Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - November 6, 2008

by Marianna Schmudlach Nov 5, 2008 2:12PM PST

Discussion is locked

1 - 30 of 53 Posts
- Collapse + Expand Details
- Collapse -
Troj/FakeAV-FT
by Marianna Schmudlach Nov 5, 2008 2:13PM PST
- Collapse -
Troj/Dloadr-BYN
by Marianna Schmudlach Nov 5, 2008 2:14PM PST
- Collapse -
Troj/Dloadr-BYM
by Marianna Schmudlach Nov 5, 2008 2:15PM PST
- Collapse -
Troj/Agent-IDR
by Marianna Schmudlach Nov 5, 2008 2:16PM PST

Aliases Win32/Agent.CQ

Category Viruses and Spyware

Type Trojan

Troj/Agent-IDR is a Trojan for the Windows platform.

When first run, Troj/Agent-IDR copies itself to:
<Program Files>\Bifrost\Server.exe

and creates the following registry entries:
HKLM\Software\Microsoft\Active Setup\Installed Components\{9b71D88C-C598-4935-C5D1-43AA4DB90836}\stubpath
<Program Files>\Bifrost\Server.exe s

HKLM\Software\Bifrost

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentidr.html?_log_from=rss

- Collapse -
Troj/Dloadr-BYO
by Marianna Schmudlach Nov 5, 2008 2:17PM PST
- Collapse -
MyCentria Installer
by Marianna Schmudlach Nov 5, 2008 2:18PM PST
- Collapse -
MyCentria
by Marianna Schmudlach Nov 5, 2008 2:20PM PST
- Collapse -
Troj/Agent-IDT
by Marianna Schmudlach Nov 5, 2008 11:35PM PST
- Collapse -
Troj/Agent-IDS
by Marianna Schmudlach Nov 5, 2008 11:36PM PST
- Collapse -
Mal/FakeAV-L
by Marianna Schmudlach Nov 5, 2008 11:37PM PST
- Collapse -
W32/Agent-IDV
by Marianna Schmudlach Nov 5, 2008 11:43PM PST
- Collapse -
Troj/JSRedir-C
by Marianna Schmudlach Nov 5, 2008 11:44PM PST
- Collapse -
Troj/JSRedir-B
by Marianna Schmudlach Nov 5, 2008 11:45PM PST
- Collapse -
Troj/Dloadr-BJQ
by Marianna Schmudlach Nov 5, 2008 11:45PM PST
- Collapse -
Troj/Dload-EG
by Marianna Schmudlach Nov 5, 2008 11:46PM PST

Category Viruses and Spyware

Type Trojan

Troj/Dload-EG is a Trojan for the Windows platform.

Troj/Dload-EG includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Dload-EG copies itself to <User>\Application Data\Microsoft\Windows\lsass.exe and creates the following files:

<User>\Application Data\Microsoft\Network\Downloader\qmgr0.dat
<User>\Application Data\Microsoft\Network\Downloader\qmgr1.dat

The DAT files are harmless and may be deleted.

The following registry entry is created to run lsass.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Lsass Service
<User>\Application Data\Microsoft\Windows\lsass.exe

Troj/Dload-EG changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadeg.html?_log_from=rss

- Collapse -
Troj/Bancban-RB
by Marianna Schmudlach Nov 5, 2008 11:47PM PST
- Collapse -
Troj/Agent-IDW
by Marianna Schmudlach Nov 5, 2008 11:48PM PST
- Collapse -
MyWebSearch
by Marianna Schmudlach Nov 5, 2008 11:50PM PST
- Collapse -
We Hate WinDefender
by Marianna Schmudlach Nov 6, 2008 12:41AM PST

Thursday, November 6, 2008

Not Windows Defender ? WinDefender.

WinDefender 2009 is a supposed update of the WinDefender 2008 rogue.

Version 2009 promises to Get rid of mailware now!

More: http://www.f-secure.com/weblog/

- Collapse -
United States Presidential Election Email Attack
by Marianna Schmudlach Nov 6, 2008 12:52AM PST

added November 6, 2008 at 09:26 am

US-CERT is aware of public reports of email attacks circulating that are related to the recent U.S. presidential election. The email messages appear to be coming from a seemingly legitimate source and contain a message indicating that additional news coverage of the election is available by following a link. The link directs users to a website that appears to contain a video of the president elect. The website will instruct the user to update to a new version of Adobe Flash Player in order to view the video. This update is not a legitimate Adobe Flash Player update; it is malicious code. If the user downloads this executable file, malicious code may be installed on the system.

More: http://www.us-cert.gov/current/current_activity.html#united_states_presidential_election_email

- Collapse -
Troj/Bancos-BES
by Marianna Schmudlach Nov 6, 2008 12:55AM PST

6 November 2008

After yesterday?s Barack themed malware spam attack, it was no surprise this morning to find BarackOb.exe first in the queue for analysis. President Elect Obama is definitely the hottest name in malware right now, one of the unfortunate side effects of success. With his historic victory over Senator McCain still fresh in everyone?s mind, how many people would find themselves tempted to open a file this morning bearing his name and flying the US flag?

More: http://www.sophos.com/security/blog/2008/11/1945.html

- Collapse -
Troj/FakeAV-GB
by Marianna Schmudlach Nov 6, 2008 3:03AM PST
- Collapse -
Troj/Dwnldr-HKC
by Marianna Schmudlach Nov 6, 2008 3:04AM PST
- Collapse -
Troj/Agent-IDX
by Marianna Schmudlach Nov 6, 2008 3:05AM PST
- Collapse -
Mal/FakeAV-L
by Marianna Schmudlach Nov 6, 2008 3:06AM PST
- Collapse -
PWS-Mmorpg.gen!62F6A3ED
by Marianna Schmudlach Nov 6, 2008 5:06AM PST

Alert ID : FrSIRT/ALRT-2008-06787
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-06


Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted.

References

http://vil.nai.com/vil/content/v_153291.htm

Credits

Reported by McAfee

- Collapse -
PWS-Mmorpg.gen!64446728
by Marianna Schmudlach Nov 6, 2008 5:07AM PST

Alert ID : FrSIRT/ALRT-2008-06788
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-06


Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted.

References

http://vil.nai.com/vil/content/v_153289.htm

Credits

Reported by McAfee

- Collapse -
PWS-Mmorpg.gen!7A8CDA1D
by Marianna Schmudlach Nov 6, 2008 5:08AM PST

Alert ID : FrSIRT/ALRT-2008-06789
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-06


Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted.

References

http://vil.nai.com/vil/content/v_153287.htm

Credits

Reported by McAfee

- Collapse -
PWS-Mmorpg.gen!0D936576
by Marianna Schmudlach Nov 6, 2008 5:08AM PST

Alert ID : FrSIRT/ALRT-2008-06790
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-06


Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted.

References

http://vil.nai.com/vil/content/v_153285.htm

Credits

Reported by McAfee

- Collapse -
PWS-Mmorpg.gen!02214058
by Marianna Schmudlach Nov 6, 2008 5:09AM PST

Alert ID : FrSIRT/ALRT-2008-06791
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-06


Description

Characteristics File Property Property Value FileName new11e~1.exe McAfee Detection PWS-Mmorpg.gen Length 22,219 bytes CRC 02214058 MD5 EC47FE94C168389A0DDF0CE4959EC3E2, SHA1 5971FC68D95392AB9294D7D6D32494DC0E0B1343,.

References

http://vil.nai.com/vil/content/v_153284.htm

Credits

Reported by McAfee

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info