Spyware, Viruses, & Security forum

General discussion

VIRUS \ spyware ALERTS - November 12, 2008

by Marianna Schmudlach / November 11, 2008 10:32 AM PST
Discussion is locked
You are posting a reply to: VIRUS \ spyware ALERTS - November 12, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ spyware ALERTS - November 12, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Lineag-GO
by Marianna Schmudlach / November 11, 2008 10:45 AM PST
Collapse -
Troj/FakeVir-HG
by Marianna Schmudlach / November 11, 2008 10:46 AM PST
Collapse -
Troj/Agent-IFN
by Marianna Schmudlach / November 11, 2008 10:47 AM PST
Collapse -
Troj/Agent-IFM
by Marianna Schmudlach / November 11, 2008 10:48 AM PST

Aliases Trojan-Clicker.Win32.Agent.ela

Category Viruses and Spyware

Type Trojan

Troj/Agent-IFM is a Trojan for the Windows platform.

When first run, Troj/Agent-IFM creates the following files:

<System>\<random>.exe
<System>\<random>.dll

These files are detected as Troj/Agent-IFM.

The Trojan also creates:

<Temp>\<random>.tmp\NSISdl.dll
<Temp>\<random>.tmp\System.dll

These files may be deleted.

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentifm.html?_log_from=rss

Collapse -
Mal/Cimuz-J
by Marianna Schmudlach / November 11, 2008 10:49 AM PST
Collapse -
Mal/Broute-A
by Marianna Schmudlach / November 11, 2008 10:50 AM PST
Collapse -
Mal/Behav-309
by Marianna Schmudlach / November 11, 2008 10:52 AM PST
Collapse -
Mal/AdvPatch-A
by Marianna Schmudlach / November 11, 2008 10:53 AM PST
Collapse -
Troj/Agent-IFP
by Marianna Schmudlach / November 12, 2008 12:22 AM PST
Collapse -
Troj/Agent-IFO
by Marianna Schmudlach / November 12, 2008 12:24 AM PST
Collapse -
W32/Sohanad-B
by Marianna Schmudlach / November 12, 2008 12:25 AM PST
Collapse -
W32/SDBot-DNK
by Marianna Schmudlach / November 12, 2008 12:26 AM PST
Collapse -
Troj/RootKit-EC
by Marianna Schmudlach / November 12, 2008 12:27 AM PST
Collapse -
Troj/DwnLdr-HKK
by Marianna Schmudlach / November 12, 2008 12:28 AM PST
Collapse -
Troj/Dloadr-BZJ
by Marianna Schmudlach / November 12, 2008 12:29 AM PST
Collapse -
Troj/Bancos-BEU
by Marianna Schmudlach / November 12, 2008 12:30 AM PST
Collapse -
Troj/Agent-IFQ
by Marianna Schmudlach / November 12, 2008 12:31 AM PST
Collapse -
Mal/ObfJS-BK
by Marianna Schmudlach / November 12, 2008 12:32 AM PST
Collapse -
AVG gives false alarm for Windows system library
by Marianna Schmudlach / November 12, 2008 1:35 AM PST

12 November 2008

AVG Anti-Virus 8.0 incorrectly identifies the Windows system library user32.dll as a Trojan and recommends that it be deleted. Anyone who follows that suggestion will find Windows will no longer start up. This is particularly serious because the free version of AVG antivirus is very widely used.

AVG displays an error message claiming that the system file contains a threat, either "PSW.Banker4.APSA" or "Generic9TBN". AVG has now confirmed that this is an error and it has eliminated the problem with a signature update, but users who had already deleted the file as the program suggested must replace it before the system is shut down, or it will fail to boot. If they have a Windows installation CD, they can do so using the Repair function or the recovery console, as described by Microsoft (see the section "Method 1: Use Recovery Console to restore the User32.dll file"). If no Windows CD is available but the user has another working computer, AVG provides a third option, a "fix-it tool" that can be booted from a CD or USB stick.

More: http://www.heise-online.co.uk/security/AVG-gives-false-alarm-for-Windows-system-library--/news/111940

Collapse -
LivePlayer
by Marianna Schmudlach / November 12, 2008 1:42 AM PST
Collapse -
Troj/PWS-AVZ
by Marianna Schmudlach / November 12, 2008 1:50 AM PST
Collapse -
Troj/PWS-AVY
by Marianna Schmudlach / November 12, 2008 1:51 AM PST
Collapse -
Troj/PDFJs-E
by Marianna Schmudlach / November 12, 2008 1:52 AM PST
Collapse -
Troj/FakeAV-GJ
by Marianna Schmudlach / November 12, 2008 1:53 AM PST

Aliases Backdoor.Win32.Frauder.uw

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-GJ is a Trojan for the Windows platform.

When first run Troj/FakeAV-GJ copies itself to <System>\msiconf.exe and creates the following files:

<Desktop>\Gay Fetish Sex.url
<User>\Application Data\eb6af0a414ab8daf
<User>\Local Settings\Application Data\Thumbs.db

The following registry entry is created to run msiconf.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msiexec.exe
msiconf.exe

Registry entries are created under:

HKCU\Software\Rapid Antivirus

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavgj.html?_log_from=rss

Collapse -
Troj/CmjSpy-AK
by Marianna Schmudlach / November 12, 2008 1:54 AM PST

Category Viruses and Spyware

Type Trojan

Troj/CmjSpy-AK is a Trojan for the windows platform.

Troj/CmjSpy-AK creates the following Registry entries:

HKLM\SYSTEM\CurrentControlSet\Services\Error Reporting
ImagePath
C:\Program Files\Common Files\Microsoft Shared\MSINFO\<Trojan filename>.exe

HKLM\SYSTEM\CurrentControlSet\Services\Error Reporting
DisplayName
Error Reporting

HKLM\SYSTEM\CurrentControlSet\Services\Error Reporting
Description
<Random Characters>

Troj/CmjSpy-AK creates the following files:
<Common Files>\Microsoft Shared\MSInfo\Server.exe

<SYSTEM>\_<Trojan filename>.exe

<Root Drive>\AutoRun.inf

<Root Drive>\<Trojan filename>.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojcmjspyak.html?_log_from=rss

Collapse -
TROJ_PIDIEF.CB.
by Marianna Schmudlach / November 12, 2008 3:52 AM PST

Adobe Reader Vulnerability: Actively Being Exploited

Several active exploits targeting a vulnerability in Adobe Reader are now in the wild.

Patch now.

Last week, Adobe released an update for Adobe Acrobat 8 and Adobe Reader 8 and a day later, a working exploit code for the util.printf() vulnerability was released. As expected, malware authors were quick to use the exploit for their own gain.

Trend Micro Research Manager Ivan Macalintal was alerted to the discovery of malicious .PDFs that exploit the Adobe Reader vulnerability, which Trend Micro now detects as TROJ_PIDIEF.CB. Users with unpatched Adobe Reader software may be infected when they unknowingly access a certain remote website or are redirected there from malicious banners and ads.

Upon execution, TROJ_PIDIEF.CB could crash Reader and then allow a malicious user to take control of an affected system. This compromises system security and exposes it to more threats as malicious users could easily dump adware and malicious programs under the VUNDO, VIRTUMON, and in some cases, also VIRUT families into infected PCs.

More: http://blog.trendmicro.com/

Collapse -
Sus/Malware-C
by Marianna Schmudlach / November 12, 2008 3:55 AM PST
Collapse -
Sus/ObfJS-BK
by Marianna Schmudlach / November 12, 2008 3:57 AM PST
Collapse -
Troj/Zlob-ARD
by Marianna Schmudlach / November 12, 2008 4:19 AM PST
Collapse -
Troj/FreeVid-A
by Marianna Schmudlach / November 12, 2008 4:20 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?