 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/BHO-HT
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhoht.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohs.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentidz.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/EncPk-FW is a program that has been packed with a protection system typically used by malware authors.
http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkfw.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malcimuzg.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/Bagle-B is a member of the Bagle family of malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/malbagleb.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/Autorun-C is a malicious program which typically spreads by copying itself to removable devices.
http://www.sophos.com/security/analyses/viruses-and-spyware/malautorunc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/jspsymekm.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/jsdloadec.html?_log_from=rss
Category Adware or PUA
Type Unspecified PUA
Affected operating systems Windows
Characteristics Installs itself in the registry
Opens links to websites
http://www.sophos.com/security/analyses/adware-and-puas/conduitbrowserhe_A687o.N5.html?_log_from=rss
Category Adware or PUA
Type Unspecified PUA
A-Patch is a third party utility tool to patch Windows Live Messenger.
http://www.sophos.com/security/analyses/adware-and-puas/apatch.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunns.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbwq.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhke.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdropbi.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiea.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsavw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealejo.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-IEC is a multi-component Trojan for the Windows platform.
Troj/Agent-IEC copies itself to the following locations:
<System>\explorer.exe
<System>\iexplore.exe
<Windows>\svchost.exe
The Trojan also creates the file <System>\flash.exe which is a legitimate Shockwave Flash application.
Troj/Agent-IEC creates the following registry entries to run itself on system restart:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
explorer
<System>\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svchost
<Windows>\svchost.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiec.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-IEB is a Trojan for the Windows platform.
When first run Troj/Agent-IEB copies itself to <System>\rs32net.exe.
The following registry entry is created to run rs32net.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rs32net
<System>\rs32net.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentieb.html?_log_from=rss
Virus Alerts [Panda Security's weekly report on viruses and intruders - 11/07/0
- Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
The PCDefender2008 adware, the Downloader.UYC malicious script and the
MSNWorm.FH worm are the subject of this week's PandaLabs report.
PCDefender2008 is a "fake antivirus" adware that reaches computers with
the name pcdefender2008Install.exe. Once installed, it simulates a
computer scan to make users believe they are infected by dozens of
malware samples (image here: ). Its aim is for users to purchase the
fake antivirus promoted by this adware. Once the fake scan is over,
users are offered the option of neutralizing the supposed infections,
and if they accept, a screen is displayed (image here: ) in which users
are given two options: to buy the antivirus or remain infected.
On purchasing the product, users are redirected to the Web page of the
fake product, created by cyber-crooks. If they do not purchase it, the
adware will constantly display reminder messages to infected users,
which is extremely annoying.
"As incredible as it may seem, numerous users continue to fall victim to
these traps. It is therefore advisable to remember a few basic rules
such as not opening emails from unknown senders, and not running files
or clicking links in one of those emails, as that is how these fake
antiviruses enter computers," explains Luis Corrons, technical director
of PandaLabs.
Downloader.UYC is a malicious script designed to download the
Downloader.UYD Trojan, which in turn is used to infect computers with
other malware. To fool users and conceal its malicious actions, once run
on the computer, this script displays a Windows Internet Explorer
window.
The Trojan downloaded by Downloader.UYC is also designed to prevent the
firewall from blocking the downloading of malware.
MSNPhoto.A is a worm that spreads through MSN Messenger. To do so, it
sends a message with an infected file to all the affected users'
contacts so they accept it and become infected.
It also creates a key in the Windows Registry to ensure it is run every
time the session is started. Similarly, it disables several functions
including the system console and the computer recovery feature, and
modifies the host file, preventing access to several Web pages, most of
which are IT security-related, so users find it more difficult to remove
this worm from their computer.
In addition, PandaLabs has warned about the sending of malicious emails
that are using the name of the US president-elect, Barack Obama, as bait
to distribute malware. More information about this story here:
http://www.pandasecurity.com/spain/homeusers/media/press-releases/viewne
ws?noticia=9426
Discovered: November 7, 2008
Updated: November 7, 2008 1:31:50 PM
Type: Worm
W32.Gaut.A is a worm that spreads through instant messaging clients.
Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110713-2603-99
Notice
This is a Low-Profiled Threat Notice for PHP/WPTrojan.b
Justification
PHP/WPTrojan.b has been deemed Low-Profiled due to media attention at http://www.theregister.co.uk/2008/11/06/trojanised_wordpress/.
PHP/WPTrojan.b is referred to as the "WPHack-A Trojan", in the article at theregister.co.uk.
Read About It
Information about PHP/WPTrojan.b is located on VIL at: http://vil.nai.com/vil/content/v_153363.htm
Aliases Win32/Agent.OJO
Category Viruses and Spyware
Type Worm
W32/Autorun-NU is a worm for the Windows platform.
W32/Autorun-NU spreads to other network computers.
W32/Autorun-NU includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Autorun-NU copies itself to:
<Windows>\SSCVIIHOST.exe
<System>\SSCVIIHOST.exe
<System>\blastclnnn.exe
and creates the following files:
<System>\autorun.ini
<System>\dotnetfx.dll
<System>\setting.ini
The file autorun.ini is detected as Mal/AutoInf-A.
More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunnu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojswfdldrh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpsymekn.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbwr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/FakeAV-GC is a fraudulent anti-virus program. This program reports fake detections of malicious software, in an attempt to convince the user to pay money to have them removed.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavgc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbyw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentied.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic