Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 3, 2008

Troj/DNSCha-B


Category Viruses and Spyware

Type Trojan

Troj/DNSChan-B includes functionality to modify the DNS setting, access the internet and communicate with a remote server via HTTP.

When first run Troj/DNSChan-B copies itself to <System>\<random filename>.exe.

The following registry entries are created to run Troj/DNSChan-B on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System

Troj/DNSChan-B contains rootkit functionality.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdnschab.html?_log_from=rss

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 3, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 3, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Zbot-Z

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Dloadr-BNN

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Bckdr-QOD

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Agent-HEH

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Vapsup

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Mysidesearch Search Enhancer

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
JAVA_KLOG.A

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Malware type: Others

Platform: Mac OS

Malware Overview

This malware may be installed manually by a user. It may also be downloaded unknowingly by a user when visiting malicious Web site(s).

When executed, it asks for the root password and logs keystrokes on the affected system. It then saves the gathered information on an encrypted log file specified by the user or using a certain file.

This routine allows a malicious user to steal information from the affected system, risking the exposure of system information, which may then lead to the unauthorized use of the stolen data.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA%5FKLOG%2EA

Collapse -
Adware-BHO.gen.c

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Type Program

SubType Adware

McAfee(R) Avert(R) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a virus or a Trojan. It is a Potentially Unwanted Program.

This detection is for "dll" files.

http://vil.mcafeesecurity.com/vil/content/v_140752.htm

Collapse -
Win32.Antiman.N

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

SYMPTOMS:

The presence of a file named User-Console.exe in c:\Documents and Settings\Adminstrator\ and the following value in the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
C:\Documents and Settings\Administrator\User-Console.exe
Sending files to different contacts from Yahoo Messenger contact list.


TECHNICAL DESCRIPTION:

The malware will make a copy of itself in c:\Documents and Settings\Adminstrator\ under User-Console.exe and modify the registry in order to execute itself after every system reboot.

Then it will scan the drives for multimedia files that contain names of interpreters of a romanian music style called "manele" (examples: adicopil, adiminune, adriancopil, neakalu, nelupeste, nicupaleru, nynobeto, paranghelya, petricacercel etc.) and remove them from user's computer.

More: http://www.bitdefender.com/VIRUS-1000331-en--Win32.Antiman.N.html

Collapse -
BKDR_SDBOT.CTZ

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Malware type: Backdoor

Malware Overview

This backdoor may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

When executed, it drops a component file that Trend Micro detects as BKDR_SDBOT.RV. As a result, routines of the dropped backdoor are also exhibited on the affected system.

It opens ports where it listens for remote commands. It executes commands from a remote malicious user, effectively compromising the affected system.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FSDBOT%2ECTZ

Collapse -
Scareware runs amok on PlayStation site

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Sony gamed by hackers
By John Leyden
Published Thursday 3rd July 2008

Gamers visiting the US Sony PlayStation website risk malware infection after the site was hit by hackers.

SQL injection vulnerabilities on the site were used by miscreants to load malicious code on pages showcasing the PlayStation games SingStar Pop and God of War, net security firm Sophos reports. The code promotes scareware to visitors, which falsely claims that their computers are infected with computer viruses to frighten them into purchasing software of little or no security utility.

Sophos warns that the same technique might easily be adapted to serve up computer Trojans or other forms of malware. Sophos informed Sony of the website vulnerabilities, which were purged by Thursday morning.

More: http://www.theregister.co.uk/2008/07/03/playstation_hack/

Collapse -
Trojans stop play for web gamers

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Key-loggers and rootkits spoiling the fun

Written by Robert Jaques

vnunet.com, 03 Jul 2008


Malware aimed at online gamers posed the most serious online security threat in June, a security firm reported today.

ESET found that 13.29 per cent of malware detections from a sample of over 10 million systems worldwide were classified as 'Win32/PSW.OnLineGames'.

Although this figure is significantly down from last month's 18 per cent, ESET warned that this "does not necessarily" mean a drop in the number of infections.

Win32/PSW.OnLineGames is a family of Trojans with key-logging and rootkit capabilities that gathers information relating to online gaming.

More: http://www.vnunet.com/vnunet/news/2220665/trojans-fun-web-gaming

Collapse -
Malicious Myspace Tom!

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

3 July 2008

Everyone who?s ever had a Myspace account knows Tom. Tom is everyone?s friend, like it or not. So getting an email telling you Tom has sent you a message is a perfectly plausible notification for any Myspace user. If you look carefully at the following email we saw in our spam queues this afternoon though, you?ll see 2 dead cert indicators that this is a Tom imposter:

You?ve got a new message from Tom on MySpace!

Click here to read your MySpace messages:
http://www.myspacce.xxxx/reloc.cfm?c=(removed)

Click here to invite more friends to Your Space:
http://www.myspacce.xxxx/reloc.cfm?c=(removed)

The email itself is pretty well done, but the incorrect spelling of myspacce and the lack of a dot com at the end of the domain tell you that this isn?t genuine. If you were unfortunate enough to hurriedly click on the link to see what Tom had to tell you, you?d be taken to a web page trying to display a video. At this point you know there?s no message, but can you resist trying to get the video to run? according to the comments on the page displayed it looks pretty controversial?tempted?

More: http://www.sophos.com/security/blog/2008/07/1549.html

Collapse -
W32/Autorun-FX

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/DwnLdr-HEY

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/DwnLdr-HEX

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Dwnldr-HEW

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Agent-HEI

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Mal/ObfJS-Q

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Zapchas-EE

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Troj/Mdrop-BTO

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Mal/TSlip-A

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Collapse -
Mal/Spyzee-A

In reply to: VIRUS \ Spyware ALERTS - July 3, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.