Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - June 15, 2009

by Marianna Schmudlach / June 14, 2009 11:41 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - June 15, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - June 15, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Brack-Gen
by Marianna Schmudlach / June 14, 2009 11:42 PM PDT
Collapse -
Troj/Agent-KDW
by Marianna Schmudlach / June 14, 2009 11:42 PM PDT
Collapse -
Dial/190-A
by Marianna Schmudlach / June 14, 2009 11:43 PM PDT

Category

* Viruses and Spyware

Type

* Trojan


Dial/190-A is a premium rate porn dialler.

When first run the dialler copies itself to the Windows folder or to a new
folder named \Program Files\Webdialer\ or \Programme\Webdialer and adds a link
to this copy under the following registry entry, so that the dialler is run
automatically each time Windows is started:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

The dialler also creates links on the Desktop and in the Start Menu folders.

The dialler will continue to run as a background process until it is terminated
by right-clicking the Taskbar icon and choosing Exit.

There is also an Uninstall option to remove the dialler from the system. This
will repair the registry and remove the links but may not delete the dialler
executable from the <Program Files>\Webdialer\ folder.

More: http://www.sophos.com/security/analyses/viruses-and-spyware/dial190a.html?_log_from=rss

Collapse -
Troj/DelpDldr-E
by Marianna Schmudlach / June 14, 2009 11:44 PM PDT
Collapse -
Troj/Badsrc-E
by Marianna Schmudlach / June 14, 2009 11:45 PM PDT
Collapse -
Troj/Agent-KDY
by Marianna Schmudlach / June 14, 2009 11:45 PM PDT
Collapse -
Troj/Agent-KDX
by Marianna Schmudlach / June 14, 2009 11:46 PM PDT
Collapse -
OSX/Jahlav-C
by Marianna Schmudlach / June 14, 2009 11:47 PM PDT

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Macintosh

OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. The initial malicious installer is distributed as a missing Video ActiveX Object.

As a part of the installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and setup to periodically run. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload.

The perl script uses http to communicate with a remote website and download code supplied by the attacker.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxjahlavc.html?_log_from=rss

Collapse -
Mal/Generic-E
by Marianna Schmudlach / June 14, 2009 11:48 PM PDT
Collapse -
Troj/Bckdr-QVK
by Marianna Schmudlach / June 14, 2009 11:49 PM PDT
Collapse -
Troj/VB-EED
by Marianna Schmudlach / June 14, 2009 11:50 PM PDT
Collapse -
Troj/AdClick-FK
by Marianna Schmudlach / June 14, 2009 11:51 PM PDT
Collapse -
Troj/Agent-KDV
by Marianna Schmudlach / June 14, 2009 11:51 PM PDT
Collapse -
W32/Koobface-E
by Marianna Schmudlach / June 14, 2009 11:52 PM PDT
Collapse -
Troj/Boaxxe-L
by Marianna Schmudlach / June 14, 2009 11:53 PM PDT
Collapse -
Troj/VBAdult-A
by Marianna Schmudlach / June 14, 2009 11:54 PM PDT

Aliases

* Porn-Tool.Win32.Agent.oi
* AdClicker-EG trojan
* TrojanClicker:Win32/Vbadult.A

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/VBAdult-A displays popup browser Windows for pornographic websites.

When Troj/VBAdult-A is installed the following files are created:

<System>\????\<random string 1>.exe
<System>\????\<random string 1>.bat
<User>\Cookies\<user>@www.kiss-of-adult[?].txt

where ? is a digit 0-9 and <random string 1> is a random sequence of characters in the set a-z, A-Z.

Registry entries are created as follows:

HKCU\Software\Path\<random string 2>
path
<System>\????\<random string 1>

HKCU\Software\Path\<random string 2>
htmlpath
<System>\????\<random string 1>

where <random string 2> is a random string consisting of uppercase characters A-Z and digits 0-9.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojvbadulta.html?_log_from=rss

Collapse -
Troj/FakeVir-MV
by Marianna Schmudlach / June 14, 2009 11:55 PM PDT
Collapse -
Troj/DwnLdr-HSU
by Marianna Schmudlach / June 14, 2009 11:56 PM PDT
Collapse -
Troj/Wimad-Gen
by Marianna Schmudlach / June 14, 2009 11:57 PM PDT

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/Wimad-Gen detects the Wimad family of Trojans.

The Wimad family are typically Windows Media Video files that use features of Windows
Digital Rights Management (DRM) to trigger visits to a web page that will
attempt to download several files related to software that delivers internet
adverts (adware).

The file is an encrypted file protected by DRM. In order to view the video
content of the file the user has to acquire a digital license from a third party
licensing server.

Windows Media Player attempts to acquire the license as soon as the user attempts
to view the file.

The Wimad family contain the URL of the server serving the license.
The process uses HTTP protocol to acquire the license.
The rendering engine is identical to the Internet Explorer rendering engine.
If the server sends a content that includes active scripting together with the license,
the content may exploit vulnerabilities in Internet Explorer to download and launch
potentialy malicious software and adware programs without user's consent.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojwimadgen.html?_log_from=rss

Collapse -
W32.Fujacks.CA
by Marianna Schmudlach / June 15, 2009 12:15 AM PDT
Collapse -
W32.Grenail.E!inf
by Marianna Schmudlach / June 15, 2009 12:15 AM PDT
Collapse -
VBS.Mutafrog!inf
by Marianna Schmudlach / June 15, 2009 12:16 AM PDT

Discovered: June 15, 2009
Updated: June 15, 2009 8:17:29 AM
Type: Virus
Infection Length: Varies
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

VBS.Mutafrog!inf is a detection for files infected with code that infects files and drops more malware on to the compromised computer.


http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-061507-0143-99

Collapse -
Favorit Network
by Marianna Schmudlach / June 15, 2009 12:18 AM PDT

Aliases

* TrojanDownloader:Win32/Wintrim.BX
* Downloader-BPJ trojan

Category

* Adware or PUA

Type

* Adware


How it spreads

* Web downloads

Affected operating systems Windows
Characteristics

* Monitors browser activity


"Favorit Network" is advertising supported software from www.favorit-network.com.

"Favorit Network" provides a mechanism for software producers to make money by installing the Favorit opt-in advertising engine software as part of the installation of their software. The result is a single downloader/installer that downloads and installs both the host software and the "Favorit Network" software.

http://www.sophos.com/security/analyses/adware-and-puas/favoritnetwork.html

Collapse -
BookMaker Casino
by Marianna Schmudlach / June 15, 2009 12:19 AM PDT
Collapse -
Troj/Skimer-C
by Marianna Schmudlach / June 15, 2009 2:04 AM PDT
Collapse -
Troj/RegRun-A
by Marianna Schmudlach / June 15, 2009 2:05 AM PDT
Collapse -
Troj/FakeAv-TC
by Marianna Schmudlach / June 15, 2009 2:05 AM PDT
Collapse -
Troj/FakeAV-TB
by Marianna Schmudlach / June 15, 2009 2:06 AM PDT
Collapse -
Troj/DwnLdr-HSV
by Marianna Schmudlach / June 15, 2009 2:07 AM PDT
Collapse -
Troj/Drop-CS
by Marianna Schmudlach / June 15, 2009 2:08 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.