Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 18, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 18, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 18, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloadr-BOH

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Generic PUP.x!EF111FD0

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

Characteristics -

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

http://vil.mcafeesecurity.com/vil/content/v_147191.htm

Collapse -
Adware-180SA!9B88E0D6

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

SubType Adware

Characteristics -

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Adware-180SA!664339BA

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

SubType Adware

Characteristics -

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Adware-180SA!47EF87F1

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

SubType Adware

Characteristics -

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Generic PUP.x!E2AC39D0

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

http://vil.mcafeesecurity.com/vil/content/v_147171.htm

Collapse -
Generic PUP.x!75F26CEB

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Program

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

http://vil.mcafeesecurity.com/vil/content/v_147169.htm

Collapse -
Troj/Dload-CN

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Bancos-BEF

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Agent-HGI

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/MalDoc-I

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
W32/AutoRun-GL

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Small-ELV

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Aliases Trojan-Downloader.Win32.Small.yeb

Category Viruses and Spyware

Type Trojan

Troj/Small-ELV is a Trojan for the Windows platform.

Troj/Small-ELV includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Small-ELV copies itself to <System>\drivers\uzcx.exe.

The following registry entry is created to run uzcx.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iut75
<System>\drivers\uzcx.exe

Registry entries are created under:

HKCU\Software\ewrew\uzcx\main

http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallelv.html?_log_from=rss

Collapse -
Troj/Agent-HGL

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Agent-HGK

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
BackDoor-CKB!218F9A89

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Type Trojan

SubType Remote Access

Overview -
This detection is for a BackDoor trojan, that modifies system processes and opens BackDoor ports for remote access.

Aliases
Backdoor.Win32.PcClient.cbk (Kaspersky) Win32/PcClient.CBK (Nod32)

http://vil.mcafeesecurity.com/vil/content/v_147295.htm

Collapse -
Trojan.Downloader.HTML.FM

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

SYMPTOMS:

At most you will notice increased network activity and possible the effect of some Trojans downloaded by this HTML script.



TECHNICAL DESCRIPTION:

This is an a small HTML file, possible sent by spam email. It tricks users into downloading a file called fireworks.exe hidden behind a fake embedded video related to the 4'th of July holiday.

Along with this video in the social engineering process the following phrase is used : "Colorful Independence Day events have already started throughout the country. The largest firework happens on the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it."

It also contains an "iframe" HTML tag redirecting the current page to a php script called "ind.php"

http://www.bitdefender.com/VIRUS-1000344-en--Trojan.Downloader.HTML.FM.html

Collapse -
Trojan.PWS.Onlinegames.ZGE

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

SYMPTOMS:

Presence of the specified files and registry keys.


TECHNICAL DESCRIPTION:

The virus is initialy an executable file, when is launched does following:
copies itself to %SYSTEM%\[virus_name].exe (e.g. ckvo.exe)
drop %SYSTEM%\[virus_name][N].exe (e.g. ckvo1.dll) - which is used to monitors
actions inside games executables(keystrokes)
drops %TEMP%\f.dll - which contains the code for bellow mentioned actions
overwrittes: %SYSTEM%\drivers\vga.sys and loads this driver.
In order to be launched when partitions' root folders are accesed from Explorer, the malware creates
in this locations the files autorun.inf and ffocj.com, which is a copy of the malware.

http://www.bitdefender.com/VIRUS-1000345-en--Trojan.PWS.Onlinegames.ZGE.html

Collapse -
Panda Security's weekly report on viruses and intruders

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Virus Alerts, by Panda Security (http://www.pandasecurity.com)


This week's PandaLabs report provides information about the Sinowal.VPB
and Spammer.AIT Trojans and the Antivirus2008Pro adware.

Sinowal.VPB uses the Windows API to intercept network communications
carried out by users. It is also designed to monitor users' access to
online banks and capture the data entered (credit card numbers,
passwords, etc.). Additionally, Sinowal.VPB creates a copy of itself on
the system.

The Antivirus2008Pro adware tries to pass itself off as an antivirus to
fool users. To do so, once run it displays a screen informing users they
are infected. Soon after, it starts to scan the system and reports fake
infections (see photo here:
http://www.flickr.com/photos/9696103@N03/2678703471/).

In this case, hackers are after the money obtained by selling a
pay-version of a false antivirus (see photo here:
http://www.flickr.com/photos/9696103@N03/2679524216/)

The Spammer_AIT Trojan is designed to steal all email addresses stored
on the system and save them to a file. Then, it opens a port on the
computer and adds itself to the list of authorized applications in the
Windows Firewall so that cyber-crooks can access the stolen data.

The information stolen from the infected computers is then stored on a
web page. This Trojan's aim is to allow cyber-crooks to store a large
number of email addresses for spamming purposes.

Collapse -
W32/Sality-AM

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Aliases Win32/Sality.gen
W32/Sality.dll
New Win32.s

Category Viruses and Spyware

Type Virus

W32/Sality-AM is a virus for the Windows platform.

The virus includes the functionality to download additional files from a remote location.

When first run, the virus may infect executables in the root folder, files on network shares, and files it may find based on the following registry locations:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

http://www.sophos.com/security/analyses/viruses-and-spyware/w32salityam.html?_log_from=rss

Collapse -
Troj/SpyAgent-M

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Dialer-FN

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Agent-HGO

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Agent-HGN

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Troj/Agent-HGM

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Category Viruses and Spyware

Type Trojan

Troj/Agent-HGM is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Agent-HGM includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Agent-HGM copies itself to <System>\drivers\svchost.exe.

The following registry entry is created to run Troj/Agent-HGM on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SVCHOST.EXE
<System>\drivers\svchost.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthgm.html?_log_from=rss

Collapse -
Mal/DwndLdr-AG

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
GoldenKeylogger Installer

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
EvID4226

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Collapse -
Mal/EncPk-DA - Same old social-engineering

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

18 July 2008

It often surprises me that malware authors continue to stick to the same old social engineering tricks to dupe victims into infecting themselves. Whether this says more about the malware authors or the large pool of people that are susceptible to the attacks is not clear. Whatever the case, it is clear that user education continues to be important.

A couple of campaigns using traditional social engineering lures that typify malware distribution today are outlined below.

Mal/EncPk-DA
The first attacks involve a combination of spam, compromised web sites and social engineering. The attacker has been sending out waves of sensationalist spam messages, encouraging the recipient to click on a link in the message to visit a web site.

http://www.sophos.com/security/blog/2008/07/1581.html

Collapse -
W32/IRCBot-ACI

In reply to: VIRUS \ Spyware ALERTS - July 18, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.