HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - May 28, 2008

by Marianna Schmudlach / May 27, 2008 3:07 PM PDT

Troj/FakeVir-BH

Category Viruses and Spyware

Type Trojan


Troj/FakeVir-BH pretends to scan the hard drive and will always find non-existant threats. It pretends to clean up the threats once the user pays a license fee.

Troj/FakeVir-BH creates the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Zinaps7

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Windows Adapter 5.1.3214

Protection available since 28 May 2008

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirbh.html

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - May 28, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - May 28, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dropr-K
by Marianna Schmudlach / May 28, 2008 12:29 AM PDT
Collapse -
Troj/Tibs-UJ
by Marianna Schmudlach / May 28, 2008 12:32 AM PDT
Collapse -
Trojan.HTML.Zlob
by Marianna Schmudlach / May 28, 2008 12:34 AM PDT

SYMPTOMS:

While browsing the Internet a message in your browser appears with a text similar to:

Video ActiveX Object Error. Your browser cannot play this video file.Click 'OK' to download and install missing Video ActiveX Object.

or

ActiveX Object Error:
Your browser cannot display this video/image file.

You need to download new version of Video
ActiveX Object to play this video file.

More: http://www.bitdefender.com/VIRUS-1000295-en--Trojan.HTML.Zlob.html

Collapse -
WinSpywareProtect Installer
by Marianna Schmudlach / May 28, 2008 12:35 AM PDT
Collapse -
Troj/SWFexp-A
by Marianna Schmudlach / May 28, 2008 12:37 AM PDT
Collapse -
Troj/Mdrop-BQZ
by Marianna Schmudlach / May 28, 2008 12:39 AM PDT
Collapse -
Troj/Gina-AM
by Marianna Schmudlach / May 28, 2008 12:40 AM PDT
Collapse -
Troj/Clicker-EV
by Marianna Schmudlach / May 28, 2008 12:42 AM PDT
Collapse -
W32/Autorun-EK
by Marianna Schmudlach / May 28, 2008 12:44 AM PDT
Collapse -
Troj/SWFexp-B
by Marianna Schmudlach / May 28, 2008 12:46 AM PDT
Collapse -
Troj/Pushdo-K
by Marianna Schmudlach / May 28, 2008 12:47 AM PDT
Collapse -
W32.Emsenush.A
by Marianna Schmudlach / May 28, 2008 12:54 AM PDT
Collapse -
SWF_DLOADER.ZHU
by Marianna Schmudlach / May 28, 2008 12:55 AM PDT
Collapse -
SWF_DLOADER.YVN
by Marianna Schmudlach / May 28, 2008 12:56 AM PDT
Collapse -
SWF_DLOADER.YVM
by Marianna Schmudlach / May 28, 2008 12:58 AM PDT
Collapse -
Flash Bugs Exploited in Latest Mass Compromise
by Marianna Schmudlach / May 28, 2008 2:02 AM PDT

May 28, 2008

Another mass compromise through (yet again) another SQL injection attack. The yet again?s and another?s keep coming, right? This time, unlike its predecessors that use relatively old and known (and patched) exploits, the attack introduces a new kid on the block: in the form of what looks like a zero-day exploit taking advantage of an unknown vulnerability in Adobe Flash Player, allowing malicious users to install info-stealers on affected PCs.

Well, this one already has a lot of history in it. Mass compromises are the month of May?s major stories. TrendLabs discovered them happening to Web sites everywhere from a huge portion of the Asian region (see here and here) to those in the Italian language. We have seen these mass compromises happening just mere days between each other (beside the links above, more information can be read in our blog).

Certain legitimate sites were found to have been injected with scripts that lead browsers silently to sites hosting exploits for the Flash vulnerability/ies. Upon meeting certain system conditions that allow the exploitation to commence, PCs download and execute info-stealers (like TSPY_UPACK.D) or droppers (like TROJ_DROPPER.NAK).

More: http://blog.trendmicro.com/

Collapse -
Mal/Dorf-E
by Marianna Schmudlach / May 28, 2008 2:07 AM PDT
Collapse -
W32/SillyFDC-AP
by Marianna Schmudlach / May 28, 2008 2:09 AM PDT

Aliases Win32/Autoit.AC
worm

Category Viruses and Spyware

Type Worm

W32/SillyFDC-AP is a worm for the Windows platform.

W32/SillyFDC-AP includes functionality to download, install and run new software.

When first run W32/SillyFDC-AP copies itself to <System>\msmsgs.exe attempts to copy itself to removable media and download files from the internet.

<System>\bad1.exe
<System>\bad2.exe
<System>\bad3.exe

The following registry entries are created to run W32/SillyFDC-AP on startup:

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32sillyfdcap.html?_log_from=rss

Collapse -
W32/Autorun-EL
by Marianna Schmudlach / May 28, 2008 2:10 AM PDT

Category Viruses and Spyware

Type Worm

When run W32/Autorun-EL copies itself to <System>/sys.vbs and also copies itself to all available drives to the file <Root>/sys.vbs and creates an autorun.inf file which will autorun sys.vbs.

W32/Autorun-EL will create or edit the following registry entries:

HKCU\Software\Microsoft\Internet Explorer\Main
Window Title
"Microsoft Internet Explorer"

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
0

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
<Target page>

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
"explorer.exe"

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe, <System>\wscript.exe <System>\sys.vbs

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunel.html?_log_from=rss

Collapse -
Troj/SWFdldr-A
by Marianna Schmudlach / May 28, 2008 2:11 AM PDT
Collapse -
Mal/Ejik-A
by Marianna Schmudlach / May 28, 2008 2:13 AM PDT
Collapse -
Cyber Predator
by Marianna Schmudlach / May 28, 2008 2:15 AM PDT
Collapse -
WinSpywareProtect Installer
by Marianna Schmudlach / May 28, 2008 2:16 AM PDT
Collapse -
Trojan.Exploit.JS.F
by Marianna Schmudlach / May 28, 2008 3:17 AM PDT
Collapse -
Zinaps
by Marianna Schmudlach / May 28, 2008 7:37 AM PDT
Collapse -
Mal/RKRustok-B
by Marianna Schmudlach / May 28, 2008 7:39 AM PDT
Collapse -
Mal/EncPk-CC
by Marianna Schmudlach / May 28, 2008 7:40 AM PDT
Collapse -
Troj/AutoInf-M
by Marianna Schmudlach / May 28, 2008 7:41 AM PDT
Collapse -
SpyMode PcSpy
by Marianna Schmudlach / May 28, 2008 7:43 AM PDT
Collapse -
Sus/SWFScene-A
by Marianna Schmudlach / May 28, 2008 7:44 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.