Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - November 5, 2008

Nov 4, 2008 1:50PM PST

Discussion is locked

- Collapse -
Troj/Agent-IDE
Nov 4, 2008 1:51PM PST
- Collapse -
Troj/FakeVir-GX
Nov 4, 2008 1:51PM PST
- Collapse -
Troj/FakeAV-FZ
Nov 4, 2008 1:53PM PST

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-FZ is a Trojan for the Windows platform.

Troj/FakeAV-FZ includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/FakeAV-FZ is installed the following files are created:

<User>\Application Data\Internet Antivirus Pro\db\config.cfg
<User>\Application Data\Internet Antivirus Pro\settings.ini
<User>\Application Data\Internet Antivirus Pro\uill.ini
<Current Folder>\working.log

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfz.html?_log_from=rss

- Collapse -
Troj/DwnLdr-HKB
Nov 4, 2008 1:54PM PST
- Collapse -
Troj/Dloadr-BYF
Nov 4, 2008 1:55PM PST
- Collapse -
Troj/Dloadr-BYE
Nov 4, 2008 1:56PM PST
- Collapse -
W32/AutoRun-NP
Nov 5, 2008 12:15AM PST
- Collapse -
Troj/Zlob-AQK
Nov 5, 2008 12:16AM PST
- Collapse -
Troj/PWS-AVT
Nov 5, 2008 12:17AM PST
- Collapse -
Troj/MalDoc-O
Nov 5, 2008 12:19AM PST
- Collapse -
Troj/FakeAle-JM
Nov 5, 2008 12:20AM PST
- Collapse -
Troj/Agent-IDL
Nov 5, 2008 12:21AM PST
- Collapse -
Troj/Agent-IDK
Nov 5, 2008 12:22AM PST
- Collapse -
Troj/Agent-IDJ
Nov 5, 2008 12:23AM PST
- Collapse -
Troj/Agent-IDI
Nov 5, 2008 12:24AM PST
- Collapse -
Troj/Agent-IDH
Nov 5, 2008 12:25AM PST
- Collapse -
Handy Keylogger Installer
Nov 5, 2008 12:27AM PST

Aliases Monitor.Win32.QuickKeyLogger
Trojan-Spy.Win32.AdvancedKeyLogger
SPR/PSW.KeyLoger
SPR/QuickKeyLogger
TR/ATRAPS.Gen
TR/Spy.AdvancedKeyLogger
Keylog-Quick
MonitoringTool:Win32/QuickKeylogger
MonitoringTool:Win32/HandyKeylogger
TrojanSpy:Win32/Aegru
Spyware.QuickKeylogger
Spyware.HandyKeylogger
Spyware.AdvancedKey

Category Adware or PUA

Type System Monitor

Handy Keylogger Installer installs the Handy Keylogger potentially unwanted application.

http://www.sophos.com/security/analyses/adware-and-puas/handykeyloggerin_urqTfBfa.html?_log_from=rss

- Collapse -
Handy Keylogger
Nov 5, 2008 12:28AM PST

Aliases Monitor.Win32.QuickKeyLogger
Trojan-Spy.Win32.AdvancedKeyLogger
SPR/PSW.KeyLoger
SPR/QuickKeyLogger
TR/ATRAPS.Gen
TR/Spy.AdvancedKeyLogger
Keylog-Quick
MonitoringTool:Win32/QuickKeylogger
MonitoringTool:Win32/HandyKeylogger
TrojanSpy:Win32/Aegru
Spyware.QuickKeylogger
Spyware.HandyKeylogger
Spyware.AdvancedKey

Category Adware or PUA

Type System Monitor

Handy Keylogger is a potentially unwanted application.

Handy Keylogger contains functionality to stealth itself, record keystrokes, capture screenshots and mail logged information to a remote address.

When installed, Handy Keylogger may create some of the following files:

<Windows>\mm-log.log
<Windows>\tm-log.log
<Windows>\ddemal.bin
<Windows>\ddemal32.bin
<Windows>\system\msidllsi.dat
<Windows>\system\setup.log
<Windows>\system\svchost.exe
<System>\launchinie.dll
<System>\qlib.dll
<System>\qpanel.exe
<System>\qutils.dll

The default folder for the Handy Keylogger installation is often:

<System>\XMLEXT\

Handy Keylogger may also create a service with the name "SVCHOST" and description "MS Software Generic Host Process for Win32 Services".

http://www.sophos.com/security/analyses/adware-and-puas/handykeylogger.html?_log_from=rss

- Collapse -
Trojan-Spy:W32/ZBot.XF
Nov 5, 2008 12:58AM PST

Name : Trojan-Spy:W32/ZBot.XF
Detection Names : Trojan-Spy:W32/ZBot.XF

Type: Trojan-Spy
Category: Malware
Platform: W32

Summary
Trojan-Spy:W32/ZBot.XF is a trojan-spy.

Trojan-spy applications attempt to steal online banking login-information and other sensitive data from the infected computer.

ZBot.XF also targets online poker and gaming sites.


http://www.f-secure.com/v-descs/trojan-spy_w32_zbot_xf.shtml

- Collapse -
Trojan.Newarxy
Nov 5, 2008 1:00AM PST
- Collapse -
Sality goes for broke
Nov 5, 2008 1:45AM PST

5 November 2008

We?ve seen continued activity from our old file-infector Sality, and a few weeks ago we saw a variant with some new tricks up its sleeve ? but at the price of stability.

The author used to keep track of the viral version number in his code but has stopped doing that in the last few variants. I?d say this might mark a trend towards more buggy code, except Sality?s bad habit of breaking some of the files it infects is not new and, while new versions of the virus fix some of these problems, they also introduce buggy features.

The two most common breakages we?ve seen in recent variants are;

More: http://www.sophos.com/security/blog/2008/11/1928.html

- Collapse -
Barack Obama exploited in malware spam attack
Nov 5, 2008 1:46AM PST

5 November 2008

Many Americans will have woken up today with a headache - either from celebrating the victory of Barack Obama or drowning their sorrows at John McCain?s loss of the White House.

One thing is clear though - malware authors haven?t been slow reacting to the news, and President Elect Barrack Obama is already being used as a lure for infecting unsuspecting internet users.

Here is a typical piece of spam that is being seen in our spam traps around the world:

More: http://www.sophos.com/security/blog/2008/11/1930.html

- Collapse -
US Elections: Notable Threats
Nov 5, 2008 2:17AM PST

November 5, 2008

Media buzz about frontrunners began the US Presidential elections. Then there were the nomination processes for the two primary parties, then the party conventions, the debates and campaigns, and then Barack Obama?s victory on the day of the election itself. Online threats have a different timeline altogether. They involved several other personalities and issues, and had varying levels of danger to systems - from just spam to spambots and malicious programs.

More: http://blog.trendmicro.com/

- Collapse -
WORM_WECORL.A
Nov 5, 2008 4:57AM PST
- Collapse -
WORM_AGENT.ARQB
Nov 5, 2008 4:58AM PST

Alert ID : FrSIRT/ALRT-2008-06784
Aliases : N/A
Size : 81920 bytes
Rated as : Low Risk
Release Date : 2008-11-05


Description

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be downloaded unknowingly by a user when visiting malicious Web sites.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGENT.ARQB

Credits

Reported by Trend Micro

- Collapse -
WORM_KERBOT.A
Nov 5, 2008 4:59AM PST
- Collapse -
WORM_AUTORUN.MBC
Nov 5, 2008 5:00AM PST
- Collapse -
Troj/Agent-IDF
Nov 5, 2008 5:01AM PST
- Collapse -
Troj/Agent-IDG
Nov 5, 2008 5:03AM PST
- Collapse -
Troj/Bckdr-QQG
Nov 5, 2008 5:04AM PST