Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - June 23, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - June 23, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - June 23, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Steam-AL

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Banker-EMB

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Bancos-BEC

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
OSX/Hovdy-A

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Category Viruses and Spyware

Type Trojan

OSX/Hovdy-A is a Trojan for the Machintosh OSX platform.

When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:

- disable system logging and delete system log files
- start PHPShell and web server
- start ARD, VNC and SSH services
- disable system updates
- open ports in the firewall
- disable third party security software
- steal various password hashes and keys which may be used to compromise other systems

OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxhovdya.html

Collapse -
W32/VB-EAB

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
W97M/Assilem.c.gen

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Virus

SubType Macro

Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics
Characteristics -

Please refer to the VIL on W97M/Assilem.c for specific details on the virus behaviour.

http://vil.nai.com/vil/content/v_10440.htm


http://vil.mcafeesecurity.com/vil/content/v_146226.htm

Collapse -
WyHit

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Type Trojan

SubType Win32

Overview -

This description is for a worm that is capable of spreading through removable devices and network shares.

The characteristics of this worm in regards to file names, folders created etc. will differ from one version to another. Hence, this is a general description.

http://vil.mcafeesecurity.com/vil/content/v_144352.htm

Collapse -
DrAntiSpy

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Type Program

Win32

Overview:

This description is for potentially unwanted program that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Potentially Unwanted Programs are any piece of software which a reasonably security/privacy minded computer user may want to be informed of.

When the main executable is run, it displays the following window:

http://vil.mcafeesecurity.com/vil/content/v_144521.htm

Collapse -
Troj/FakeVir-CD

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Dloadr-BMZ

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Bckdr-QOB

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Agent-HDC

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Agent-HDB

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Agent-HDA

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Addler-Fam

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
XM97/Slcker-Gen

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
New breed of worm steals gaming passwords

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

23 June 2008,

A new generation of malware alware that looks for passwords to online games has emerged ? and its success rates are stunning. Last patch Tuesday, Microsoft added special detection functions for two contaminants called Taterf and Frethog to its Malicious Software Removal Tool (MSRT). The results sent back to Redmond surprised even Microsoft's malware specialists, who thought they had already seen it all.

On the first day alone, MSRT removed Taterf from 700,000 systems. In comparison, in the entire first month after the signatures for the Storm worm were added to the tool, only half that number of computers were found to be infected with the infamous bot network client. Online games such as Lineage Online and Legend of Mir are especially popular in the Far East. According to MSRT statistics, half a million systems in China alone were infected. But World of Warcraft and the Valves Steam client are also quite popular in the Western Hemisphere, where 230,000 Spanish systems ended up in third place.

More: http://www.heise-online.co.uk/security/New-breed-of-worm-steals-gaming-passwords--/news/110980

Collapse -
W32/Sohana-BB

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
VBS/Autorun-FN

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Mdrop-BTK

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Aliases Win32/TrojanDropper.Agent.AGE
Trojan-Dropper.Win32.Mudrop.cy

Category Viruses and Spyware

Type Trojan

Troj/Mdrop-BTK is a Trojan for the Windows platform.

When Troj/Mdrop-BTK is installed the following files are created:

<Temp>\11-00.exe
<Temp>\RarSFX0\Foto.exe
<Temp>\RarSFX0\Image.jpg
<Temp>\RarSFX0\windows1.bat
<Temp>\RarSFX0\windows1.pif
<Temp>\RarSFX0\windows3.bat
<Temp>\RarSFX0\windows3.pif
<Temp>\RarSFX0\zz20.exe

The files 11-00.exe, windows1.bat and windows3.bat are also detected as Troj/Mdrop-BTK .

The file foto.exe is detected as Troj/Dropper-PY.

When first run, Troj/Mdrop-BTK may display the image file photo.jpg.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbtk.html?_log_from=rss

Collapse -
Troj/Bdoor-AMC

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/Agent-HDD

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
OSX/Hovdy-A

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Category Viruses and Spyware

Type Trojan

OSX/Hovdy-A is a Trojan for the Machintosh OSX platform.

When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:

- disable system logging and delete system log files
- start PHPShell and web server
- start ARD, VNC and SSH services
- disable system updates
- open ports in the firewall
- disable third party security software
- steal various password hashes and keys which may be used to compromise other systems

OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxhovdya.html?_log_from=rss

Collapse -
Mal/EncPk-DW

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Packed.Generic.96

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Bloodhound.Exploit.193

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
IEGuide Plus

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Category Adware or PUA

Type Adware

When installed IEGuide Plus will install itself in the folder <Program Files>\ieguide_plus and create a working uninstall entry in Add/Remove programs.

It will create the follow registry entry and attempt to download code from the internet at system startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
ieguide_plus
<Program Files>\ieguide_plus\ieguideupdate.exe


http://www.sophos.com/security/analyses/adware-and-puas/ieguideplus.html?_log_from=rss

Collapse -
IEGuide Plus Installer

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
W32/Mabezat-C

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Collapse -
Troj/FakeAle-CM

In reply to: VIRUS \ Spyware ALERTS - June 23, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.