Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - May 19, 2009

by Marianna Schmudlach / May 19, 2009 12:01 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - May 19, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - May 19, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-JXE
by Marianna Schmudlach / May 19, 2009 12:02 AM PDT
Collapse -
Troj/Agent-JXF
by Marianna Schmudlach / May 19, 2009 12:03 AM PDT
Collapse -
Troj/Agent-JXG
by Marianna Schmudlach / May 19, 2009 12:03 AM PDT
Collapse -
Troj/Agent-JXL
by Marianna Schmudlach / May 19, 2009 12:04 AM PDT
Collapse -
Troj/Daonol-Fam
by Marianna Schmudlach / May 19, 2009 12:05 AM PDT

Aliases

* Rootkit.Win32.Agent.fwt
* Trojan:Win32/Daonol.A
* Trojan:Win32/Daonol.B

Category

* Viruses and Spyware

Type

* Trojan


Troj/Daonol-Fam is a family of Trojans for the Windows platform.

Members of Troj/Daonol-Fam typically copy themselves to the Root folder and create some of the following files

<Root>\<random filename>.bat (clean batch file)
<System>\sysaudio.sys

The file sysaudio.sys is also a member of Troj/Daonol-Fam.

A registry entry is usually set similar to the following:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
aux
sysaudio.sys

Troj/Daonol-Fam attempts to redirect internet traffic from a number of websites.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdaonolfam.html?_log_from=rss

Collapse -
Troj/Dldr-W
by Marianna Schmudlach / May 19, 2009 12:06 AM PDT
Collapse -
Troj/FakeVir-MI
by Marianna Schmudlach / May 19, 2009 12:07 AM PDT
Collapse -
Troj/PDFEx-BB
by Marianna Schmudlach / May 19, 2009 12:07 AM PDT
Collapse -
Troj/PDFJs-AY
by Marianna Schmudlach / May 19, 2009 12:08 AM PDT
Collapse -
Troj/Agent-JWZ
by Marianna Schmudlach / May 19, 2009 12:09 AM PDT
Collapse -
Troj/Agent-JXA
by Marianna Schmudlach / May 19, 2009 12:10 AM PDT
Collapse -
Troj/Agent-JXB
by Marianna Schmudlach / May 19, 2009 12:11 AM PDT
Collapse -
Troj/Agent-JXC
by Marianna Schmudlach / May 19, 2009 12:12 AM PDT
Collapse -
Troj/Dloadr-CML
by Marianna Schmudlach / May 19, 2009 12:13 AM PDT
Collapse -
Troj/FakeAV-RC
by Marianna Schmudlach / May 19, 2009 12:14 AM PDT
Collapse -
Troj/FakeAV-RD
by Marianna Schmudlach / May 19, 2009 12:15 AM PDT
Collapse -
Troj/Lolyda-E
by Marianna Schmudlach / May 19, 2009 12:15 AM PDT
Collapse -
Troj/PDFEx-BA
by Marianna Schmudlach / May 19, 2009 12:16 AM PDT
Collapse -
Troj/Perflog-I
by Marianna Schmudlach / May 19, 2009 12:17 AM PDT
Collapse -
TROJ_SMALL.UY
by Marianna Schmudlach / May 19, 2009 12:52 AM PDT

Malware type: Trojan

Malware Overview

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it creates folders. It adds an Uninstall option in the Control Panel. It creates registry entries as part of its installation routine.

It drops files detected by Trend Micro as TROJ_DLOADER.ZEK. It also drops several Adobe Flash Player files.

It deletes itself after execution.

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.UY

Collapse -
Troj/JSRedir-R
by Marianna Schmudlach / May 19, 2009 2:24 AM PDT

Category

* Viruses and Spyware

Type

* Trojan


Troj/JSRedir-R is a malicious script likely to have been injected into a defaced web page to load remote malicious content when the page is viewed. Analysis of many defaced sites has shown that many examples of Troj/JSRedi-R are buggy and do not work.

Websites affected with Troj/JSRedir-R may also see detections of Troj/PHPMod-A.

Working copies of Troj/JSRedir-R will redirect users to a Chinese Domain (hosted in Russia) and then via a series of PDF and SWF exploits attempt to install malware detected as Troj/Daonol-Fam.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirr.html?_log_from=rss

Collapse -
Troj/Inject-HG
by Marianna Schmudlach / May 19, 2009 2:24 AM PDT
Collapse -
Troj/Inject-HF
by Marianna Schmudlach / May 19, 2009 2:25 AM PDT
Collapse -
Troj/Ertfor-A
by Marianna Schmudlach / May 19, 2009 2:26 AM PDT
Collapse -
Troj/Agent-JXP
by Marianna Schmudlach / May 19, 2009 2:27 AM PDT
Collapse -
Troj/Agent-JXO
by Marianna Schmudlach / May 19, 2009 2:27 AM PDT
Collapse -
Troj/Agent-JXN
by Marianna Schmudlach / May 19, 2009 2:28 AM PDT
Collapse -
Troj/Agent-JXM
by Marianna Schmudlach / May 19, 2009 2:29 AM PDT
Collapse -
Palm/Phage-A
by Marianna Schmudlach / May 19, 2009 2:30 AM PDT

Category

* Viruses and Spyware

Type

* Virus


This is the first virus for PalmOS based handheld computers. If an
infected file is run, the virus will find the executable
resource section for an application and overwrite it
with the viral code, effectively rendering the infected program
unusable. There are no visible signs of infection, apart from the
fact that the infected programs display a blank screen and then exit.

http://www.sophos.com/security/analyses/viruses-and-spyware/palmphagea.html?_log_from=rss

Collapse -
PWS-OnlineGames.ee
by Marianna Schmudlach / May 19, 2009 4:59 AM PDT

Type
Trojan
SubType
Password Stealer

Overview -

PWS-OnlineGames.ek is detection for a trojan that steals online game accounts, such as Lineage, LegMir, World of Warcraft and Rohan.
Characteristics
Characteristics -

As there are several variants of this Trojan, this is just a general guide on how the trojan infects systems.

This Trojan is dropped into the %SystemRoot%\system32 folder by Generic Dropper.eb.

It has the following file name(s):

* A1A6BC2E.dll

It is restarted on system reboot with the help of the following registy keys(s):

* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}

More: http://vil.nai.com/vil/content/v_154574.htm

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?