Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - January 14, 2010

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - January 14, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mal/VBDrop-G

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Mal/FakeAV-CI

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Mal/Emogen-F

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Mal/Banker-J

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Troj/Spy-EY

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Troj/Hupigon-TB

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Troj/Agent-MDV

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 14 January 2010 11:29:13 (GMT)

Troj/Agent-MDV is a Trojan for the Windows platform.

Troj/Agent-MDV includes functionality to start services.

When Troj/Agent-MDV is installed it creates the file <User>\AppMgmt.dll which is detected as Troj/Agent-MDV.

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmdv.html?_log_from=rss

Collapse -
Troj/Agent-MDU

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Mal/Rimecud-B

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
SpectorSoft

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Category

* Adware or PUA

Type

* System Monitor


Affected operating systems Windows
Characteristics

* Installs itself in the registry
* Monitors browser activity


SpectorSoft is a potentially unwanted application.

SpectorSoft monitors user activities such as emails, chats, web sites visited and keystrokes typed.

http://www.sophos.com/security/analyses/adware-and-puas/spectorsoft.html

Collapse -
Ghost Keylogger

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Troj/Yektel-E

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Aliases

* Packed.Win32.Katusha.e
* FakeAlert-EQ.b trojan
* Trojan:Win32/Yektel.A

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Protection available since 14 January 2010 02:15:00 (GMT)

Troj/Yektel-E is a Trojan for the Windows platform.

Troj/Yektel-E includes functionality to run automatically.

Registry entries are created under:

HKCR\CLSID

http://www.sophos.com/security/analyses/viruses-and-spyware/trojyektele.html?_log_from=rss

Collapse -
Mal/VB-G

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
Troj/Agent-MDT

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Collapse -
TSPY_BANKER.OCN

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Two new spam campaigns spreading variants of the BANKER family of identity-stealing Trojans have recently emerged. The first campaign features spammed messages containing malicious links to supposed pictures. Once clicked, however, users ended up with TSPY_BANKER.OCN infections. This campaign made use of standalone files (see Figure 1).

The second campaign was more elaborate, as the involved malware (detected as TSPY_BANKER.MTX) had two components?one steals banking-related information while the other steals email account information (see Figure 2).

More: http://blog.trendmicro.com/

Collapse -
TROJ_FAKEXPA.IA

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Trend Micro was alerted to the discovery of a recent threat that takes advantage of malicious search results generated from the Microsoft Office?s site.

This threat targets users looking for tips and help-related information on using Microsoft Office products on Microsoft?s official website, particularly those looking to delete meeting notices without notifying the other invitees.

Using the search string, ?delete meeting without notifying invitees,? apparently led users to malicious results, which led to the download of two malicious files?webvirusscanner77.com.htm-1 (detected by Trend Micro as HTML_FAKEALE.JD) and Setup102_2045-10.exe-1 or Setup111060_2045-10.exe-1 (aka TROJ_FAKEXPA.IA).

Both files have been found to be FAKEAV variants. Once executed, they displayed fake scanning results and prompted users to buy bogus antivirus software.

More: http://blog.trendmicro.com/

Collapse -
Trojan:Win32/Adclicker.Q

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Adclicker.Q&ThreatID=-2147336455

Collapse -
TrojanDownloader:Win32/Bancos.DA

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.2204.0
Released: Jan 14, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Bancos.DA&ThreatID=-2147336449

Collapse -
TrojanSpy:Win32/Bancos.SL

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.SL&ThreatID=-2147336450

Collapse -
Trojan:Win32/Bredavi

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Bredavi&ThreatID=-2147336468

Collapse -
Worm:Win32/Chir.D@mm

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.2185.0
Released: Jan 14, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

More details are available in the Family description of Win32/Chir


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Chir.D@mm&ThreatID=-2147366571

Collapse -
TrojanDownloader:Win32/Dogkild.V

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Dogkild.V&ThreatID=-2147336463

Collapse -
PWS:Win32/Ldpinch

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.2185.0
Released: Jan 14, 2010

Summary
Win32/Ldpinch is a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.

Symptoms
Win32/Ldpinch variants have varying symptoms however this trojan family has some shared characteristics and actions:
Creates an entry under one or both of the following registry subkeys to run this copy of the trojan each time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Attempts to gather data from the host computer. The Win32/Ldpinch trojan may gather data such as e-mail addresses, passwords, and system configuration information, including registry settings. It may also gather data from installed applications such as &RQ, FAR, ICQ, The Bat!, and Total Commander.

More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Ldpinch&ThreatID=-2147477181

Collapse -
Trojan:MSIL/Nova

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:MSIL/Nova&ThreatID=-2147336461

Collapse -
Trojan:Win32/Olsa.A!job

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Olsa.A!job&ThreatID=-2147336448

Collapse -
Exploit:Win32/Pdfjsc.CY

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit:Win32/Pdfjsc.CY&ThreatID=-2147336467

Collapse -
Worm:Win32/Rimecud.CN

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

More details are available in the Family description of Win32/Rimecud


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Rimecud.CN&ThreatID=-2147336456

Collapse -
Worm:MSIL/Sdbot.A

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.71.2185.0
Released: Jan 14, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:MSIL/Sdbot.A&ThreatID=-2147336460

Collapse -
PWS:Win32/Sinowal.gen!Q

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Encyclopedia entry
Updated: Jan 14, 2010 | Published: Jan 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.2204.0
Released: Jan 14, 2010

Summary
On January 14, 2010 a signature for PWS:Win32/Sinowal.gen!Q started detecting a kernel driver from McAfee. On the same day, Microsoft released a new signature that addresses the issue. Signature versions 1.71.2188.0 and higher include this fix.

This threat is classified as a Trojan - Password Stealer. Typically, a password stealing trojan installs a keystroke logger (commonly referred to as a keylogger) which records keystrokes and sends the recorded information to remote attackers. Some keyloggers monitor only keystrokes involved in specific types of web-based transactions. For example, a keylogger may include a component that monitors browser activity, only recording keystrokes when certain bank or ecommerce sites are accessed. Other types of password-stealing trojans include those that capture screenshots in an attempt to bypass graphic-based security measures. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Sinowal.


More: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Sinowal.gen!Q&ThreatID=-2147337220

Collapse -
TrojanDropper:Win32/Small

In reply to: VIRUS \ SPYWARE ALERTS - January 14, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.71.2185.0
Released: Jan 14, 2010

Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Small&ThreatID=-2147478979

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.