Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 17, 2008

W32/Small-EKH


Aliases Worm.Win32.Small.l
TROJ_SMALL.EAK
Application-WinDrives
W32/Worm.GTS

Category Viruses and Spyware

Type Worm

W32/Small-EKH is a worm for the Windows platform.

W32/Small-DHR may spread to locally accessible drives

When first run W32/Small-EKH copies itself to <Windows>\WinDrives.EXE.

The following registry entry is created to run WinDrives.EXE on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinDrives
<Windows>\WinDrives.EXE

http://www.sophos.com/security/analyses/viruses-and-spyware/w32smallekh.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 17, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 17, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Small-DHR

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Aliases Worm.Win32.Small.l
WORM_SMALL.DIG

Category Viruses and Spyware

Type Virus

W32/Small-DHR is a worm for the Windows platform.

W32/Small-DHR may spread to locally accessible drives.

When first run W32/Small-DHR copies itself to <Windows>\WinDrives.EXE.

The following registry entry is created to run WinDrives.EXE on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinDrives
<Windows>\WinDrives.EXE

http://www.sophos.com/security/analyses/viruses-and-spyware/w32smalldhr.html?_log_from=rss

Collapse -
W32/Autorun-GK

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/VB-EAJ

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/PWS-ARX

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/IRCBot-ACH

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Delf-FAX

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Click-C

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Mal/TibsPk-F

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/DwnLdr-HFM

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Agent-HGD

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
WinDrive

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Aliases Application-WinDrives

Category Adware or PUA

Type Unspecified PUA

WinDrive is a potentially unwanted application.

When first run WinDrive copies itself to <Windows>\WinDrives.EXE.

The following registry entry is created to run WinDrives on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinDrives
<Windows>\WinDrives.EXE

http://www.sophos.com/security/analyses/adware-and-puas/windrive.html?_log_from=rss

Collapse -
ClickSpring

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
W32/GetCodec-A

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Category Viruses and Spyware

Type Worm

W32/GetCodec-A is a worm for the Windows platform.

When run, the worm sets the following registry entries:

HKCU\Software\Microsoft\PIMSRV\

HKCU\Software\Microsoft\MediaPlayer\Preferences\
URLAndExitCommandsEnabled
0

HKCU\Software\Microsoft\MediaPlayer\Player\Extensions\.mp3\
Permissions
33

The worm has the functionalities to:

- Search the infected computer for files with the extension of .mp3, .wmv, .wma .mp2 and .mp3
- Convert the located files to wma format without modifying the original filename and extension
- Insert the functionality to download code from a remote website into the converted wma format files.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32getcodeca.html?_log_from=rss

Collapse -
Troj/Dwnldr-HFN

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Drop-AA

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Agent-HGE

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/DwnLdr-HFQ

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Dwnldr-HFP

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/DwnLdr-HFO

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
AdClicker-EV

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Type Trojan

SubType Win32

Overview -
AdClicker-EV is a trojan which can be installed via a wide variety of means - utilising vulnerabilities in browsers, dropped by other viruses etc, it is designed to connect to the author's website and click on banner advertisements.

Characteristics
Characteristics -

As this detection covers many variants, the characteristics of this trojan with regards to the filenames, registry keys, et cetera will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.

When run, this trojan drops a copy of itself in the following path(s):

%Windows%\sysst32.exeIt also installs the following file(s) and component(s):

%Windows%\logon32.dll (AdClicker-EV) %Windows%\winupdt.exe (AdClicker-EV)

http://vil.mcafeesecurity.com/vil/content/v_141188.htm

Collapse -
AdClicker-GF

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Type Trojan

SubType Generic

Overview -
This detection is for an AdClicker trojan.

Aliases
Trj/Clicker.ALI (Panda) Trojan-Clicker.Win32.Small.zg (Kaspersky) TrojanClicker:Win32/Zirit.Y (Microsoft)
Characteristics
Characteristics -

This detection is for an AdClicker trojan.

This detection is for a "dll" file.

This "dll" file exports functions that can be used by other programs to display Feeds with random search engines.

This may also be used to display ADs while browsing the internet.

http://vil.mcafeesecurity.com/vil/content/v_146924.htm

Collapse -
AntiSpyCheck

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Type Program

SubType Win32

Overview:

This description is for potentially unwanted program that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Potentially Unwanted Programs are any piece of software which a reasonably security/privacy minded computer user may want to be informed of.

When the main executable is run, it displays the following window:

http://vil.mcafeesecurity.com/vil/content/v_146929.htm

Collapse -
PWCrack-Award

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Type Program

SubType Malware Tool

Overview:

This description is for a tool, capable of cracking the password for an Award manufactured BIOS. Apart from showing the password, this tool is also capable of changing, enabling or disabling a BIOS password.

Given below is a screenshot of this tool:

http://vil.mcafeesecurity.com/vil/content/v_123516.htm

Collapse -
QHosts-82

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Type Trojan

SubType Win32

Overview -

This description is for a trojan that is capable of modifying the Windows hosts file.

The characteristics of this Trojan with regards to the file names, host entries added, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.


Characteristics
Characteristics -

When executed, this trojan modifies the Windows host file located in:

C:\Windows\system32\drivers\etc\HostIt adds the following entries in the host file:

208.53.170.249 200.58.114.182 208.53.144.37 72.29.77.132 208.53.169.165It adds an additonal entry which ensures that any connection made to Banamex.com [Banco Nacional de M

Collapse -
Trojan.Downloader.Gadja.C

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

SYMPTOMS:

Presence of the file: %sysdir%/userini.exe.
TECHNICAL DESCRIPTION:

When executed, the malware copies original (clean) file %sysdir%/userinit.exe into %sysdir%/userini.exe.

It disables System File Protection, and overwrites %sysdir%/userinit.exe with a copy of itself, in order to be executed on every system start-up.

After it deletes the initially executed copy of itself, the malware drops the file:
%tempdir%\ie[hex-digit].tmp, detected as: Trojan.Downloader.Gadja.D.


http://www.bitdefender.com/VIRUS-1000343-en--Trojan.Downloader.Gadja.C.html

Collapse -
TROJ_DLOAD.DI. DLOAD variants

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

?Angelina Jolie Nude Movie? Spam

A new spam run captured by our ******** features a "nude movie" of Angelina Jolie. If the "nude movie" bit is not enough to entice you, maybe the scorching hot picture attached to the email will.

More: http://blog.trendmicro.com/

Collapse -
TSPY_ZBOT.NM - Trojans Deliver

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Surprised, or excited perhaps, at the unexpected ?package? sent to you by someone you do not really know? Don?t get too carried away. A little caution wouldn?t hurt.

Our analysts have been catching spam samples pretending to come from the United Parcel Service Inc. (UPS) to lure users since last week. UPS is one of the world?s largest package delivery companies, so this spam run, which informs users that a package has been sent to them, has a lot going for it in terms of hauling in gullible users. These messages come with fake tracking numbers that actually vary from email to email, a nifty trick meant to help the email messages appear almost authentic.

Here?s a screenshot of the spammed email:

http://blog.trendmicro.com/

Collapse -
W32/GetCodec-A

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Category Viruses and Spyware

Type Worm

W32/GetCodec-A is a worm for the Windows platform.

When run, the worm sets the following registry entries:

HKCU\Software\Microsoft\PIMSRV\

HKCU\Software\Microsoft\MediaPlayer\Preferences\
URLAndExitCommandsEnabled
0

HKCU\Software\Microsoft\MediaPlayer\Player\Extensions\.mp3\
Permissions
33

The worm has the functionalities to:

- Search the infected computer for files with the extension of .mp3, .wmv, .wma .mp2 and .mp3
- Convert the located files to wma format without modifying the original filename and extension
- Insert the functionality to download code from a remote website into the converted wma format files.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32getcodeca.html?_log_from=rss

Collapse -
Troj/Zlob-AMO

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Collapse -
Troj/Agent-HGF

In reply to: VIRUS \ Spyware ALERTS - July 17, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.