Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - January 5, 2009

Jan 4, 2009 10:41AM PST

Discussion is locked

- Collapse -
Troj/Mdrop-BVX
Jan 5, 2009 5:34AM PST

Aliases trojan or variant New Malware.x

Category Viruses and Spyware

Type Trojan

Troj/Mdrop-BVX is a Trojan for the Windows platform.

When Troj/Mdrop-BVX is installed the following files are created:

<SYSTEM>\dllcache\beep.sys
<SYSTEM>\dllcache\mdimon.dll
<SYSTEM>\drivers\stlsvc.sys

The file stlsvc.sys is detected as Mal/RootKit-A.

Troj/Mdrop-BVX creates the following Registry entries:

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\ImagePath\System32\
DRIVERS
stlsvc.sys

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\
Start
0x00000002

HKLM\SYSTEM\CurrentControlSet\Services\stlsvc\
Type
0x00000001

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbvx.html?_log_from=rss

- Collapse -
Troj/FakeAV-ID
Jan 5, 2009 5:35AM PST
- Collapse -
Troj/Dloadr-CEG
Jan 5, 2009 5:36AM PST
- Collapse -
Troj/BlueDF-Gen
Jan 5, 2009 5:37AM PST
- Collapse -
Troj/BHO-JB
Jan 5, 2009 5:38AM PST
- Collapse -
Troj/Bckdr-QQV
Jan 5, 2009 5:39AM PST
- Collapse -
Troj/Agent-INV
Jan 5, 2009 5:40AM PST
- Collapse -
Troj/Agent-INU
Jan 5, 2009 5:41AM PST
- Collapse -
Troj/Agent-INT
Jan 5, 2009 5:42AM PST
- Collapse -
Troj/Agent-INR
Jan 5, 2009 5:43AM PST
- Collapse -
Win32/Conficker.B
Jan 5, 2009 10:25AM PST

Date Published:
5 Jan 2009

Last Updated:
5 Jan 2009

Type : Worm

Category : Win32

Also known as: Troj/Agent-IMK (Sophos), Worm:Win32/Conficker.B (MS OneCare), W32.Downadup.B (Symantec)


Description
Win32/Conficker.B is a worm that propagates via removable drives, via network shares, and by exploiting a vulnerability in Windows Server Service, known as MS08-067. The worm disables security services, blocks access to security related websites and opens the affected system to outside attacks. It also attempts to prevent its removal by utilizing the access control list to lock its executable on the compromised system.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852