Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - January 10, 2010

by Marianna Schmudlach / January 9, 2010 10:50 PM PST
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - January 10, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - January 10, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeRean-D
by Marianna Schmudlach / January 9, 2010 10:51 PM PST

Aliases

* Trojan:Win32/FakeRean

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 10 January 2010 04:14:54 (GMT)

Troj/FakeRean-D is a Trojan for the Windows platform.

Troj/FakeRean-D includes functionality to:

- run automatically
- copy itself to the <System> folder
- steal confidential information

When Troj/FakeRean-D is installed it creates the file <System>\b4dqrvvvffb7.exe.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakereand.html?_log_from=rss

Collapse -
Troj/FakeAV-AOW
by Marianna Schmudlach / January 9, 2010 10:52 PM PST
Collapse -
Troj/FakeAV-AOV
by Marianna Schmudlach / January 9, 2010 10:52 PM PST
Collapse -
Troj/FakeAV-AOU
by Marianna Schmudlach / January 9, 2010 10:53 PM PST
Collapse -
W32/Koobface-AF
by Marianna Schmudlach / January 9, 2010 10:54 PM PST
Collapse -
VBS/Autorun-DR
by Marianna Schmudlach / January 9, 2010 10:55 PM PST

Category

* Viruses and Spyware

Type

* Worm


Affected operating systems Windows
Characteristics

* Installs itself in the registry


VBS/Autorun-DR is a worm which includes functionality to access the internet and communicate with a remote server via HTTP.

When first run VBS/Autorun-DR copies itself to:

<System>\wbem\xiao.vbs
<System>\xiao.vbs

and creates the file <Temp>\.pif.

The following registry entry is created to run xiao.vbs on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Explorer
xiao.vbs

http://www.sophos.com/security/analyses/viruses-and-spyware/vbsautorundr.html?_log_from=rss

Collapse -
Troj/RegExec-A
by Marianna Schmudlach / January 9, 2010 10:55 PM PST
Collapse -
Troj/FakeRean-G
by Marianna Schmudlach / January 9, 2010 10:56 PM PST
Collapse -
Mal/Geral-A
by Marianna Schmudlach / January 9, 2010 10:57 PM PST
Collapse -
Troj/FakeAV-AOT
by Marianna Schmudlach / January 9, 2010 10:58 PM PST
Collapse -
Troj/FakeAV-AOS
by Marianna Schmudlach / January 9, 2010 10:59 PM PST

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry

Protection available since 10 January 2010 00:06:58 (GMT)

Troj/FakeAV-AOS is a fake security program.

When Troj/FakeAV-AOS is installed the following files are created:

<System>\smss32.exe
<System>\warning.html
<System>\winlogon32.exe

The following registry entry is created to run smss32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
smss32.exe
<System>\smss32.exe

The following registry entry is changed to run winlogon32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\winlogon32.exe

The following registry entry is set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0x00000001

Registry entries are set as follows:

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavaos.html?_log_from=rss

Collapse -
Troj/FakeAV-AOR
by Marianna Schmudlach / January 9, 2010 11:00 PM PST
Collapse -
Troj/FakeAV-AOO
by Marianna Schmudlach / January 9, 2010 11:00 PM PST
Collapse -
Troj/Agent-MDB
by Marianna Schmudlach / January 9, 2010 11:01 PM PST
Collapse -
W32.Koobface!gen2
by Marianna Schmudlach / January 9, 2010 11:03 PM PST
Collapse -
Trojan.Bredolab!gen6
by Marianna Schmudlach / January 9, 2010 11:03 PM PST
Collapse -
IRC/Flood.gen.h
by Marianna Schmudlach / January 9, 2010 11:05 PM PST

Type
Trojan

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics
Characteristics -


Upon execution malware drops the following files:

%System%\nvsv32.exe - copy of itself
%AppData%\SystemProc\lsass.exe - IRC/flood
c:\confin.sys
%ProgramFiles%\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
%ProgramFiles%\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
%ProgramFiles%\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

and also copies itself with ramdom names (with antivirus names eg ., Ad-aware 2009.exe,BitDefender AntiVirus 2009 Keyge) in the following directories:

More: http://vil.nai.com/vil/content/v_252981.htm

Collapse -
PWS-Zbot.gen.ab
by Marianna Schmudlach / January 9, 2010 11:06 PM PST

Type
Trojan
SubType
Generic

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics
Characteristics -

Upon execution malware drops the following files:

%system%\sdra64.exe -copy of itself
%system%\lowsec\local.ds - information files
%system%\lowsec\user.ds
%system%\lowsec\user.ds.lll

When the malware is succeed , It creates new memory page in the address space of svchost process:

Svchost.exe

The following hidden directory is created:
%System%\lowsec



The following Registry Keys are created:

More: http://vil.nai.com/vil/content/v_249805.htm

Collapse -
Worm:Win32/Autorun.VY
by Marianna Schmudlach / January 9, 2010 11:07 PM PST

Encyclopedia entry
Published: Jan 10, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1996.0
Released: Jan 10, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Autorun.VY&ThreatID=-2147336558

Collapse -
Backdoor:Win32/IRCbot.EE
by Marianna Schmudlach / January 9, 2010 11:07 PM PST

Encyclopedia entry
Published: Jan 10, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1996.0
Released: Jan 10, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/IRCbot

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/IRCbot.EE&ThreatID=-2147336557

Collapse -
Backdoor:Win32/Visel.F
by Marianna Schmudlach / January 9, 2010 11:08 PM PST

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.1996.0
Released: Jan 10, 2010

Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Visel.F&ThreatID=-2147342130

Collapse -
Trojan:Win32/Sisron
by Marianna Schmudlach / January 9, 2010 11:09 PM PST
Collapse -
Trojan:Win32/Dnschanger.L
by Marianna Schmudlach / January 9, 2010 11:10 PM PST

Encyclopedia entry
Published: Jan 10, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.1992.0
Released: Jan 10, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Dnschanger.L&ThreatID=-2147336559

Collapse -
Worm:Win32/Yoybot
by Marianna Schmudlach / January 9, 2010 11:11 PM PST
Collapse -
HackTool:Win32/CCProxy
by Marianna Schmudlach / January 9, 2010 11:11 PM PST
Collapse -
Trojan:Win32/Sisproc
by Marianna Schmudlach / January 9, 2010 11:12 PM PST
Collapse -
Trojan:Win32/Pirpi.A
by Marianna Schmudlach / January 9, 2010 11:13 PM PST
Collapse -
Trojan:Win32/Puppetzombie
by Marianna Schmudlach / January 9, 2010 11:14 PM PST
Collapse -
Trojan:Win32/Refpron
by Marianna Schmudlach / January 9, 2010 11:15 PM PST
Collapse -
Trojan:Win32/Refpron.F
by Marianna Schmudlach / January 9, 2010 11:15 PM PST
Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.