Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - February 5, 2010

by Marianna Schmudlach / February 4, 2010 11:49 PM PST

Troj/Bredo-AT

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 5 February 2010 11:42:33 (GMT)

Troj/Bredo-AT is a Trojan for the Windows platform.

Troj/Bredo-AT includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Bredo-AT communicates via HTTP with the following locations:

195 . 88 . 190 . 36
83 . 133 . 122 . 160


When Troj/Bredo-AT is installed the following files are created:

<Temp>\_ex-08.exe
<Temp>\_ex-68.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbredoat.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - February 5, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - February 5, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeAV-ATB
by Marianna Schmudlach / February 4, 2010 11:50 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry

Protection available since 5 February 2010 11:42:33 (GMT)


Troj/FakeAV-ATB is a Trojan for the Windows platform.

Troj/FakeAV-ATB includes functionality to copy itself to the <System> folder and create files in the <System> folder.

Troj/FakeAV-ATB is a Trojan for the Windows platform.

Troj/FakeAV-ATB includes functionality to copy itself to the <System> folder and create files in the <System> folder.

Collapse -
Troj/Tiotua-CC
by Marianna Schmudlach / February 4, 2010 11:51 PM PST

Aliases

* Bloodhound.Malautoit.2
* Bloodhound.Unknown
* TR/Dropper.Gen
* Packed.Win32.Krap.l
* Worm:AutoIt/Renocide.gen!C
* Worm.Win32.AutoIt.tc

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 5 February 2010 11:42:33 (GMT)

Troj/Tiotua-CC is a Trojan for the Windows platform.

When Troj/Tiotua-CC is installed it creates the file <System>\csrcs.exe.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojtiotuacc.html?_log_from=rss

Collapse -
Troj/Tiotua-CE
by Marianna Schmudlach / February 4, 2010 11:52 PM PST

Aliases

* TR/Dropper.Gen

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 5 February 2010 11:42:33 (GMT)

Troj/Blah is a Trojan for the Windows platform.

Troj/Blah includes functionality to run automatically.

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Run
XPRT

http://www.sophos.com/security/analyses/viruses-and-spyware/trojtiotuace.html?_log_from=rss

Collapse -
JS/Zapcast-A
by Marianna Schmudlach / February 4, 2010 11:52 PM PST
Collapse -
Mal/Wintrim-A
by Marianna Schmudlach / February 4, 2010 11:53 PM PST
Collapse -
Troj/Agent-MJY
by Marianna Schmudlach / February 4, 2010 11:54 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 5 February 2010 10:02:53 (GMT)

Troj/Agent-MJY is a Trojan for the Windows platform.

Troj/Agent-MJY includes functionality to run automatically.

The following registry entry is set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net
www.sbradesco.kit
http

Registry entries are created under:

HKLM\SOFTWARE\Description

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmjy.html?_log_from=rss

Collapse -
Troj/Dloadr-CYK
by Marianna Schmudlach / February 4, 2010 11:54 PM PST
Collapse -
Troj/FakeAV-ATY
by Marianna Schmudlach / February 4, 2010 11:55 PM PST
Collapse -
Troj/Mdrop-CKA
by Marianna Schmudlach / February 4, 2010 11:56 PM PST

Aliases

* VirTool:Win32/Vbinder.gen!G
* TR/Dropper.Gen
* Trojan.Dropper.Gen
* Adware.Gen
* Generic VB.i
* Generic VB.i trojan

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Drops more malware

Protection available since 5 February 2010 10:02:53 (GMT)

Troj/Mdrop-CKA is a Trojan for the Windows platform.

When Troj/Mdrop-CKA is installed the following files are created:

<System>\runwin32.exe
<Root>\a.bat

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

Registry entries are created under:

HKCU\Software\Microsoft\Visual Basic
HKCU\Software\Microsoft

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropcka.html?_log_from=rss

Collapse -
W32/Autorun-AZH
by Marianna Schmudlach / February 4, 2010 11:57 PM PST
Collapse -
Troj/Zbot-LW
by Marianna Schmudlach / February 4, 2010 11:57 PM PST
Collapse -
Troj/FakeAV-ATX
by Marianna Schmudlach / February 4, 2010 11:58 PM PST
Collapse -
Troj/Agent-MJX
by Marianna Schmudlach / February 4, 2010 11:59 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry

Protection available since 5 February 2010 01:36:19 (GMT)

Troj/Agent-MJX is a Trojan for the Windows platform.

Troj/Agent-MJX installs itself to the registry:
HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\windows\load
C:\windows\system32\%RANDOMNAME%.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmjx.html?_log_from=rss

Collapse -
Troj/Cimuz-CX
by Marianna Schmudlach / February 5, 2010 12:00 AM PST
Collapse -
Troj/Agent-MJS
by Marianna Schmudlach / February 5, 2010 12:00 AM PST

Aliases

* PWS:Win32/Zbot.gen!W

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 5 February 2010 04:40:42 (GMT)

Troj/Agent-MJS is a Trojan for the Windows platform.

Troj/Agent-MJS includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder

When Troj/Agent-MJS is installed the following files are created:

<System>\lowsec\local.ds
<System>\lowsec\user.ds
<System>\sdra64.exe
<Root>\no.txt

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmjs.html?_log_from=rss

Collapse -
Worm:Win32/Autorun.WF
by Marianna Schmudlach / February 5, 2010 12:03 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.426.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Autorun.WF&ThreatID=-2147335952

Collapse -
VirTool:Win32/CeeInject.gen!AR
by Marianna Schmudlach / February 5, 2010 12:04 AM PST
Collapse -
VirTool:Win32/VBInject.DR
by Marianna Schmudlach / February 5, 2010 12:05 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.426.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/VBInject.DR&ThreatID=-2147335951

Collapse -
PWS:Win32/Zorbcray.gen!A
by Marianna Schmudlach / February 5, 2010 12:05 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.426.0
Released: Feb 05, 2010


Summary
This threat is classified as a Trojan - Password Stealer. Typically, a password stealing trojan installs a keystroke logger (commonly referred to as a keylogger) which records keystrokes and sends the recorded information to remote attackers. Some keyloggers monitor only keystrokes involved in specific types of web-based transactions. For example, a keylogger may include a component that monitors browser activity, only recording keystrokes when certain bank or ecommerce sites are accessed. Other types of password-stealing trojans include those that capture screenshots in an attempt to bypass graphic-based security measures. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Zorbcray.gen!A&ThreatID=-2147335953

Collapse -
Trojan:Win32/PrivacyCenter
by Marianna Schmudlach / February 5, 2010 12:06 AM PST

Aliases
Fake_AntiSpyware.BKN (AVG)
Win32/FakeAV.ACR (CA)
Win32/Adware.PrivacyComponents (ESET)
not-a-virus:FraudTool.Win32.PrivacyCenter (other)
not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky)
FakeAlert-CP (McAfee)
Troj/PrvCnt-Gen (Sophos)
SpywareGuard2008 (Symantec)

Alert Level (?)
High

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.75.426.0
Released: Feb 05, 2010

Summary
Trojan:Win32/PrivacyCenter is a family of programs that claims to scan for malware and displays fake warnings of ?malicious programs and viruses?. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.

Use Microsoft Windows Defender, the Windows Live safety scanner (http://onecare.live.com/site/en-us/default.htm), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.


Symptoms
System Changes

Symptoms vary among different distributions of Trojan:Win32/PrivacyCenter, however, the presence of the following system changes (or similar) may indicate the presence of this program:
Presence of the following directories, or similar (for example):
%program_files%\privacy center
%application data%\privacy center
Presence of the following registry modifications or similar (for example):
Added value: "agent.exe"
With data: "%program_files%\privacy center\agent.exe"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Added value: "Shell"
With data: "%program_files%\privacy center\pc.exe"
To subkey: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Display of the following images/dialogs, or similar (for example):

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/PrivacyCenter&ThreatID=-2147342888

Collapse -
TrojanSpy:Win32/Bancos.SR
by Marianna Schmudlach / February 5, 2010 12:07 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.SR&ThreatID=-2147335973

Collapse -
TrojanSpy:Win32/Bancos.SS
by Marianna Schmudlach / February 5, 2010 12:08 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.SS&ThreatID=-2147335970

Collapse -
TrojanSpy:Win32/Banker.PL
by Marianna Schmudlach / February 5, 2010 12:08 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banker


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Banker.PL&ThreatID=-2147335979

Collapse -
TrojanSpy:Win32/Banker.VT
by Marianna Schmudlach / February 5, 2010 12:09 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banker


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Banker.VT&ThreatID=-2147335957

Collapse -
Trojan:Win32/Deerpc
by Marianna Schmudlach / February 5, 2010 12:10 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Deerpc&ThreatID=-2147335969

Collapse -
Trojan:Win32/Delf.GV
by Marianna Schmudlach / February 5, 2010 12:10 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delf.GV&ThreatID=-2147335965

Collapse -
Trojan:Win32/Delf.GW
by Marianna Schmudlach / February 5, 2010 12:11 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delf.GW&ThreatID=-2147335964

Collapse -
Trojan:Win32/Delf.GX
by Marianna Schmudlach / February 5, 2010 12:12 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delf.GX&ThreatID=-2147335963

Collapse -
Trojan:Win32/Delf.GY
by Marianna Schmudlach / February 5, 2010 12:12 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delf.GY&ThreatID=-2147335962

Collapse -
Trojan:Win32/Delf.GZ
by Marianna Schmudlach / February 5, 2010 12:13 AM PST

Encyclopedia entry
Published: Feb 05, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.75.422.0
Released: Feb 05, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Delf.GZ&ThreatID=-2147335961

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.