Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - March 31, 2009

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - March 31, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Autorun-ADO

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/PSW-GN

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Poison-AT

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Category

* Viruses and Spyware

Type

* Trojan


Troj/Poison-AT is a Trojan for the Windows platform.

When run Troj/Poison-AT copies itself to <System>\Msxmlcol.exe and creates the file <System>\Msxmlcol (which can be safely deleted). The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D38C6DC-D78C-9AD6-B45D-4DAAC33FD5EF}
StubPath
<System>\Msxmlcol.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpoisonat.html?_log_from=rss

Collapse -
Troj/DwnLdr-HPO

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
PWS-OnlineGames.dt.dll

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Type
Trojan
SubType
Application extension

Overview -

This description is for a password stealing and keylogging Trojan which attempts to steal system information and user information for certain online games.

The characteristics of this password stealer with regards to passwords stolen, sites accessed, files downloaded etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.
Aliases

* Gh0stRat

* GhostRat

Characteristics
Characteristics -

As this detection covers many variants, the characteristics of this Trojan Password Stealer with regards to the file names, registry keys, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.

Depending on the variant, it may create any of the following autostart registry entries:

More: http://vil.nai.com/vil/content/v_154167.htm

Collapse -
Mal/Swizzor-D

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLK

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLL

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Evenex-D

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JKT

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Delf-FBU

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Category

* Viruses and Spyware

Type

* Trojan


Troj/Delf-FBU is a Trojan for the Windows platform.

When first run Troj/Delf-FBU copies itself to <Common Files>\Microsoft Shared\msinfo\Mighng.exe.

The file Mighng.exe is registered as a new system driver service named "Networkection", with a display name of "Connection Sharing Networkection" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Networkection

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelffbu.html

Collapse -
Troj/Inject-GE

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/LdPinch-SD

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Category

* Viruses and Spyware

Type

* Trojan


Troj/LdPinch-SD is a Trojan for the Windows platform.

When run Troj/LdPinch-SD creates the file <System>\<random characters>.dll (detected as Troj/LdPinch-SD).

The following registry entries are set:

HKCR\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186}\InprocServer32
(Default)
<System>\<random characters>.dll

HKCR\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186}\InprocServer32
ThreadingModel
Apartment

http://www.sophos.com/security/analyses/viruses-and-spyware/trojldpinchsd.html

Collapse -
Troj/Bckdr-QSY

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Aliases

* BackDoor-CGX.svr
* Possibly a new variant of W32/Internet-Trojan-patched-based!Maximus

Category

* Viruses and Spyware

Type

* Trojan


Troj/Bckdr-QSY is a Trojan for the Windows platform.

Troj/Bckdr-QSY includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Bckdr-QSY copies itself to <System>\serviecs.exe and creates the file <System>\serviecs.cfg.

The file serviecs.exe is registered as a new system driver service named "Netlogin", with a display name of "Net Login" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Netlogin

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqsy.html?_log_from=rss

Collapse -
Troj/Agent-JLR

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLQ

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLM

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Mal/PDFJs-C

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Mal/PDFJs-B

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Mal/Behav-299

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
JS/Dload-FZ

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Bat/Lilp-A

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Category

* Viruses and Spyware

Type

* Worm


Bat/Lilp-A is a batchfile worm for the Windows platform.

When run the worm will attempt to copy itself to the following locations:

<Windows>\jcr.bat
<Windows>\system32\jcr.bat
\Windows.bat
\Program Files.bat
\Documents and Settings.bat
\Remover.bat
\Downloads.bat

Bat/Lilp-A will then delete all files from the current users Desktop and rename files with extensions DOC, XLS, MDB, DOCX, PPT, PPTX, JPG, BMP, PNG, GIF, JPEG, MPG, MP4, WMA, AVI to .bat in the "My Documents", "My Pictures" and "My Videos" folders.

The following registry entry is created to auto-start the worm:

HKLM\Software\Microsoft\Windows\CurrentVersion
Run
<Windows>\jcr.bat

Finally the worm will display a message, terminate explorer and shutdown the computer.

http://www.sophos.com/security/analyses/viruses-and-spyware/batlilpa.html?_log_from=rss

Collapse -
Trojan-Proxy:W32/Kvadr.gen!A

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Name : Trojan-Proxy:W32/Kvadr.gen!A
Aliases : TrojanProxy:Win32/Dosenjo (Microsoft)
Category: Malware
Type: Trojan-Proxy
Platform: W32

Summary
This type of trojan allows unauthorized parties to use the infected computer as a proxy server to access the Internet anonymously.
Details

Process Changes
Creates these mutexes:

? BabloPodejdaetZlo2

More: http://www.f-secure.com/v-descs/trojan-proxy_w32_kvadr_gen!a.shtml

Collapse -
Worm:W32/Downadup.gen

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Name : Worm:W32/Downadup.gen
Detection Names : Net-Worm.Win32.Kido
Worm:W32/Downadup.gen
Aliases : Worm:Win32/Conficker (Microsoft)
Mal/Conficker (Sophos)
W32/Conficker.worm.gen (Symantec)
Category: Malware
Type: Worm
Platform: W32

Summary
Downadup is a worm.

A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.
Disinfection
UPDATE

Recent variants of the Downadup worm attempt to block execution of F-Secure malware removal tools. If the downloaded tool does not work, please rename the file. Example: from "f-downadup.exe" to "file.exe" or "explorer.exe". Then try running the tool again.

More: http://www.f-secure.com/v-descs/worm_w32_downadup_gen.shtml

Collapse -
W32/Shodi-J

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/VBSDlr-A

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/BHO-LI

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLO

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Agent-JLN

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Collapse -
Troj/Mdrop-CAW

In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.