 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Swizzor-OL
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojswizzorol.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbze.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentifk.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentifj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentifi.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/Emogen-N is a malicious program for the Windows platform.
Detection for members of Mal/Emogen-N is behavior based. It is extremely important that customers report detections of Mal/Emogen-N to Sophos and send a sample for analysis.
http://www.sophos.com/security/analyses/viruses-and-spyware/malemogenn.html?_log_from=rss
Category Viruses and Spyware
Type Worm
How it spreads Removable storage devices
Email attachments
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunnz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/FakeAV-GI is a Trojan for the Windows platform.
When Troj/FakeAV-GI is installed the following files are created:
<Current Folder>\delself.bat
<System>\brastk.exe
<System>\dllcache\beep.sys
<System>\dllcache\figaro.sys
The file brastk.exe is detected as Mal/Heuri-E and the files beep.sys and figaro.sys are detected as Mal/FakeAle-C.
The file delself is not malicious and may be deleted.
The following registry entries are created to run brastk.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavgi.html?_log_from=rss
Aliases TrojanDownloader:Win32/Bredolab.B
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbzh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbzg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbzf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/BHO-HZ is a Trojan for the Windows platform.
Troj/BHO-HZ includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/BHO-HZ on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
jlqqbbbrwxxxslumx
<System>\regsvr32.exe /s "<pathname of the Trojan DLL>"
The Troj/BHO-HZ DLL is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA87206E-6649-68E8-4F44-0D518AC007E3}
HKCR\CLSID\{AA87206E-6649-68E8-4F44-0D518AC007E3}
Registry entries are created under:
HKCU\Software\{184C47A0-3CF1-2931-3F0C-3539E5A842D0
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohy.html?_log_from=rss
Aliases Adware-ISM
AdBand.E.1
Win32.AdBand.e
Category Adware or PUA
Type Unspecified PUA
IMS Ads is a potentially unwanted application for the Windows platform.
IMS Ads replaces web page banner ads with its own ads.
Banners by IMS Ads read:
Ads by ISM and not from the website you are visiting.
IMS Ads creates registry entries under the following keys:
<HKCU>\software\microsoft\internet explorer\explorer bars\
<HKCU>\software\microsoft\windows\currentversion\explorer\browser helper objects\
IMS Ads also installs itself under the following classids:
875a1348-7674-42aa-adac-b4f36a004a2d
1bac9a2a-4755-43c3-a430-d3512c5b8a4e
http://www.sophos.com/security/analyses/adware-and-puas/imsads.html?_log_from=rss
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/AutoInf-B exhibits characteristics commonly, but not exclusively, found in malware.
Sus/AutoInf-B is a suspicious file that may cause malware to be executed when the media containing the file is accessed by a computer running Windows.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susautoinfb.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic