Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - July 7, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - July 7, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - July 7, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/FakeVir-CU

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
W32/AutoRun-FY

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Swizzor-NY

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/DwnLdr-HFC

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Category Viruses and Spyware

Type Trojan

Troj/DwnLdr-HFC is a downloader Trojan on the Windows platform.

Troj/DwnLdr-HFC copies itself to
<Program Files>\Microsoft Office\SYSTEM\dodolook_7493.exe.

When Troj/DwnLdr-HFC is run, it creates registry entry:

HKLM\SYSTEM\CurrentControlSet\Services\wamer
ImagePath
<path to the Trojan>

Troj/DwnLdr-HFC saves the downloaded code as <Systems>\mprmsgse.axz.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhfc.html?_log_from=rss

Collapse -
Troj/Agent-HES

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Agent-HER

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
W32/Vetor-A

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Category Viruses and Spyware

Type Virus

W32/Vetor-A is a virus for the Windows platform.

When the virus is run it attempts to hook itself into the system and infect files. W32/Vetor-A usually has both polymorphic and midinfecting capability.

W32/Vetor-A may also connect to IRC networks in an attempt to spread itself over the internet.

W32/Vetor-A often infects the same file more than once, in which case disinfection will need to be repeated.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32vetora.html?_log_from=rss

Collapse -
Troj/SWFexp-E

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/FakeVir-CW

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
TROJ_DROPPER.OAC

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Unif-B

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

7 July 2008

Javascript scanner - just what the doctor ordered.
A Javascript online threat scanner? Ok, not really, just another scam we have been seeing in recent weeks, which I took a closer look at over the weekend.

A while back, I analysed all of the malicious Troj/Unif-B threats we were seeing, to identify the purpose of the malicious scripts [1]. I found that about half of the malicious scripts were being used to infect victims with one of a handful pieces of malware. Last week, I saw Unif-B being put to a different purpose - scamming money out of victims by displaying fake security messages. The attack is described below.

More: http://www.sophos.com/security/blog/2008/07/1551.html

Collapse -
Trojan trawls recruitment sites in ID harvesting scam

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

All your CV are belong to us
By John Leyden
Published Monday 7th July 2008

Hackers have turned the harvesting of personal information from Monster.com and other large US jobsites into a lucrative black market business

A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

More: http://www.theregister.co.uk/2008/07/07/jobsite_data_hackharvesting_hack/

Collapse -
WistaAntivirus

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
WinDefender

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Trojan.Obfuscated.LA

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

SYMPTOMS:

Symptoms are not easily visible for the user.



An instance of iexplorer.exe can be seen in Task Manager but only for a small period of time. This instance is not associated with any Internet Explorer windows.

TECHNICAL DESCRIPTION:

Trojan.Obfuscated.LA is a trojan downloader. It tries to download a file from

hxxp://upd.host-domain-look.com/upd/check?version=0.1unk&fxp=9025<hex chars>

http://www.bitdefender.com/VIRUS-1000335-en--Trojan.Obfuscated.LA.html

Collapse -
Internet Explorer 5

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
GTunnel

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Green Browser

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
GoToMyPc

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Flock

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
AdMedia

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Trojan.JS.Encrypted.A

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Iframe-AG

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Gamania-BT

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Aliases Trojan.Win32.Agent.dje
PWS-Gamania.dr

Category Viruses and Spyware

Type Trojan

Troj/Gamania-BT is a Trojan for the Windows platform.

When Troj/Gamania-BT is installed the following files are created:

<System>\kb1111p.dll

The file kb1111p.dll is registered as a COM object and shell extension, creating registry entries under:

HKCR\CLSID\{9C0ADB68-353A-61DD-ED09-1D8003A61111}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{9C0ADB68-353A-61DD-ED09-1D8003A61111

Troj/Gamania-BT was proactively detected as Mal/Generic-A and the file kb1111p.dll is also detected as Troj/Cabat-Gen.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojgamaniabt.html?_log_from=rss

Collapse -
Troj/Ezibot-C

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/BHO-GB

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Agent-HEU

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Troj/Agent-HET

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Mal/FakeAlert-A

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Collapse -
Mal/DownLdr-W

In reply to: VIRUS \ Spyware ALERTS - July 7, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.