HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - May 16, 2009

by Marianna Schmudlach / May 16, 2009 12:13 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - May 16, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - May 16, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/DwnLdr-HQV
by Marianna Schmudlach / May 16, 2009 12:14 AM PDT

Category

* Viruses and Spyware

Type

* Trojan


Troj/DwnLdr-HQV is a Trojan for the Windows platform.

When run Troj/DwnLdr-HQV creates the files:
<Start Menu>\Programs\Startup\time.lnk - can be safely removed
<System>\drivers\etc\b.vbs - detected as Troj/DwnLdr-HQV
<System>\drivers\etc\pic.bat - detected as Troj/DwnLdr-HQV
<System>\drivers\etc\pic.exe - detected as Troj/DwnLdr-HQV
<System>\drivers\etc\pic.url - can be safely removed
<System>\drivers\etc\run.vbs - detected as Troj/DwnLdr-HQV
<System>\drivers\etc\svchost.exe - detected as Troj/DwnLdr-HQV
<System>\drivers\etc\xe.vbs - detected as Troj/DwnLdr-HQV
<Windows>\Temp\svchost.exe - detected as Troj/DwnLdr-HQV

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhqv.html?_log_from=rss

Collapse -
W32/AutoRun-AHB
by Marianna Schmudlach / May 16, 2009 12:14 AM PDT

Category

* Viruses and Spyware

Type

* Worm


W32/AutoRun-AHB is a worm for the Windows platform. W32/AutoRun-AHB spreads via removable shared drives.

When run W32/AutoRun-AHB copies itself to:
<Windows>\regsvr.exe
<System>\regsvr.exe
<System>\svchost<blank space>.exe

and creates the files:
<System>\setting.ini - can be safely removed
<System>\setup.ini - detected as W32/AutoIt-O
<System>\<random numbers>\svchost.001 - can be safely removed
<System>\<random numbers>\svchost.exe - detected as Ardamax

W32/AutoRun-AHB sets the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Msn Messsenger
<System>\regsvr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svchost Agent
<System>\<random numbers>\svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe regsvr.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunahb.html?_log_from=rss

Collapse -
Troj/PWS-BAE
by Marianna Schmudlach / May 16, 2009 12:15 AM PDT
Collapse -
Troj/FakeAV-QX
by Marianna Schmudlach / May 16, 2009 12:16 AM PDT
Collapse -
Troj/Banker-ERV
by Marianna Schmudlach / May 16, 2009 12:17 AM PDT
Collapse -
Troj/Banker-ERU
by Marianna Schmudlach / May 16, 2009 12:18 AM PDT
Collapse -
56th variant of the Koobface worm detected
by Marianna Schmudlach / May 16, 2009 12:19 AM PDT

Posted by Dancho Danchev

Researchers from PandaLabs are reporting on the detection of the 56th variant of the Koobface worm (Boface.BJ.worm), spreading across Facebook, Tagged, Friendster, MySpace, MyYearBook, Fubar.com, Hi5 and Bebo since May, 2008.

According to the company, the growth of Koobface related infections is as high as 1,200% since the first time it was detected over an year ago, where almost 40% of the infections based in the U.S, with the growth trend also confirmed by Microsoft?s Malware Protection Center.

What the cybercriminals have changed this time is the template, the use of an Ukrainian web site hosting service, and the ?missing? fake codec, which upon execution is not only converting the infected PC into a hosting provider part of the campaign, but is also pushing scareware, liveantimalwareproscanner .com and live-antimalware-scanner .com in particular.

More: http://blogs.zdnet.com/security/?p=3414

Collapse -
W32/AutoRun-AHC
by Marianna Schmudlach / May 16, 2009 2:46 AM PDT
Collapse -
Troj/Poison-AW
by Marianna Schmudlach / May 16, 2009 2:47 AM PDT
Collapse -
Troj/DownLd-AK
by Marianna Schmudlach / May 16, 2009 2:48 AM PDT
Collapse -
Troj/Bancos-BFP
by Marianna Schmudlach / May 16, 2009 2:49 AM PDT
Collapse -
Troj/Agent-JWK
by Marianna Schmudlach / May 16, 2009 2:50 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.