Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - January 1, 2010

by Marianna Schmudlach / December 31, 2009 11:42 PM PST

Troj/MDrop-CIU

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Drops more malware


Troj/MDrop-CIU is a Trojan for the Windows platform.

Troj/MDrop-CIU includes functionality to steal confidential information.

When Troj/MDrop-CIU is installed it creates the file <Windows>\Fonts\svchost.exe.

Registry entries are created under:

HKCU\Software\Microsoft\Visual Basic

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropciu.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - January 1, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - January 1, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-MBS
by Marianna Schmudlach / December 31, 2009 11:44 PM PST
Collapse -
Troj/Agent-MBR
by Marianna Schmudlach / December 31, 2009 11:45 PM PST

Aliases

* Trojan.Win32.FraudPack.ajlr

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Agent-MBR is a Trojan for the Windows platform.

Troj/Agent-MBR includes functionality to:

- run automatically
- access the internet and communicate with a remote server via HTTP

When Troj/Agent-MBR is installed it creates a scheduled job to run itself.

Troj/Agent-MBR contacts the following servers
thezasite . com
search-online-web . com
maximclock . com
myf2you . com

Registry entries are created under:

HKCU\Software

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmbr.html?_log_from=rss

Collapse -
Troj/Inject-LK
by Marianna Schmudlach / December 31, 2009 11:46 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Troj/Inject-LK is a Trojan for the Windows platform.

Troj/Inject-LK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run Troj/Inject-LK copies itself to <System>\wmispjr.exe.

The following registry entry is changed to run wmispjr.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
Debugger
wmispjr.exe

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
(Default)
<no value>

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
(Default)
<no value>

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
(Default)
<no value>

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjectlk.html?_log_from=rss

Collapse -
Troj/FakeAV-ANC
by Marianna Schmudlach / December 31, 2009 11:47 PM PST
Collapse -
Troj/FakeAV-ANB
by Marianna Schmudlach / December 31, 2009 11:47 PM PST
Collapse -
Backdoor:JS/Agent.A
by Marianna Schmudlach / December 31, 2009 11:55 PM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:JS/Agent.A&ThreatID=-2147336776

Collapse -
Backdoor:Win32/Agent.AFG
by Marianna Schmudlach / December 31, 2009 11:56 PM PST

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Agent.AFG&ThreatID=-2147364484

Collapse -
Backdoor:Win32/Bifrose
by Marianna Schmudlach / December 31, 2009 11:57 PM PST

Aliases
Backdoor.Win32.Bifrose.phc (Kaspersky)
Troj/Bifrose-UV (Sophos)
Backdoor.Bifrose.ZTO (BitDefender)
BackDoor-CEP (McAfee)
Backdoor.Bifrose (Symantec)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
Backdoor:Win32/Bifrose is a backdoor trojan that connects to a remote IP address using either TCP port 81 or a random port. It allows an attacker to access the computer and perform various actions.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Bifrose&ThreatID=-2147479537

Collapse -
Backdoor:Win32/Bifrose.ACI
by Marianna Schmudlach / December 31, 2009 11:58 PM PST

Aliases
Backdoor.Win32.Bifrose.acs (Kaspersky)
BackDoor-CEP.svr (McAfee)
W32/Smalldoor.ANQQ (Norman)
Troj/Bifrose-UP (Sophos)
Backdoor.Win32.Prorat.ac (Sunbelt Software)
Backdoor.Bifrose (Symantec)
BKDR_SMALLDOO.BY (Trend Micro)
Packed/NSPack (VirusBuster)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
Backdoor:Win32/Bifrose.ACI is a backdoor Trojan that allows a remote attacker to access to the compromised computer, and injects its processes into the Windows shell and Internet Explorer.


Symptoms
Symptoms vary among specific samples of this detection however some of the following symptoms may be observed:
Creation of a folder named bitfrost in the <system folder>
Presence of these files:
<system folder>\bitfrost\server.exe
<system folder>\drivers\ctfm0n.exe
<system folder>\services\service.exe
%ProgramFiles%\Bifrost\svchost.exe
Presence of any of these registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\
Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}\
stubpath = <system folder>\bitfrost\server.exe s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\
Installed Components\{B9D86CC7-0AD1-8235-EDD2-8D0FAFEA004B}\
stubpath = <system folder>\drivers\ctfm0n.exe s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\
Installed Components\{061AF0F9-6007-B9B4-96FB-128B2A87067B}
stubpath = <system folder>\services\service.exe s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\
Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
stubpath = %ProgramFiles%\bifrost\svchost.exe s

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Bifrose.ACI&ThreatID=-2147392881

Collapse -
Backdoor:Win32/Bifrose.AE
by Marianna Schmudlach / December 31, 2009 11:59 PM PST

Aliases
Backdoor.Bifrose.ZXE (BitDefender)
W32/Bifrose.ASWB (Norman)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
Backdoor:Win32/Bifrose.AE is an 818,629-byte, win32 executable which sets itself to run on the next system boot and opens up a backdoor that allows unauthorized access and control of the affected system.

Symptoms
System changes

The following system changes may indicate the presence of this malware:
The presence of the following file:
%windir%\bifrost\server.exe
The presence of the following registry modifications:
Sets value: "stubpath"
With data: "%windir%\bifrost\server.exe s"
To subkey: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Bifrose.AE&ThreatID=-2147367278

Collapse -
Backdoor:Win32/Feardoor.B
by Marianna Schmudlach / January 1, 2010 12:00 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Feardoor.B&ThreatID=-2147336779

Collapse -
Backdoor:Win32/Hupigon.CY
by Marianna Schmudlach / January 1, 2010 12:00 AM PST

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Hupigon


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Hupigon.CY&ThreatID=-2147343018

Collapse -
Backdoor:Win32/IRCbot.DL
by Marianna Schmudlach / January 1, 2010 12:01 AM PST

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1608.0
Released: Jan 01, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/IRCbot

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/IRCbot.DL&ThreatID=-2147337181

Collapse -
Backdoor:Win32/Sdbot.BE
by Marianna Schmudlach / January 1, 2010 12:02 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Sdbot

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Sdbot.BE&ThreatID=-2147336783

Collapse -
TrojanSpy:Win32/VB.CD
by Marianna Schmudlach / January 1, 2010 12:03 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/VB.CD&ThreatID=-2147336782

Collapse -
TrojanSpy:Win32/VB.CE
by Marianna Schmudlach / January 1, 2010 12:03 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/VB.CE&ThreatID=-2147336781

Collapse -
Backdoor:Win32/VB.KH
by Marianna Schmudlach / January 1, 2010 12:04 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/VB.KH&ThreatID=-2147336778

Collapse -
Backdoor:Win32/VB.KI
by Marianna Schmudlach / January 1, 2010 12:05 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/VB.KI&ThreatID=-2147336777

Collapse -
VirTool:Win32/Vbinder.AQ
by Marianna Schmudlach / January 1, 2010 12:06 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1608.0
Released: Jan 01, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/Vbinder.AQ&ThreatID=-2147336780

Collapse -
VirTool:Win32/Vbinder.AR
by Marianna Schmudlach / January 1, 2010 12:06 AM PST
Collapse -
Backdoor:ASP/Ace.E
by Marianna Schmudlach / January 1, 2010 12:07 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:ASP/Ace.E&ThreatID=-2147336785

Collapse -
TrojanDownloader:Win32/Agent.MW
by Marianna Schmudlach / January 1, 2010 12:08 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Agent.MW&ThreatID=-2147336786

Collapse -
TrojanDownloader:Win32/Agent.MX
by Marianna Schmudlach / January 1, 2010 12:09 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Agent.MX&ThreatID=-2147336784

Collapse -
TrojanDownloader:Win32/Conhook.A
by Marianna Schmudlach / January 1, 2010 12:10 AM PST

Aliases
Win32/Chisyne!generic (CA)
Trojan-Downloader.Win32.ConHook.q (Kaspersky)
Adware-Virtumundo (McAfee)
W32/Virtumonde.NU (Norman)
VIPRE.Suspicious (Sunbelt Software)
Adware.VirtuMonde (Symantec)
PAK_Generic.001 (Trend Micro)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
TrojanDownloader:Win32/Conhook.A attempts to download content from a remote Web site. TrojanDownloader:Win32/Conhook.A injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access.

Symptoms
The following symptoms may be indicative of a TrojanDownloader:Win32/Conhook.A infection:
Presence of the following keys in the registry:
HKEY_CLASSES_ROOT\CLSID\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D}


More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Conhook.A&ThreatID=-2147336789

Collapse -
Trojan:Win32/FakeDefender.A
by Marianna Schmudlach / January 1, 2010 12:11 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeDefender.A&ThreatID=-2147336790

Collapse -
Trojan:Win32/Ransom.Q
by Marianna Schmudlach / January 1, 2010 12:11 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Ransom.Q&ThreatID=-2147336787

Collapse -
Trojan:Win32/Remhead
by Marianna Schmudlach / January 1, 2010 12:12 AM PST
Collapse -
Trojan:Win32/ServStart.A
by Marianna Schmudlach / January 1, 2010 12:13 AM PST
Collapse -
Trojan:Win32/Sisproc
by Marianna Schmudlach / January 1, 2010 12:14 AM PST
Collapse -
VirTool:Win32/VBInject.DM
by Marianna Schmudlach / January 1, 2010 12:14 AM PST

Encyclopedia entry
Published: Jan 01, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1591.0
Released: Jan 01, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/VBInject.DM&ThreatID=-2147336788

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.