VIRUS \ Spyware ALERTS - January 5, 2009

Aliases trojan or variant New Malware.x

Category Viruses and Spyware

Type Trojan

Troj/Mdrop-BVX is a Trojan for the Windows platform.

When Troj/Mdrop-BVX is installed the following files are created:

<SYSTEM>\dllcache\beep.sys
<SYSTEM>\dllcache\mdimon.dll
<SYSTEM>\drivers\stlsvc.sys

The file stlsvc.sys is detected as Mal/RootKit-A.

Troj/Mdrop-BVX creates the following Registry entries:

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\ImagePath\System32\
DRIVERS
stlsvc.sys

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\
Start
0x00000002

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\
Type
0x00000001

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbvx.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavid.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrceg.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbluedfgen.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows
Characteristics Installs itself in the registry


http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhojb.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Bckdr-QQV installs rootkits. The installed files are dropped with four randomly generated names and are detected as components of Troj/Bckdr-QQV.


http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqqv.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentinv.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentinu.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentint.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentinr.html?_log_from=rss

Date Published:
5 Jan 2009

Last Updated:
5 Jan 2009

Type : Worm

Category : Win32

Also known as: Troj/Agent-IMK (Sophos), Worm:Win32/Conficker.B (MS OneCare), W32.Downadup.B (Symantec)


Description
Win32/Conficker.B is a worm that propagates via removable drives, via network shares, and by exploiting a vulnerability in Windows Server Service, known as MS08-067. The worm disables security services, blocks access to security related websites and opens the affected system to outside attacks. It also attempts to prevent its removal by utilizing the access control list to lock its executable on the compromised system.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852