Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - January 1, 2009

Dec 31, 2008 1:50PM PST

Discussion is locked

- Collapse -
Troj/DwnLdr-HMG
Dec 31, 2008 1:51PM PST
- Collapse -
Troj/DwnLdr-HMM
Dec 31, 2008 1:52PM PST
- Collapse -
Troj/DwnLdr-HML
Dec 31, 2008 1:53PM PST
- Collapse -
Troj/DwnLdr-HMK
Dec 31, 2008 1:54PM PST
- Collapse -
Troj/DwnLdr-HMJ
Dec 31, 2008 1:55PM PST
- Collapse -
Troj/DwnLdr-HMI
Dec 31, 2008 1:56PM PST
- Collapse -
Troj/DwnLdr-HMH
Dec 31, 2008 1:57PM PST
- Collapse -
Troj/Bancos-BFA
Dec 31, 2008 1:58PM PST
- Collapse -
Troj/PDFJs-O
Jan 1, 2009 12:31AM PST
- Collapse -
W32/MarioF-J
Jan 1, 2009 12:32AM PST
- Collapse -
Troj/Zlob-AMZ
Jan 1, 2009 12:33AM PST
- Collapse -
Troj/Zapchas-EH
Jan 1, 2009 12:34AM PST
- Collapse -
Troj/JSShell-F
Jan 1, 2009 12:35AM PST
- Collapse -
Troj/DwnLdr-HMF
Jan 1, 2009 12:36AM PST
- Collapse -
Troj/Ducky-A
Jan 1, 2009 12:37AM PST
- Collapse -
Troj/Agent-IMW
Jan 1, 2009 12:38AM PST
- Collapse -
SAHAgent
Jan 1, 2009 12:39AM PST
- Collapse -
The New Year Brings No Relief
Jan 1, 2009 3:23AM PST

1 January 2009

The recent spate of the Waled family of worms continues to spill into the new year.

SophosLabs has recorded two new Waled worms (W32/Waled-E and W32/Waled-F) within the last 24 hours and it looks like this family is pretty much going to be in the news for at least the next couple of days.

On the Spam side, things have also been busy, viagra campaigns continues to keep coming back (like a bad itch). Incredibly, going through the collected data list of suspected malware being sent around, W32/MyDoom-O (!) is still out there - some 2 3 years after it was first discovered - showing the pervasiveness and longetivity of malware.

CheeHui, SophosLabs AU

http://www.sophos.com/security/blog/2009/01/2549.html

- Collapse -
Troj/Tiotua-AC
Jan 1, 2009 7:55AM PST

Aliases Trojan.Win32.Midgare.qoa

Category Viruses and Spyware

Type Trojan

Troj/Tiotua-AC is a Trojan for the Windows platform.

Troj/Tiotua-AC includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Tiotua-AC copies itself to the Windows folder and creates the following files:

<Temporary Internet Files>\Content.IE5\89irkl2n\themegaton[1].htm
<Temporary Internet Files>\Content.IE5\od6fwfox\yahoo[1].htm

The following registry entry is created to run Troj/Tiotua-AC on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
<filename>
<pathname of the Trojan executable>

Troj/Tiotua-AC changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are created under:

HKLM\SOFTWARE\GodLib

http://www.sophos.com/security/analyses/viruses-and-spyware/trojtiotuaac.html?_log_from=rss