Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - January 12, 2010

Troj/FakeAV-APH

Aliases

* Trojan:Win32/FakeXPA

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 12 January 2010 06:20:36 (GMT)

Troj/FakeAV-APH is a Trojan for the Windows platform.

Troj/FakeAV-APH includes functionality to:

- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/FakeAV-APH communicates via HTTP with the following locations:

win-matrix . com

Registry entries are created under:

HKLM\SOFTWARE\33928A1ABF2B60F9A4876AE7068C8604

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavaph.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - January 12, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeAV-APG

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Aliases

* FakeAlert-IO trojan

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 12 January 2010 06:20:36 (GMT)

Troj/FakeAV-APG is a Trojan for the Windows platform.

Troj/FakeAV-APG includes functionality to:

- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/FakeAV-APG communicates via HTTP with the following locations:

win-matrix . com


The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

Registry entries are created under:

HKLM\SOFTWARE\33928A1ABF2B60F9A4876AE7068C8604

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavapg.html?_log_from=rss

Collapse -
Troj/DwnLdr-HZV

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 12 January 2010 06:20:36 (GMT)

Troj/DwnLdr-HZV is a Trojan for the Windows platform.

Troj/DwnLdr-HZV includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DwnLdr-HZV communicates via HTTP with the following locations:

greatnorthwill . com
download . cnet . com


The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

Registry entries are created under:

HKCU\Software\EVAC49
HKCU\Software

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhzv.html?_log_from=rss

Collapse -
W32/AutoIt-IA

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/PDFJs-GP

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/PDFJs-FU

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/Loader-H

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/JSRedir-AN

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/Agent-MDM

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Aliases

* W32/Obfuscated.EA
* Trojan:Win32/LockScreen.gen!A

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 12 January 2010 11:38:40 (GMT)

Troj/Agent-MDM is a Trojan for the Windows platform.

Troj/Agent-MDM includes functionality to run automatically and create batch scripts.

When Troj/Agent-MDM is installed it copies itself <Program Files>\plugin.exe.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmdm.html?_log_from=rss

Collapse -
Troj/Agent-MDL

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Aliases

* TR/Dropper.Gen
* W32/Obfuscated.EA

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 12 January 2010 11:38:40 (GMT)

Troj/Agent-MDL is a Trojan for the Windows platform.

Troj/Agent-MDL includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder

When Troj/Agent-MDL is installed the following files are created:

<System>\lowsec\local.ds
<System>\lowsec\user.ds
<System>\sdra64.exe which is also detected as Troj/Agent-MDL

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmdl.html?_log_from=rss

Collapse -
Dynamic mIRC Utilities

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Command Line Process Utility

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
114 index

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/MDrop-CJT

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Troj/MDrop-CJS

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Email-Worm:MSIL/Agent.MXK

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
W32.Gammima.AG!gen2

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
Trojan.FakeAV!gen15

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Collapse -
W32.Spyrat

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Discovered: January 12, 2010
Updated: January 12, 2010 12:27:03 PM
Type: Worm
Infection Length: 290,304 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.Spyrat is a worm that copies itself using removable drives and file-sharing networks. It also opens a back door on the computer.


http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-011211-1602-99

Collapse -
Trojan-Downloader:W32/DLoader

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Name : Trojan-Downloader:W32/DLoader
Category: Malware
Type: Trojan-Downloader
Platform: W32

Summary
A trojan that secretly downloads malicious files from a remote server, then installs and executes the files.


Additional Details
This trojan-downloader was discovered on June 7th 2000.

It has been posted to several newsgroups as "QuickFlick.mpg.exe". Once executed, this file tries to download and run from the web location SubSeven backdoor.

For further information about SubSeven, see the description:

? http://www.f-secure.com/v-descs/subseven.shtml

F-Secure Anti-Virus products detect the SubSeven backdoor.


http://www.f-secure.com/v-descs/trojan-downloader_w32_dloader.shtml

Collapse -
Win32/Koobface.B!generic

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Date Published:
12 Jan 2010

Last Updated:
12 Jan 2010

Characteristics

Type : Worm

Category : Win32

Also known as: W32.Koobface!gen1 (Symantec), Win32/Koobface.B (CA), W32/Koobface.worm (McAfee)


Description
Win32/Koobface.B is a variant of Koobface worm, which spreads through social networking sites like MySpace and Facebook, and is spreading through micro-blogging website Twitter.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80834

Collapse -
Win32/SecurityTool Family

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Date Published:
12 Jan 2010

Last Updated:
12 Jan 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Trojan.Win32.FraudPack.wso (Kaspersky)


Description
Win32/SecurityTool is a family of malware that disguises itself as a legitimate system security product and goes by the name "Security Tool". It displays various fake pop-up infection messages, deceiving warnings and false scan results.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80835

Collapse -
Win32/InternetSecurity2010 Family

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Characteristics

Type : Trojan

Category : Win32

Also known as: Trojan:Win32/FakeXPA (Microsoft)


Description
Win32/InternetSecurity2010 is a family of malware that disguises itself as a legitimate antivirus program and goes by the name "Internet Security 2010". It displays various fake pop-up infection messages, false scan results and fake security alerts.

Method of Infection

Upon execution it creates the following files in the infected system

* %AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
* %StartMenu%\Internet Security 2010.lnk
* %Program Files%\InternetSecurity2010\IS2010.exe


Win32/InternetSecurity2010 variants also adds the following registry key to automatically execute on system start

* HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Internet Security 2010="%Program Files%\InternetSecurity2010\IS2010.exe"


Win32/InternetSecurity2010 also adds the following registry key as part of its installation

* HKCU\Software\IS2010

More: http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80823

Collapse -
Win32/Fruspam.BJ

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Characteristics

Type : Worm

Category : Win32

Also known as: W32.Ackantta.G@mm (Symantec), WORM_SPYBOT.BAA (Trend Micro), Trojan.Win32.Buzus.cxph (Kaspersky)


Description
Win32/Fruspam.BJ is a mass-mailing worm that has the capability to send spam email through its own SMTP engine and propagates via peer-to-peer application such as Limewire. It also targets systems running servers with IIS, by modifying or replacing the legitimate IIS file at localhost in %Root%\inetpub\wwwroot\index.htm with its own .htm file. Furthermore, Win32/Fruspam.BJ spams "Invitation Card.zip" which contains a copy of itself named "document.chm .exe" (458,752 bytes).

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80833

Collapse -
TDSS.a!mem

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Type
Trojan

Overview -

Rootkits are programs (device drivers) that can potentially be used with any malware to hide, or stealth, files, processes, registry keys, and network connections. Generic RootKit.d is one of the generic detections for such class of malicious programs.
Characteristics
Characteristics -

This infection spreads through a dropper which when run drops the files in the last sectors of the hard disk, outside the file system.

More: http://vil.nai.com/vil/content/v_252858.htm

Collapse -
Patched-SYSFile.a

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Type
Trojan

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to anothe

Characteristics -

This system file is infected by TDSS.a!mem.

More: http://vil.nai.com/vil/content/v_251323.htm

Collapse -
Worm:Win32/Autorun.WC

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Encyclopedia entry
Published: Jan 12, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2087.0
Released: Jan 12, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Autorun.WC&ThreatID=-2147336514

Collapse -
Exploit:JS/Elecom.A

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Encyclopedia entry
Published: Jan 12, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2087.0
Released: Jan 12, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit:JS/Elecom.A&ThreatID=-2147336510

Collapse -
Exploit:JS/Elecom.B

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Encyclopedia entry
Published: Jan 12, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2087.0
Released: Jan 12, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit:JS/Elecom.B&ThreatID=-2147336509

Collapse -
Exploit:JS/Elecom.C

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Encyclopedia entry
Published: Jan 12, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2087.0
Released: Jan 12, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit:JS/Elecom.C&ThreatID=-2147336508

Collapse -
Trojan:Win32/Hiloti.gen!C

In reply to: VIRUS \ SPYWARE ALERTS - January 12, 2010

Encyclopedia entry
Published: Jan 12, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2087.0
Released: Jan 12, 2010


Summary
This potentially unwanted software is detected by the Microsoft antispyware engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!C&ThreatID=-2147336512

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.