Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 30, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 30, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 30, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeAV-AU

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Aliases FakeAlert-AB.gen

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-AU is a Trojan for the Windows platform.

Troj/FakeAV-AU includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/FakeAV-AU is installed the following files are created:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
<Desktop>\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
<System>\scui.cpl

The file scui.cpl is detected as Troj/FakeVir-DE.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavau.html

Collapse -
Troj/Ezio-B

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Category Viruses and Spyware

Type Trojan

Troj/Ezio-B is a Trojan for the Windows platform.

Troj/Ezio-B includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Ezio-B copies itself to <System>\ieupdates.exe and creates the file <System>\winsrc.dll.tmp.

The following registry entry is created to run ieupdates.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ieupdate
<System>\ieupdates.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojeziob.html

Collapse -
Troj/DelpDldr-B

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Category Viruses and Spyware

Type Trojan

Troj/DelpDldr-B is a Trojan for the Windows platform.

When first run, Troj/DelpDldr-B attempts to download a program to the Windows system folder. The following registry entry is then created in order to run this program on startup:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A9260CCB-B2B6-7B3B-D778-C92DBC5AEE18}
StubPath
<System>\<Downloaded program>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelpdldrb.html

Collapse -
W32/JPGiframer

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Type Virus

SubType Damaged

Overview -

This detection is for misinfected Jpeg files, which contain an IFRAME tag added at the end of the file.

A misinfected file is one that a virus has attempted to infect, but has not done so in the way in which the virus writer intended.


Characteristics
Characteristics -

The Jpeg files detected are infected incorrectly by a virus. The misinfected Jpeg files, may continue to function as normal or may try to run the virus without any effect. In some cases the misinfected file may be entirely unusable, having been corrupted by the virus.

Such misinfected files, contain an appended HTML IFRAME (inline-frame) tag such as the one below:

iframe src=http://www.goldwindos2000.com/[Removed] width=0 height=0 /iframe

http://vil.mcafeesecurity.com/vil/content/v_147995.htm

Collapse -
Suspicious IFrame.e

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Type Virus

SubType Damaged

The Jpeg files detected are infected incorrectly by a virus. The misinfected Jpeg files, may continue to function as normal or may try to run the virus without any effect. In some cases the misinfected file may be entirely unusable, having been corrupted by the virus.

Such misinfected files, contain an appended HTML IFRAME (inline-frame) tag such as the one below:

iframe src=http://example.com width=0 height=0 /iframe

http://vil.mcafeesecurity.com/vil/content/v_147309.htm

Collapse -
TROJ_DROPPER.OAV

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Malware type: Trojan

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It drops malicious files detected by Trend Micro as the following:

TROJ_ASPROX.AF
TROJ_DLOADER.SQC

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDROPPER%2EOAV

Collapse -
Troj/Renos-AY

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/PWS-ASB

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/Mdrop-BUK

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/VB-EAM

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Trojan.Swizzor.1

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

SYMPTOMS:


Several "iexplore.exe" processes with a hidden window.
Presence of specified names.
Increased network activity.
Computer slowdowns.
IE popups.

Trojan.Swizzor.1 is the name for a generic detection of an obfuscated downloader that usually comes bundled with other software (like 3wPlayer or such called BitTorrent optimization tools).

When such an tool is installed, it downloads a copy of Trojan.Swizzor.1 and saves it as:

%Temp%\minime.exe

http://www.bitdefender.com/VIRUS-1000355-en--Trojan.Swizzor.1.html

Collapse -
TROJ_RENOS.AEA

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Malware type: Trojan

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

This Trojan may be dropped by other malware.

It drops several files, some of which are detected as JOKE_BLUESCREEN. This Trojan creates and modifies registry entries to enable its automatic execution at every system startup.

It accesses Web sites to download a file which Trend Micro detects as TROJ_EMBED.AE.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FRENOS%2EAEA

Collapse -
Firefox 2

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Maxthon

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
K-Meleon

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Foxy P2P

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Firefox 3

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
TROJ_POPHOT.OJ

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Malware type: Trojan

This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It creates a folder and drops several files, some of which are detected as the following:

TSPY_POPHOT.QF
TROJ_POPHOT.QO
It then creates a registry entry to enable the automatic execution of a dropped file at system startup.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPOPHOT%2EOJ

Collapse -
Trojan-Downloader:HTML/Agent.KM

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
TROJ_DLOADR.HG

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Malware type: Trojan

This Trojan may be dropped or downloaded by other malware.

Upon execution, it creates a registry entry to enable its automatic execution at every system startup. It also creates other registry keys/entries.

It connects to an IP address to download files detected by Trend Micro as TROJ_PANDEX.AZ. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

It is also capable of hiding files, processes, and/or registry entries.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADR%2EHG

Collapse -
Troj/Zlob-AMP

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/PWS-ASC

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/Agent-HIH

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Vundo!7e18dec2

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Type Trojan

SubType Trojan

Overview -
Vundo!7e18dec2 is a backdoor Trojan known to be associated with Adware and Trojan Downloader Virtumonde, and Vundo contains backdoor functionality that gives a user unauthorized access to an affected machine.

http://vil.mcafeesecurity.com/vil/content/v_148366.htm

Collapse -
W32/Autorun.worm.gen!17BA3F84

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Type Virus

SubType Worm

Characteristics -

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files have been added to the system:

More: http://vil.mcafeesecurity.com/vil/content/v_148244.htm

Collapse -
Troj/Agent-HIF

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Collapse -
Troj/LowZone-EB

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Aliases Generic VB.b
Trojan.Win32.Agent.vgo

Category Viruses and Spyware

Type Trojan

Troj/LowZone-EB is a Trojan for the Windows platform.

Registry entries affecting internet security may be set under:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

The following registry entry is set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1

Troj/LowZone-EB creates registry entries to automatically run itself.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojlowzoneeb.html

Collapse -
Troj/FakeVir-EC

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Category Viruses and Spyware

Type Trojan

Troj/FakeVir-EC is a Trojan for the Windows platform.

Troj/FakeVir-EC includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/FakeVir-EC is installed the following files are created:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
<Desktop>\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
<System>\scui.cpl

The file scui.cpl is detected as Troj/FakeVir-DE.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirec.html

Collapse -
Troj/Crack-M

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Aliases Trojan-Downloader.Win32.Bagle.vv

Category Viruses and Spyware

Type Trojan

Troj/Crack-M is a Trojan for the Windows platform.

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
EnableLUA
0

Registry entries are created under:

HKCU\Software\FirstRRRun

http://www.sophos.com/security/analyses/viruses-and-spyware/trojcrackm.html

Collapse -
Troj/Agent-HIG

In reply to: VIRUS \ Spyware ALERTS - July 30, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.