HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - March 31, 2010

by Marianna Schmudlach / March 31, 2010 8:18 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - March 31, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - March 31, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Iframe-EE
by Marianna Schmudlach / March 31, 2010 8:18 AM PDT
Collapse -
Troj/Iframe-DW
by Marianna Schmudlach / March 31, 2010 8:19 AM PDT
Collapse -
Troj/FakeAV-BBV
by Marianna Schmudlach / March 31, 2010 8:20 AM PDT

Aliases

* Trojan.Win32.FraudPack.apng

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/FakeAV-BBV is a Trojan for the Windows platform.

Troj/FakeAV-BBV includes functionality to:

- run automatically
- access the internet and communicate with a remote server via HTTP

Troj/FakeAV-BBV communicates via HTTP with known malware repositories.


When Troj/FakeAV-BBV is installed it creates the file <User>\Local Settings\Application Data\yxxuomjtl\wqgajkmtssd.exe.

Registry entries are set as follows:

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavbbv.html?_log_from=rss

Collapse -
Troj/Agent-MVX
by Marianna Schmudlach / March 31, 2010 8:21 AM PDT

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Troj/Agent-MVX is a Trojan for the Windows platform.

Troj/Agent-MVX includes functionality to run automatically and copy itself to the <System> folder.

When Troj/Agent-MVX is installed it creates the file <System>\actmovier.exe.

The file actmovier.exe is registered as a new service named "DhcpVSS", with a display name of "DHCP Client DhcpVSS". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\DhcpVSS

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentmvx.html?_log_from=rss

Collapse -
Mal/Krap-L
by Marianna Schmudlach / March 31, 2010 8:22 AM PDT
Collapse -
Mal/FakeAV-DC
by Marianna Schmudlach / March 31, 2010 8:22 AM PDT
Collapse -
Mal/FakeAV-DB
by Marianna Schmudlach / March 31, 2010 8:23 AM PDT
Collapse -
Mal/EncPk-OL
by Marianna Schmudlach / March 31, 2010 8:24 AM PDT
Collapse -
Mal/Backdr-H
by Marianna Schmudlach / March 31, 2010 8:24 AM PDT
Collapse -
PE_SALITY.BA
by Marianna Schmudlach / March 31, 2010 8:26 AM PDT

In the past week, TrendLabs noticed a significant growth in the number of file infectors in the wild, particularly in Latin America. A significant increase in PE_SALITY.BA cases was particularly spotted in the region. A rise in VIRUX variants, particularly PE_VIRUX.R, was also spotted at around the same time.

File infectors are not a new threat nor do they have the notoriety of much-talked-about threats like ZBOT, KOOBFACE, and FAKEAV. However, this does not make them any less of a problem, particularly for enterprise users. In addition, these attacks are growing in sophistication as well.

According to TrendLabs? Escalation Team, previous versions of SALITY file infectors such as PE_SALITY.SA used simpler encryption techniques. In particular, they used only one layer of encryption, making analysis a simpler affair by looking at sections of the file that have only zeroes as shown in Figure 1.

More: http://blog.trendmicro.com/

Collapse -
McAfee Labs Low-Profiled Threat Notice: W32/Vulcanbot
by Marianna Schmudlach / March 31, 2010 8:27 AM PDT

Notice
This is a Low-Profiled Threat Notice for W32/Vulcanbot

Justification
W32/Vulcanbot has been deemed Low-Profiled due to media attention at http://googleonlinesecurity.blogspot.com/2010/03/chilling-effects-of-malware.html.

Read About It
Information about W32/Vulcanbot is located on VIL at: http://vil.nai.com/vil/content/v_254209.htm

Additional Information
McAfee Security Insights Blog - http://siblog.mcafee.com/cto/vietnamese-speakers-targeted-in-cyberattack/
McAfee Labs W32/Vulcanbot Q&A - http://download.nai.com/products/mcafee-avert/McAfee_Labs_VulcanBot_Q&A.pdf

Collapse -
Trojan:Win32/Agent
by Marianna Schmudlach / March 31, 2010 8:28 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
Trojan:Win32/Agent is a generic detection for a number of trojans that may perform different malicious functions. The behaviors exhibited by this family are highly variable.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Agent&ThreatID=-2147399982

Collapse -
TrojanDropper:Win32/Agent.UM
by Marianna Schmudlach / March 31, 2010 8:29 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
TrojanDropper:Win32/Agent.UM is a trojan that downloads and executes arbitrary files from remote sites. There are various minor variants of this trojan in the wild that differ in size, packer type and domains contacted.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Agent.UM&ThreatID=-2147366728

Collapse -
TrojanSpy:Win32/Bancos.gen!A
by Marianna Schmudlach / March 31, 2010 8:30 AM PDT

Aliases
Win-Trojan/Bancos.479720 (AhnLab)
Win32/Bancos.IVV (CA)
Trojan-Spy.Win32.Bancos.apq (Kaspersky)
Spy-Agent.cj.gen.h (McAfee)
W32/Banker.CDRQ (Norman)
Mal/Emogen-T (Sophos)
Trojan.Banker.Delf (Sunbelt Software)
Infostealer.Bancos (Symantec)
TSPY_BANKER.YY (Trend Micro)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
TrojanSpy:Win32/Bancos.gen!A is a password stealing trojan, that targets specific online banking web sites. Captured credentials may be sent via SMTP e-mail to a specified e-mail address.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.gen!A&ThreatID=-2147368638

Collapse -
TrojanSpy:Win32/Bancos.TI
by Marianna Schmudlach / March 31, 2010 8:30 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.TI&ThreatID=-2147334891

Collapse -
TrojanSpy:Win32/Bancos.TJ
by Marianna Schmudlach / March 31, 2010 8:31 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.TJ&ThreatID=-2147334873

Collapse -
TrojanSpy:Win32/Bancos.TK
by Marianna Schmudlach / March 31, 2010 8:32 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Bancos

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.TK&ThreatID=-2147334870

Collapse -
TrojanSpy:Win32/Banker.OO
by Marianna Schmudlach / March 31, 2010 8:33 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banker

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Banker.OO&ThreatID=-2147338817

Collapse -
TrojanSpy:Win32/Banker.PY
by Marianna Schmudlach / March 31, 2010 8:33 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Data Theft. A data theft trojan gathers personal data, often of a financial nature, from affected systems. Collected data may include credit card numbers, tax returns, login credentials or any other informed deemed to be of interest to the attacker. The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

More details are available in the Family description of Win32/Banker

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Banker.PY&ThreatID=-2147334889

Collapse -
Trojan:Win32/Banprox.A
by Marianna Schmudlach / March 31, 2010 8:34 AM PDT
Collapse -
Trojan:Win32/BHO.G
by Marianna Schmudlach / March 31, 2010 8:35 AM PDT
Collapse -
Backdoor:Win32/Bifrose.HP
by Marianna Schmudlach / March 31, 2010 8:35 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Bifrose.HP&ThreatID=-2147334888

Collapse -
Backdoor:Win32/Bifrose.HQ
by Marianna Schmudlach / March 31, 2010 8:36 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Bifrose.HQ&ThreatID=-2147334887

Collapse -
Trojan:Win32/Carmapic.A
by Marianna Schmudlach / March 31, 2010 8:37 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Carmapic.A&ThreatID=-2147334885

Collapse -
TrojanDownloader:Win32/Cavitate
by Marianna Schmudlach / March 31, 2010 8:38 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader:Win32/Cavitate&ThreatID=-2147383430

Collapse -
TrojanDropper:Win32/Delf.BH
by Marianna Schmudlach / March 31, 2010 8:38 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Delf.BH&ThreatID=-2147358373

Collapse -
TrojanDropper:Win32/Fainli.A
by Marianna Schmudlach / March 31, 2010 8:39 AM PDT

Encyclopedia entry
Published: Mar 31, 2010

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.79.870.0
Released: Mar 31, 2010


Summary
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ?drops? and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Fainli.A&ThreatID=-2147334877

Collapse -
Trojan:Win32/FakeMS
by Marianna Schmudlach / March 31, 2010 8:40 AM PDT
Collapse -
Trojan:Win32/Fanop
by Marianna Schmudlach / March 31, 2010 8:41 AM PDT

Encyclopedia entry
Published: Mar 31, 2007

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.


https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Fanop&ThreatID=-2147385312

Collapse -
PWS:Win32/Frethog.F
by Marianna Schmudlach / March 31, 2010 8:41 AM PDT

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.79.870.0
Released: Mar 31, 2010

Summary
PWS:Win32/Frethog.F is part of a multi-component password-stealing trojan that targets confidential data, such as account information, from Massive Multiplayer Online Role Playing Games (MMORPG) such as World of Warcraft (WoW).

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Frethog.F&ThreatID=-2147372178

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.