start Menu\Programs>\RealAV\RealAV.lnk
<Program Files>\RealAV\vscan.tsi
<Program Files>\RealAV\zlib.dll

The following registry entry is created to run RealAV.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RealAV.exe
<Program Files>\RealAV\RealAV.exe

Registry entries are created under:

HKCU\Software\RealAV


http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavkg.html?_log_from=rss

Collapse -
Troj/Agent-ITI

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Mal/Behav-229

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Bckdr-QRN

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Aliases Trojan:Win32/Obduran.A
Trojan-Proxy.Win32.Small.mu
Backdoor.Win32.Agent.adji

Category Viruses and Spyware

Type Trojan

When first run Troj/Bckdr-QRN creates the following files:

<Windows>\services.exe - copy of Troj/Bckdr-QRN
<Windows>\adobe.bat - detected as Troj/Bdoor-ASH
<Windows>\_id.dat - zero byte file
<Windows>\file.bat - bat file which attempts to stop the firewall

The following registry values are set to run Troj/Bckdr-QRN

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqrn.html?_log_from=rss

Collapse -
Troj/Agent-ITO

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITN

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITM

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITL

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITK

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Troj/Agent-ITJ

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Mal/Zlob-S

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Mal/SpyAgent-B

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
Mal/DarkMoon-A

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Collapse -
TROJ_DROPPER.BUZ

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Malware type: Trojan

Malware Overview


This Trojan may be downloaded from remote site(s) by other malware, specifically WORM_SILLY.KAX. It may be downloaded by the said worm from certain remote sites.

It drops a file that is also detected as WORM_SILLY.KAX. As a result, routines of the said file are also exhibited on the affected system.

It uses instant messenger applications to send messages containing a link to a copy of WORM_SILLY.KAX.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDROPPER%2EBUZ

Collapse -
TROJ_INJECT.XAXT

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Malware type: Trojan

Malware Overview


This Trojan may be downloaded from remote site(s) by JS_OBFUS.TRSA. It may be downloaded from certain remote sites.

Upon execution, it drops files. It modifies registry entries to enable its automatic execution at every system startup.

It restarts the affected system. It opens a hidden Internet Explorer window to connect to a Web site to possibly download files. However, the said Web site is inaccessible at the time of this writing.

It deletes itself after execution.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FINJECT%2EXAXT

Collapse -
Troj/Pushdo-AG

In reply to: VIRUS \ Spyware ALERTS - February 2, 2009

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.