Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - January 30, 2009

by Marianna Schmudlach / January 29, 2009 11:11 AM PST
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - January 30, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - January 30, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloadr-CFS
by Marianna Schmudlach / January 29, 2009 11:12 AM PST
Collapse -
Mal/Mdrop-K
by Marianna Schmudlach / January 29, 2009 11:14 AM PST
Collapse -
Win32/AdClicker
by Marianna Schmudlach / January 29, 2009 11:16 AM PST

Characteristics
Type : Trojan

Category : Win32

Also known as: Trojan.Adclicker (Symantec), Adware:Win32/AdRotator (MS OneCare), Trojan.Win32.Agent (Kaspersky)


Description
Win32/AdClicker is a trojan that registers itself as a Browser Helper Object (BHO) and displays unwanted advertisements when accessing Internet Explorer.
Back to top
Method of Infection
When executed, Win32/AdClicker creates the registry entry below to enable its automatic execution at every start-up:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\<random> = "%System%\regsvr32.exe /s "<path to trojan DLL>""

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77205

Collapse -
Troj/FakeAV-JY
by Marianna Schmudlach / January 29, 2009 2:48 PM PST
Collapse -
Troj/FakeAV-JR
by Marianna Schmudlach / January 29, 2009 2:50 PM PST
Collapse -
Troj/Dwnldr-HNU
by Marianna Schmudlach / January 29, 2009 2:52 PM PST
Collapse -
Troj/Agent-ISO
by Marianna Schmudlach / January 29, 2009 2:53 PM PST
Collapse -
W97M/Blic.N
by Marianna Schmudlach / January 29, 2009 2:56 PM PST

Type : Virus

Category : Word97Macro

Also known as: W97M/Blic (McAfee), TrojanDropper:O97M/DarkSnow (MS OneCare), O97M.Darksnow (Symantec), O97M_DARKSNOW.A (Trend)

Description
W97M/Blic.N is a Microsoft Word macro virus that infects .DOC files and the Microsoft Word template "Normal.dot".

Method of Infection
When executed, W97M/Blic.N drops the file "BK_7.TMP" in the %Temp% directory and executes it.


CA detects this file as the Win32/Blic.E virus.


Note: %Temp% is a variable location and refers to the directory designated for temporary files. The malware determines the location of the current Temp folder by querying the operating system. A typical path is "C:\Documents and Settings\<username>\Local Settings\Temp", or "C:\WINDOWS\TEMP".

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77475

Collapse -
Win32/Blic.E
by Marianna Schmudlach / January 29, 2009 2:57 PM PST

Type : Virus

Category : Win32

Also known as: Trojan:Win32/Malagent (MS OneCare)

Description
Win32/Blic.E is a virus that infects .EXE, .DOC and .XLS files found on the affected system. It can also propagate via file infection, network shares and removable drives.

Method of Infection
Win32/Blic.E has been observed to be dropped onto a system by W97M/Blic.N and X97M/Blic.N.


When executed, Win32/Blic.E drops files to the following locations:


%Documents and Settings%\<user>\My Documents\RESUME.XLW - non-malicious file
%System%\blackice.exe - copy of virus
%System%\kernel.dll - copy of virus


More: http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77477

Collapse -
X97M/Blic.N
by Marianna Schmudlach / January 29, 2009 3:00 PM PST

Type : Virus

Category : Win32

Also known as: X97M/Blic (McAfee), TrojanDropper:O97M/DarkSnow (MS OneCare), O97M.Darksnow (Symantec), O97M_DARKSNOW.A (Trend)

Description
X97M/Blic.N is a Microsoft Excel macro virus that infects .XLS files and the Microsoft Excel templates "Book1.xls" and "Book.xlt".

Method of Infection
When executed, X97M/Blic.N drops the file "BK_7.TMP" in the %Temp% directory and executes it.


CA detects this file as the Win32/Blic.E virus.


Note: %Temp% is a variable location and refers to the directory designated for temporary files. The malware determines the location of the current Temp folder by querying the operating system. A typical path is "C:\Documents and Settings\<username>\Local Settings\Temp", or "C:\WINDOWS\TEMP".


http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77561

Collapse -
Troj/BHO-JM
by Marianna Schmudlach / January 29, 2009 11:13 PM PST
Collapse -
W32/Agent-ISQ
by Marianna Schmudlach / January 29, 2009 11:14 PM PST
Collapse -
Troj/FakeAV-KA
by Marianna Schmudlach / January 29, 2009 11:15 PM PST
Collapse -
Troj/FakeAV-JZ
by Marianna Schmudlach / January 29, 2009 11:16 PM PST
Collapse -
Troj/Drop-BQ
by Marianna Schmudlach / January 29, 2009 11:18 PM PST
Collapse -
Troj/Dload-EW
by Marianna Schmudlach / January 29, 2009 11:19 PM PST
Collapse -
Mal/EncJS-A
by Marianna Schmudlach / January 29, 2009 11:20 PM PST
Collapse -
Spyware.KeyProwler
by Marianna Schmudlach / January 29, 2009 11:49 PM PST
Collapse -
W32/Autorun-WF
by Marianna Schmudlach / January 30, 2009 12:11 AM PST
Collapse -
Troj/NetPass-B
by Marianna Schmudlach / January 30, 2009 12:12 AM PST
Collapse -
Troj/Macswp-D
by Marianna Schmudlach / January 30, 2009 12:13 AM PST
Collapse -
Troj/Lmir-GJ
by Marianna Schmudlach / January 30, 2009 12:14 AM PST
Collapse -
Troj/Dloadr-CFV
by Marianna Schmudlach / January 30, 2009 12:15 AM PST

Aliases TrojanDownloader:Win32/Renos.DZ
Generic Dropper.cx trojan

Category Viruses and Spyware

Type Trojan

Troj/Dloadr-CFV is a Trojan for the Windows platform.

Troj/Dloadr-CFV includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Dloadr-CFV creates the following registry entry to run itself on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Cognac
<Root>\2~tmp.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcfv.html?_log_from=rss

Collapse -
Troj/Bdoor-ASP
by Marianna Schmudlach / January 30, 2009 12:16 AM PST
Collapse -
Troj/Akspy-A
by Marianna Schmudlach / January 30, 2009 12:17 AM PST
Collapse -
Mal/Emogen-G
by Marianna Schmudlach / January 30, 2009 12:18 AM PST
Collapse -
Mal/Banker-H
by Marianna Schmudlach / January 30, 2009 12:19 AM PST
Collapse -
Now users face Obama worm
by Marianna Schmudlach / January 30, 2009 12:22 AM PST

30 January 2009

By Robert McMillan, IDG news service
Hackers have developed a new worm cashing in on the popularity of new US president, Barack Obama.

The worm was first spotted earlier this week after it infected PCs at a preparatory school in Metairie, Louisiana, and was first reported by Walling Data, a value-added reseller in Claremont, North Carolina. Though it is not detected by any anti-virus products right now, it is not considered to be a serious threat because it has infected so few systems.
The worm spreads via USB drive, using the Windows autorun feature to install itself automatically on any drive it connects with. Unlike most of today's profit-driven malware, the Obama worm doesn't steal your credit card number or turn your PC into a remote-controlled zombie system. In fact, it isn't designed to do anything besides float a small picture of Obama at the bottom right corner of your desktop all day every Monday.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=110236

Collapse -
W32/AutoRun-WE
by Marianna Schmudlach / January 30, 2009 6:33 AM PST

Category Viruses and Spyware

Type Worm

W32/AutoRun-WE is a worm for the Windows platform.

W32/AutoRun-WE includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/AutoRun-WE copies itself to:

<Windows>\regsvr.exe
<System>\regsvr.exe
<System>\svchost .exe

and creates the following files:

<System>\28463\svchost.001 (can be deleted)
<System>\28463\svchost.exe (Ardamax keylogger application)
<System>\setting.ini (can be deleted)
<System>\setup.ini (Troj/Agent-GXM)

W32/AutoRun-WE may copy itself to removeable drives, floppy drives and network shares .

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunwe.html?_log_from=rss

Collapse -
W32/Autoit-BF
by Marianna Schmudlach / January 30, 2009 6:34 AM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!