Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - February 26, 2010

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - February 26, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Oficla-G

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Troj/DwnLdr-IBM

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 26 February 2010 05:26:02 (GMT)

Troj/DwnLdr-IBM is a Trojan for the Windows platform.

Troj/DwnLdr-IBM includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DwnLdr-IBM communicates via HTTP with the following locations:

a001 . stackmom . com
a002 . stackmom . com
stackmom . com

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldribm.html?_log_from=rss

Collapse -
Troj/DwnLdr-IBL

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Aliases

* TR/Dldr.Agent.koi

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 26 February 2010 05:26:02 (GMT)

Troj/DwnLdr-IBL is a Trojan for the Windows platform.

Troj/DwnLdr-IBL includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DwnLdr-IBL communicates via HTTP with the following locations:

a001 . 1544t . com
a002 . 1544t . com
1544t . com

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldribl.html?_log_from=rss

Collapse -
Troj/JSRedir-AU

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Troj/Banker-EWL

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Apal.A

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Apal.A&ThreatID=-2147335529

Collapse -
TrojanDownloader:Win32/Banload.MD

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.77.75.0
Released: Feb 26, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banload

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Banload.MD&ThreatID=-2147335918

Collapse -
VirTool:Win32/CeeInject.M

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/CeeInject.M&ThreatID=-2147335525

Collapse -
Trojan:HTML/Evoploit.A

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:HTML/Evoploit.A&ThreatID=-2147335527

Collapse -
Trojan:Win32/Helpud.BA

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Helpud.BA&ThreatID=-2147335533

Collapse -
Trojan:Win32/Helpud.BA!dll

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Helpud.BA!dll&ThreatID=-2147335534

Collapse -
Trojan:Win32/Helpud.BB

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Helpud.BB&ThreatID=-2147335532

Collapse -
TrojanDropper:Win32/Malf.gen

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.77.75.0
Released: Feb 26, 2010

Summary
TrojanDropper:Win32/Malf.gen is a generic detection of malware that drops additional malicious files.

Technical Information (Analysis)
TrojanDropper:Win32/Malf.gen is a generic detection of malware that drops additional malicious files.

While malicious files detected as TrojanDropper:Win32/Malf.gen may vary in their specific behavior, an example of the actions of one such 'variant' that was observed in the wild can be seen below:

Payload

Installs Additional Malware
When executed, this trojan drops the file <system folder>\netmlc.dll, and creates a service to load this DLL. This service has the following characteristics:
Display name (one of the following):
Removable Storage Service
Remote Access Manager
Network Sharing Connection
Smart Card Supply
Network Logon Supply
Image path: <system folder>\svchost.exe ?k netsvcs
Parameter: <system folder>\netmlc.dll

Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32.

The file, <system folder>\netmlc.dll, is detected as Backdoor:Win32/Ponadr.A by Microsoft AV solutions.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Malf.gen&ThreatID=-2147372029

Collapse -
Trojan:Win32/Portes.A

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Portes.A&ThreatID=-2147335530

Collapse -
Trojan:JS/Redirector.CH

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:JS/Redirector.CH&ThreatID=-2147335535

Collapse -
PWS:Win32/VB.DD

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is classified as a Trojan - Password Stealer. Typically, a password stealing trojan installs a keystroke logger (commonly referred to as a keylogger) which records keystrokes and sends the recorded information to remote attackers. Some keyloggers monitor only keystrokes involved in specific types of web-based transactions. For example, a keylogger may include a component that monitors browser activity, only recording keystrokes when certain bank or ecommerce sites are accessed. Other types of password-stealing trojans include those that capture screenshots in an attempt to bypass graphic-based security measures. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/VB.DD&ThreatID=-2147335531

Collapse -
TrojanDropper:Win32/VB.FL

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.75.0
Released: Feb 26, 2010


Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/VB.FL&ThreatID=-2147335526

Collapse -
Trojan:Win32/FakeRean

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Aliases
XP AntiSpyware 2009 (other)
XP Security Center (other)
Antivirus Pro 2010 (other)
PC Antispyware 2010 (other)
Home Antivirus 2010 (other)
PC Security 2009 (other)
XP Police Antivirus (other)
AntiSpyware XP 2009 (other)

Alert Level (?)
High

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.77.75.0
Released: Feb 26, 2010

Summary
Trojan:Win32/FakeRean is a family of programs that claim to scan for malware and display fake warnings of malicious files. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. These products may represent themselves as ?Antivirus XP?, ?AntivirusXP 2008?, ?WinDefender 2008?, ?XP Antivirus?, or similar.

Use Microsoft Windows Defender, the Windows Live safety scanner (http://onecare.live.com/site/en-us/default.htm), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeRean&ThreatID=-2147359487

Collapse -
TrojanSpy:Win32/Banker.PT

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.44.0
Released: Feb 25, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banker

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Banker.PT&ThreatID=-2147335538

Collapse -
Trojan:Win32/Malex.gen!A

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!B

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!C

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!D

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!E

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Aliases
Trojan.Win32.Agent.cjgo (Kaspersky)
Trojan.Agent.LKTH (VirusBuster)
Trojan.Generic.1614223 (BitDefender)
Win32/PSW.Sagic.15.E (ESET)
Spy-Agent.dt (McAfee)
:Trj/Agent.MDR (Panda)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.77.44.0
Released: Feb 25, 2010

Summary
Trojan:Win32/Malex.gen!E is a generic detection for certain malicious files that attempt to copy itself in certain folders without the user's consent or knowledge.

Technical Information (Analysis)
Trojan:Win32/Malex.gen!E is a generic detection for certain malicious files that attempt to copy itself in certain folders without the user's consent or knowledge.

The family name "Malex" comes from the phrase "Malicious executable".

Analysis by Francis Allan Tan Seng


More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Malex.gen!E&ThreatID=-2147341190

Collapse -
Trojan:Win32/Malex.gen!F

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!G

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!H

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!I

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Trojan:Win32/Malex.gen!J

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Collapse -
Worm:Win32/Pricbot.A

In reply to: VIRUS \ SPYWARE ALERTS - February 26, 2010

Encyclopedia entry
Published: Feb 26, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.77.44.0
Released: Feb 25, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Pricbot.A&ThreatID=-2147335536

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.