Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - November 26, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - November 26, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - November 26, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/AutoRun-QK

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Category Viruses and Spyware

Type Worm

W32/AutoRun-QK is a worm for the Windows platform.

When run W32/AutoRun-QK copies itself to
<Windows>\servers.exe
<System>\_servers.exe

and creates the file <Root>\autorun.inf (detected as W32/AutoRun-QK )

W32/AutoRun-QK registers itself as a Windows service with the display name of "Windows_svchost" and a startup type of automatic. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Windows_svchost

W32/AutoRun-QK spreads via removable shared drives by copying itself to <Root>\servers.exe and creating the file <Root>\autorun.inf (detected as W32/AutoRun-QK).


http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunqk.html?_log_from=rss

Collapse -
Trojan-Downloader:OSX/Jahlev.A

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Dload-EP

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Click-D

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/BHO-IO

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/BHO-IN

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/BHO-IM

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Bancos-BEW

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Agent-IIY

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Agent-IIX

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Agent-IIU

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Agent-IIP

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Jailbreak

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Certificate Exporter

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Sus/BanHosts-A

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Worm:W32/Downadup.A

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Name : Worm:W32/Downadup.A
Detection Names : Worm:W32/Downadup.A
Worm:W32/Downadup.A

Aliases : Worm:Win32/Conficker.A (Microsoft)

Type: Worm
Category: Malware
Platform: W32


Summary
A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.


Additional Details
Installation

Downadup is delivered in a DLL file. The file is dropped in the system directory as a random service, with a random file name.

Example:


%systemroot%\system32\[...].dll

The malware then creates the following registry entries:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[...].dll
ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs

More: http://www.f-secure.com/v-descs/worm_w32_downadup_a.shtml

Collapse -
Packed.Generic.197

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Packed.Generic.198

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Packed.Generic.199

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Adware.OneStep

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/Klif-Gen

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Troj/FakeAv-GZ

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Mal/Conficker-A

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
Facebook, Fake AV and Friends

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

26 November 2008

We?ve seen an increasing amount of Facebook worms over recent months, and the last few variants have started to reference other social networking sites, including MySpace. I saw the move to a broader spectrum of targets mirrored when I was investigating the following chain, and it led me to believe there?s a link between these worms and the current plague of ?fake anti-virus? (aka ?fake AV?) Trojans.

The chain starts off when you receive a message from someone you know in Facebook. The one I saw last week looked like this:

{your friend?s name} sent you a message.

Subject: is it u there?

?WOW
http://www.facebook.com/l.php?u=http://google.com%2Fsearch%3Fq%3Dcache??

More: http://www.sophos.com/security/blog/2008/11/2023.html

Collapse -
Spam is up by 200%. Rustock botnet revival to blame.

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

26 November 2008

Two weeks ago we wrote about a significant drop in spam volumes caused by the shutdown of McColo hosting. There was no doubt that spam traffic will get back to its previous levels (if not higher) eventually. The question was ? when?

Unfortunately, McColo made a brief comeback on November 15th, which gave enought time to Rustock botnet owners to reconfigure the botnet, resuming the control. It took them less than 10 days to put it back in the ?business?.

Starting yesterday, the amount of spam coming to our traps has gone up 3 times (a 200% increase) .

More: http://www.sophos.com/security/blog/2008/11/2028.html

Collapse -
JS/Dload-EQ

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
W32/Kukoo-D

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Collapse -
W32/Confick-A

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Aliases Worm:Win32/Conficker.A
W32/Conficker.worm
Trojan-Downloader.Win32.Agent.aqfw

Category Viruses and Spyware

Type Worm

W32/Confick-A is a worm which spreads by exploiting the MS08-067 vulnerability.

When exploited, the worm will move itself into <System>\<random characters>.dll and creates a randomly-named service to run this file automatically, including the following registry entry:

HKLM\SYSTEM\CurrentControlSet\Services\<random service name>\Parameters\
ServiceDll
<path to worm dll>

http://www.sophos.com/security/analyses/viruses-and-spyware/w32conficka.html?_log_from=rss

Collapse -
VBS/Autorun-QO

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Category Viruses and Spyware

Type Worm

VBS/Autorun-QO displays the text "THIS IS AN ANTI-VIRUS AND WILL HELP YOUR SYSTEM TO WORK PROPERLY" and "RAHUL THE H@CkEr".

VBS/Autorun-QO copies itself to accessible drives and the Windows system folder as LOVERAHULSAS.vbs.

VBS/Autorun-QO spreads together with a file autorun.inf. The autorun.inf file is also detected as VBS/Autorun-QO.

The following registry entries are created:

HKCU\Software\Microsoft\Internet Explorer\Main
Window Title
"RAHUL THE H@CkeR"

More: http://www.sophos.com/security/analyses/viruses-and-spyware/vbsautorunqo.html?_log_from=rss

Collapse -
Troj/Refpron-B

In reply to: VIRUS \ Spyware ALERTS - November 26, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.