Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 14, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 14, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 14, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/PWS-ARV

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/FakeAV-AJ

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Aliases FraudTool.Win32.DoctorAntivirus.e

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-AJ claims to be an anti-virus scanner called "Doctor Antivirus 2008".

Troj/FakeAV-AJ scans the computer and reports clean files as being infected with malware. Troj/FakeAV-AJ then persistently prompts the user to purchase the full version of "Doctor Antivirus 2008" in order to cleanup the infections.

When first run Troj/FakeAV-AJ creates the following registry entries:

HKLM\SOFTWARE\Doctor2008

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Doctor Antivirus 2008
<Path to executable>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavaj.html?_log_from=rss

Collapse -
Troj/Dloadr-BOC

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/BHO-GD

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
SearchIt

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Mal/Cryptik-A

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/QHost-T

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Category Viruses and Spyware

Type Trojan

Troj/QHost-T is a Trojan on the Windows platform that redirects a list of predefined URLs to some remote host.

When Troj/QHost-T is run, it creates registry entry:
HKCU\Software\WinRAR SFX
<Systems>

Troj/QHost-T drops off two files:
<Systems\1.vbs>
<Systems\host.bat>

Troj/QHost-T executes the <Systems\1.vbs> to modify the HOST file to redirect a list of predefined URLs to some remote host defined in <Systems\host.bat>.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojqhostt.html?_log_from=rss

Collapse -
JS/Dropr-V

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Banhost-Q

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Agent-HFV

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Death of the Internet Foretold

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

July 14, 2008

Rumors about the Internet as we know it dying by 2012 have been circulating for some time now, so it?s not really that surprising when the TrendLabs Content Security team was alerted that a Trojan is taking advantage of this conspiracy theory in order to trick users into running it.

Then again, spammed email with sensational headlines do make even the most cautious computer users take a peek (the latest NUWAR/Storm run being a prime example). What more when the said headlines tell them that the Internet, which has been practically their extra limbs since the last century, will suddenly be up for?TV-like subscriptions?

The malware involved in this spam run is detected by Trend Micro as TROJ_PIDIEF.JT, a Trojan that arrives as a PDF file named doc.pdf. This file promises more information regarding the alleged Internet death, and based on the email subjects and details it arrives with (see sample messages below), it?s not easy NOT to double-click on it:

More: http://blog.trendmicro.com/

Collapse -
Roswell Victims Spill Beans on the Beijing Olympics?

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

July 14, 2008

Striking email subjects get the job done. Well, given another spamming operation that uses popular personalities and events, that seems to be the case. Using a variety of subject-body combinations (a lot of which are totally unrelated to each other!), these spammed messages again appeal to the curious mind, offering a link in the email body that would seem to provide more details.

TrendLabs? Joey Costoya says these messages lead users to an r.html Web page that also poses as a Porntube site imitation. The said page hosts the file VIDEO.EXE. We?ve seen this type of attack before in another spam run that also used pop culture as bait.

In this screenshot we see the upcoming Beijing Olympics being used to trick fans and those curious enough about the event to click the URL:

More: http://blog.trendmicro.com/

Collapse -
Troj/DwnlDr-HFH

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Dloadr-BOD

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Bckdr-QOI

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Agent-HFW

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
W32/VB-EAI

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Zlob-AML

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Mdrop-BTX

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Dloadr-BOE

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Agent-HFU

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
JS/ObfJS-D

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/HostsRk-A

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
Troj/Lineag-DR

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Collapse -
PWS-Banker.cp

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Type Trojan

SubType Password Stealer

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Characteristics
Characteristics -

This PWS trojan targets Banks websites and it may also log keystrokes for login details for banking applications, for example while Internet Explorer is open and connected to specific websites.

http://vil.nai.com/vil/content/v_146650.htm

Collapse -
AutoHotKey

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Type Program

SubType Win32

AutoHotKey is a script language for Microsoft Windows allowing a user to automate basic actions like accessing files, modifying the registry, launching applications or downloading files. It also allows to define new keyboard and mouse shortcuts.

AutoHotKey scripts can be run on systems where the AutoHotKey interpreter is installed or compiled as standalone binaries.

Malicious programs generated with AutoHotKey are generally compiled as standalone binaries, allowing them to run even if the AutoHotKey interpreter is not installed.

AutoHotkey compiled binaries are always packed, allowing to hide malicious code, and making them potentially undesirable in corporate environments.

Such binaries are likely to have a size greater than 200KB.

Several worms written in the AutoHotKey language have been seen in the wild.

http://vil.mcafeesecurity.com/vil/content/v_142275.htm

Collapse -
DeepDive

In reply to: VIRUS \ Spyware ALERTS - July 14, 2008

Type Program

SubType Win32

Summary:

This is not a virus or trojan. This is a detection for an IE Browser Helper Object .
This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported.
Browser Helper Objects are dlls that IE loads when starting up. They can perform various task, such as generating extra pop-up ads, monitoring page navigation, etc.

http://vil.mcafeesecurity.com/vil/content/v_134601.htm

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.