Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - June 23, 2008

by Marianna Schmudlach / June 22, 2008 12:08 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - June 23, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - June 23, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Steam-AL
by Marianna Schmudlach / June 23, 2008 12:28 AM PDT
Collapse -
Troj/Banker-EMB
by Marianna Schmudlach / June 23, 2008 12:29 AM PDT
Collapse -
Troj/Bancos-BEC
by Marianna Schmudlach / June 23, 2008 12:30 AM PDT
Collapse -
OSX/Hovdy-A
by Marianna Schmudlach / June 23, 2008 12:31 AM PDT

Category Viruses and Spyware

Type Trojan

OSX/Hovdy-A is a Trojan for the Machintosh OSX platform.

When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:

- disable system logging and delete system log files
- start PHPShell and web server
- start ARD, VNC and SSH services
- disable system updates
- open ports in the firewall
- disable third party security software
- steal various password hashes and keys which may be used to compromise other systems

OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxhovdya.html

Collapse -
W32/VB-EAB
by Marianna Schmudlach / June 23, 2008 12:32 AM PDT
Collapse -
W97M/Assilem.c.gen
by Marianna Schmudlach / June 23, 2008 12:34 AM PDT

Virus

SubType Macro

Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics
Characteristics -

Please refer to the VIL on W97M/Assilem.c for specific details on the virus behaviour.

http://vil.nai.com/vil/content/v_10440.htm


http://vil.mcafeesecurity.com/vil/content/v_146226.htm

Collapse -
WyHit
by Marianna Schmudlach / June 23, 2008 12:35 AM PDT

Type Trojan

SubType Win32

Overview -

This description is for a worm that is capable of spreading through removable devices and network shares.

The characteristics of this worm in regards to file names, folders created etc. will differ from one version to another. Hence, this is a general description.

http://vil.mcafeesecurity.com/vil/content/v_144352.htm

Collapse -
DrAntiSpy
by Marianna Schmudlach / June 23, 2008 12:37 AM PDT

Type Program

Win32

Overview:

This description is for potentially unwanted program that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Potentially Unwanted Programs are any piece of software which a reasonably security/privacy minded computer user may want to be informed of.

When the main executable is run, it displays the following window:

http://vil.mcafeesecurity.com/vil/content/v_144521.htm

Collapse -
Troj/FakeVir-CD
by Marianna Schmudlach / June 23, 2008 12:38 AM PDT
Collapse -
Troj/Dloadr-BMZ
by Marianna Schmudlach / June 23, 2008 12:39 AM PDT
Collapse -
Troj/Bckdr-QOB
by Marianna Schmudlach / June 23, 2008 12:41 AM PDT
Collapse -
Troj/Agent-HDC
by Marianna Schmudlach / June 23, 2008 12:42 AM PDT
Collapse -
Troj/Agent-HDB
by Marianna Schmudlach / June 23, 2008 12:43 AM PDT
Collapse -
Troj/Agent-HDA
by Marianna Schmudlach / June 23, 2008 12:44 AM PDT
Collapse -
Troj/Addler-Fam
by Marianna Schmudlach / June 23, 2008 12:45 AM PDT
Collapse -
XM97/Slcker-Gen
by Marianna Schmudlach / June 23, 2008 12:47 AM PDT
Collapse -
New breed of worm steals gaming passwords
by Marianna Schmudlach / June 23, 2008 1:39 AM PDT

23 June 2008,

A new generation of malware alware that looks for passwords to online games has emerged ? and its success rates are stunning. Last patch Tuesday, Microsoft added special detection functions for two contaminants called Taterf and Frethog to its Malicious Software Removal Tool (MSRT). The results sent back to Redmond surprised even Microsoft's malware specialists, who thought they had already seen it all.

On the first day alone, MSRT removed Taterf from 700,000 systems. In comparison, in the entire first month after the signatures for the Storm worm were added to the tool, only half that number of computers were found to be infected with the infamous bot network client. Online games such as Lineage Online and Legend of Mir are especially popular in the Far East. According to MSRT statistics, half a million systems in China alone were infected. But World of Warcraft and the Valves Steam client are also quite popular in the Western Hemisphere, where 230,000 Spanish systems ended up in third place.

More: http://www.heise-online.co.uk/security/New-breed-of-worm-steals-gaming-passwords--/news/110980

Collapse -
W32/Sohana-BB
by Marianna Schmudlach / June 23, 2008 4:32 AM PDT
Collapse -
VBS/Autorun-FN
by Marianna Schmudlach / June 23, 2008 4:33 AM PDT
Collapse -
Troj/Mdrop-BTK
by Marianna Schmudlach / June 23, 2008 4:34 AM PDT

Aliases Win32/TrojanDropper.Agent.AGE
Trojan-Dropper.Win32.Mudrop.cy

Category Viruses and Spyware

Type Trojan

Troj/Mdrop-BTK is a Trojan for the Windows platform.

When Troj/Mdrop-BTK is installed the following files are created:

<Temp>\11-00.exe
<Temp>\RarSFX0\Foto.exe
<Temp>\RarSFX0\Image.jpg
<Temp>\RarSFX0\windows1.bat
<Temp>\RarSFX0\windows1.pif
<Temp>\RarSFX0\windows3.bat
<Temp>\RarSFX0\windows3.pif
<Temp>\RarSFX0\zz20.exe

The files 11-00.exe, windows1.bat and windows3.bat are also detected as Troj/Mdrop-BTK .

The file foto.exe is detected as Troj/Dropper-PY.

When first run, Troj/Mdrop-BTK may display the image file photo.jpg.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbtk.html?_log_from=rss

Collapse -
Troj/Bdoor-AMC
by Marianna Schmudlach / June 23, 2008 4:35 AM PDT
Collapse -
Troj/Agent-HDD
by Marianna Schmudlach / June 23, 2008 4:36 AM PDT
Collapse -
OSX/Hovdy-A
by Marianna Schmudlach / June 23, 2008 4:38 AM PDT

Category Viruses and Spyware

Type Trojan

OSX/Hovdy-A is a Trojan for the Machintosh OSX platform.

When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:

- disable system logging and delete system log files
- start PHPShell and web server
- start ARD, VNC and SSH services
- disable system updates
- open ports in the firewall
- disable third party security software
- steal various password hashes and keys which may be used to compromise other systems

OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.

http://www.sophos.com/security/analyses/viruses-and-spyware/osxhovdya.html?_log_from=rss

Collapse -
Mal/EncPk-DW
by Marianna Schmudlach / June 23, 2008 4:39 AM PDT
Collapse -
Packed.Generic.96
by Marianna Schmudlach / June 23, 2008 4:40 AM PDT
Collapse -
Bloodhound.Exploit.193
by Marianna Schmudlach / June 23, 2008 4:41 AM PDT
Collapse -
IEGuide Plus
by Marianna Schmudlach / June 23, 2008 4:43 AM PDT

Category Adware or PUA

Type Adware

When installed IEGuide Plus will install itself in the folder <Program Files>\ieguide_plus and create a working uninstall entry in Add/Remove programs.

It will create the follow registry entry and attempt to download code from the internet at system startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
ieguide_plus
<Program Files>\ieguide_plus\ieguideupdate.exe


http://www.sophos.com/security/analyses/adware-and-puas/ieguideplus.html?_log_from=rss

Collapse -
IEGuide Plus Installer
by Marianna Schmudlach / June 23, 2008 4:45 AM PDT
Collapse -
W32/Mabezat-C
by Marianna Schmudlach / June 23, 2008 7:07 AM PDT
Collapse -
Troj/FakeAle-CM
by Marianna Schmudlach / June 23, 2008 7:08 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?