Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - January 3, 2008

by Marianna Schmudlach Jan 2, 2009 1:39PM PST

Discussion is locked

13 Posts
- Collapse + Expand Details
- Collapse -
Troj/FakeAV-HZ
by Marianna Schmudlach Jan 2, 2009 1:40PM PST
- Collapse -
Troj/FakeAle-KL
by Marianna Schmudlach Jan 2, 2009 1:41PM PST
- Collapse -
Troj/FakeAle-KK
by Marianna Schmudlach Jan 2, 2009 1:42PM PST
- Collapse -
Troj/Daonol-Fam
by Marianna Schmudlach Jan 2, 2009 1:43PM PST

Aliases Rootkit.Win32.Agent.fwt
Trojan:Win32/Daonol.A
Trojan:Win32/Daonol.B

Category Viruses and Spyware

Type Trojan

Troj/Daonol-Fam is a family of Trojans for the Windows platform.

Members of Troj/Daonol-Fam typically copy themselves to the Root folder and create some of the following files

<Root&gtMischief<random filename>.bat (clean batch file)
<System>\sysaudio.sys

The file sysaudio.sys is also a member of Troj/Daonol-Fam.

A registry entry is usually set similar to the following:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
aux
sysaudio.sys

Troj/Daonol-Fam attempts to redirect internet traffic from a number of websites.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdaonolfam.html?_log_from=rss

- Collapse -
Troj/BHO-IZ
by Marianna Schmudlach Jan 2, 2009 1:44PM PST
- Collapse -
Troj/PWS-AXK
by Marianna Schmudlach Jan 3, 2009 12:03AM PST
- Collapse -
W32/IRCBot-AAY
by Marianna Schmudlach Jan 3, 2009 10:01AM PST

Category Viruses and Spyware

Type Worm

W32/IRCBot-AAY is a worm with IRC backdoor functionality for the Windows platform.

W32/IRCBot-AAY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/IRCBot-AAY copies itself to <System>\msddll.exe.

The file msddll.exe is registered as a new system driver service named "msddll", with a display name of "msddll" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\msddll

http://www.sophos.com/security/analyses/viruses-and-spyware/w32ircbotaay.html?_log_from=rss

- Collapse -
Troj/Renos-CG
by Marianna Schmudlach Jan 3, 2009 10:02AM PST
- Collapse -
Troj/FakeAV-IA
by Marianna Schmudlach Jan 3, 2009 10:03AM PST

Aliases Generic Downloader.x
not-a-virus:AdWare.Win32.BHO.dtl
Win32/TrojanDownloader.FakeAlert.OG

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-IA is a Trojan for the Windows platform.

The Troj/FakeAV-IA is registered as a COM object, creating registry entries under:

HKCR\CLSID\{32FD16DC-537C-4186-9BD6-C718A308342B}
HKCR\Interface\{268706F0-841C-446A-B757-8C1EF84527DC}
HKCR\TypeLib\{A0442DFA-1F7E-4DCE-B75C-A90993D6E7FC}

The following registry entry is set:

HKCR\getsn32.msiesn\Clsid
(default)
{32FD16DC-537C-4186-9BD6-C718A308342B}

Registry entries are created under:

HKCR\getsn32.msiesn

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavia.html?_log_from=rss

- Collapse -
Troj/Agent-INB
by Marianna Schmudlach Jan 3, 2009 10:04AM PST
- Collapse -
Troj/CryptBox-A
by Marianna Schmudlach Jan 3, 2009 10:05AM PST
- Collapse -
Troj/Adclik-Gen
by Marianna Schmudlach Jan 3, 2009 10:06AM PST
- Collapse -
Mal/CryptBox-A
by Marianna Schmudlach Jan 3, 2009 10:07AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info