 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Zbot-AU
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotau.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhd.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealejt.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqqh.html?_log_from=rss
Category Viruses and Spyware
Type Worm
W32/AutoRun-NZ is a worm for the Windows platform.
When run W32/AutoRun-NZ copies itself to
<System>\vmmon.exe
<System>\wsntfy.exe
and creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\\userinit.exe,<System>\vmmon.exe,
HKCU\Software\Microsoft\Windows NT\CurrentVersion
(default)
<random characters>
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Microsoft Enterprise Manager
<System>\vmmon.exe
More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunnz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenties.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhkg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Banker-EOD is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankereod.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiet.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunob.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotacy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Invo-Zip is a family of zip files that contain malware.
Members of Troj/Invo-Zip are usually sent in spam pretending to relate to an invoice or receipt, often one related to a UPS transaction or to tax.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojinvozip.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojcinmush.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancosbet.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentieu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojadclickfb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobaqw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Zlob-AQV is a Trojan for the Windows platform.
When Troj/Zlob-AQV is installed the following files are created:
<Current Folder>\iebt.dll
<Current Folder>\iebtmm.exe
The following registry entry is created to run Troj/Zlob-AQV on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
start
<pathname of the Trojan executable>
The file iebt.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}
HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}
More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobaqv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Zlob-AQT is a Trojan for the Windows platform.
Troj/Zlob-AQT includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zlob-AQT is installed it creates the file <Current Folder>\wcm.exe.
The following registry entry is created to run Troj/Zlob-AQT on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
smile
<pathname of the Trojan executable>
Troj/Zlob-AQT changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\
Registry entries are created under:
HKCU\Software\Applications
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobaqt.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Keylog-KU is a keylogging Trojan for the Windows platform.
Troj/Keylog-KU copies itself to <System>\scvhost.exe and creates the following registry entries to run itself on system restart:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices
SCVHOST
<System>\scvhost.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SCVHOST
<System>\scvhost.exe
Troj/Keylog-KU also attempts to disable operating system tools such as Regedit and the Taskmanager.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeylogku.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavgd.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbza.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/Mourn-A is a program which displays characteristics of a family of worms which spread by copying themselves to removable devices.
http://www.sophos.com/security/analyses/viruses-and-spyware/malmourna.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavm.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiew.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiev.html?_log_from=rss
10 November 2008
'Tis The Season To Be Jolly
As is customary every year, SophosLabs analysts brace themselves for the onslaught of various malware/spam campaigns during the Christmas period.
This year, someone has gotten off to an early start by releasing a mass-mailing worm in the form of W32/AutoRun-NZ.
This mass-mailing worm is very similar to the old W32/MyDoom family of mass-mailing worms except that it also incorporates functionality to spread via removable media (like USB keys).
A typical e-mail sent out by the worm looks like this:
More: http://www.sophos.com/security/blog/2008/11/1965.html
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiez.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic