VIRUS \ Spyware ALERTS - November 13, 2008

Category

* Viruses and Spyware

Type

* Worm

W32/SillyFDC-CS is a worm for the Windows platform.

On execution W32/SillyFDC-CS copies itself to:
<User>\Documents\Top Pictures.exe
<User>\My Documents\Sexy Pictures.exe
<Windows>\Windows Explorer.exe

The following registry entry is created to run W32/SillyFDC-CS on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Explorer
<Windows>\Windows Explorer.exe

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt

http://www.sophos.com/security/analyses/viruses-and-spyware/w32sillyfdccs.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Virus


W32/Brontok-W is an email worm for the Windows platform.

W32/Brontok-W attempts to send itself to email addresses harvested from the computer. The worm will also attempt to modify various Windows Explorer settings.

When first run W32/Brontok-W copies itself to:

<User>\Local Settings\Application Data\csrss.exe
<User>\Local Settings\Application Data\inetinfo.exe
<User>\Local Settings\Application Data\lsass.exe
<User>\Local Settings\Application Data\services.exe
<User>\Local Settings\Application Data\smss.exe
<User>\Start Menu\Programs\Startup\empty.gif
<Windows>\ShellNew\sempalong.exe
<Windows>\eksplorasi.exe

The following registry entries are created to run W32/Brontok-W on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Tok-Cirrhatus
<User>\Local Settings\Application Data\smss.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bron-Spizaetus
<Windows>\ShellNew\sempalong.exe

More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32brontokw.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Worm


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunor.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Worm


W32/Autorun-OQ installs copies of itself as:-
- <windows>Regsvr.exe
- <system>Regsvr.exe
- <system>svchost .exe

Also W32/Autorun-OQ installs file <system>dotnetfx.dll

A scheduled task AT1 is created to run <windows>svchost .exe

A share NewFolder.exe is created.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunoq.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Trojan


Troj/Psyme-KP is a Trojan for the Windows platform.

When Troj/Psyme-KP is installed the following files are created:

<System&gt<random>.cpx
<System>\dllcache\ws2_32.dll
<System>\543545.dll

ws2_32.dll is a Windows System file.
543545.dll can be safely deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpsymekp.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhj.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhh.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbuzusv.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhoia.html?_log_from=rss

Category

* Viruses and Spyware

Type

* Malicious Behavior


Affected operating systems Windows
Characteristics

* Drops more malware

http://www.sophos.com/security/analyses/viruses-and-spyware/malbindvb.html?_log_from=rss