Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 21, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 21, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 21, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
JS/Dloadr-BOJ

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/QQHelpe-CX

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Category Viruses and Spyware

Type Trojan

Troj/QQHelpe-CX is a Trojan for the Windows platform.

Troj/QQHelpe-CX has the functionalities:
--read preconfigured URLs from <current folder>\update.dat;
--download files from preconfigured URLs and run them;
--open links to websites;
--display pop-up advertising;
--change IE homepage.

The following registry entry is created:
HKLM\SOFTWARE\Lamp\Update
CafeUpdate
<current filepath>


http://www.sophos.com/security/analyses/viruses-and-spyware/trojqqhelpecx.html?_log_from=rss

Collapse -
Troj/Poison-AB

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Dwnldr-HDT

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Drop-V

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Bckdr-QOL

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Agent-HGY

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Agent-GZU

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/IRCBot-ACJ

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Dwnldr-HFW

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/DwnLdr-HFV

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/FakeVir-DK

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Dload-CP

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Category Viruses and Spyware

Type Trojan

Troj/Dload-CP is a Trojan for the Windows platform.

Troj/Dload-CP includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Dload-CP copies itself to the Program Files folder and creates the following files:

<User>\Start Menu\Antivirus2008y\Antivirus 2008.lnk
<User>\Start Menu\Antivirus2008y\Uninstall Antivirus 2008.lnk
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\block.dat
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\chrome.manifest
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\chrome\content\main.js
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\chrome\content\main.xul
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\components\module.js
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\install.rdf
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\nonblock.dat
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\page.html
<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com\refresh.bat
<System>\winlogon.dll - Also detected as Troj/Dload-CP

The folder "<Program Files>\Mozilla Firefox\extensions\xxx@xxx.com" may be safely deleted.

The following registry entry is created to run Troj/Dload-CP on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Antivirus2008y
<Program Files>\Antivirus2008y\<original Trojan filename>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadcp.html?_log_from=rss

Collapse -
Troj/Deftool-A

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Conhook-AO

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Mal/TibsPk-D

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Mal/EncPk-EL

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Mal/Behav-275

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
W32/Sality.ah

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Type Virus

SubType Win32

Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases
Worm.Win32.AutoRun.eiy (Kaspersky)

http://vil.mcafeesecurity.com/vil/content/v_147094.htm

Collapse -
Spy-Agent.bv!01f7cc2a

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Type Trojan

Overview -
Spy-Agent.bv!01f7cc2a is an information stealing trojan and rootkit (kernel mode driver) which can be installed in a system to send user's sensitive data back to specified address, and it also has the ability of self-protection via registry keys/values, process, file system and network connection monitoring and hiding.

Characteristics
Characteristics -

The trojan is designed to gathers email addresses and system information from the victim machine and send the information to the remote site. This trojan registers a process creation notification rountine to monitor and get notified when new process created.

In order to hide network connections and capture the file system and network accesses, this rootkits installs itself as a file system and network filter:

http://vil.mcafeesecurity.com/vil/content/v_147447.htm

Collapse -
MAL_BANLD-1

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

New YouTube Spam Dresses Malware as Porn

July 21, 2008

Florabel Baetiong of the Trend Micro Content Security (CS) team reports of a type of fake email message circulating in the Net that contains a YouTube video link sharing notification, which supposedly comes from someone who wants to share an adult video with the recipient. Below is a screenshot of the said email notification:

More: http://blog.trendmicro.com/

Collapse -
Spam Spans New Artistic Heights

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

At first glance, these spam emails look like the usual spam, but closer inspection proves otherwise:

More: http://blog.trendmicro.com/

Collapse -
Troj/Proxy-IO

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Category Viruses and Spyware

Type Trojan

Troj/Proxy-IO is a Trojan that injects a block of executable code into the process space of a newly created process svchost.exe. The injected code provides SOCKS proxy functionality for the attacker.

A randomly named batch file is also created. The batch file attempts to remove the Trojan installer and delete itself once the Trojan installer is successfully deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojproxyio.html?_log_from=rss

Collapse -
Troj/Agent-HAI

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Aliases Trojan.Win32.Agent.tts

Category Viruses and Spyware

Type Trojan

Troj/Agent-HAI is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Agent-HAI includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Agent-HAI copies itself to:

<System&gtMischief<random_name1>.exe
<System&gtMischief<random_name2>.exe

The following registry entry is created to run mounaquek.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<random_name3>
<System&gtMischief<random_name1>.exe

A copy of the Trojan is registered as a new system driver service, with a display name of "bcveServ" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\<random_name4>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthai.html?_log_from=rss

Collapse -
Mal/Behav-204

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Sus/Behav-194

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Sus/Behav-272

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
StartPage-KJ

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Type Trojan

SubType StartPage

Overview -
StartPage-KJ changes default settings in the registry which affect system functionality

Characteristics
Characteristics -

StartPage-KJ has been observed to create randomly named executales in the root directory. After creation it executes these files which are copies of the original file. In this way multiple copies are made all of which are loaded and executed in memory. This causes a waste in memory resources. The files have also been observed to create the following registry entries to change the start page on user systems.

http://vil.mcafeesecurity.com/vil/content/v_147313.htm

Collapse -
Troj/Dloadr-BOK

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Collapse -
Troj/Agent-HFZ

In reply to: VIRUS \ Spyware ALERTS - July 21, 2008

Category Viruses and Spyware

Type Trojan

When Troj/Agent-HFZ is installed the following files are created:

<System>\ntos.exe - copy of Troj/Agent-HFZ
<System>\wsnpoem\audio.dll - empty file, can be safely deleted
<System>\wsnpoem\video.dll - empty file, can be safely deleted

The following registry entry is changed to run ntos.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\ntos.exe,

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthfz.html?_log_from=rss

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.