Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - November 9, 2008

Nov 9, 2008 12:12AM PST

Discussion is locked

- Collapse -
Troj/Dload-EI
Nov 9, 2008 12:13AM PST
- Collapse -
Troj/Dload-EH
Nov 9, 2008 12:14AM PST
- Collapse -
Troj/BHO-HV
Nov 9, 2008 12:15AM PST
- Collapse -
Troj/Agent-IER
Nov 9, 2008 12:16AM PST
- Collapse -
Troj/Agent-IEQ
Nov 9, 2008 12:17AM PST
- Collapse -
Troj/Agent-IEP
Nov 9, 2008 12:18AM PST
- Collapse -
Troj/Agent-IEO
Nov 9, 2008 12:19AM PST
- Collapse -
Troj/Agent-IEN
Nov 9, 2008 12:20AM PST
- Collapse -
Troj/AdClick-FA
Nov 9, 2008 12:21AM PST

Aliases Trojan-Downloader.Win32.Agent.afzg

Category Viruses and Spyware

Type Trojan

Troj/AdClick-FA is a Trojan for the Windows platform.

Troj/AdClick-FA includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/AdClick-FA is installed the following files are created:

<Startup>\DW_Start.lnk
<System>\dwwnw64r.exe
<System>\msnav32.ax

The following registry entry is created to run dwwnw64r.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
{A0-0E-EE-E6-DW}
<System>\dwwnw64r.exe DWmmm01

http://www.sophos.com/security/analyses/viruses-and-spyware/trojadclickfa.html?_log_from=rss

- Collapse -
TSPY_BANCOS.EDM.
Nov 9, 2008 2:02AM PST

Obama Malware Spam Targets Latin America

Malware criminals are continuing to attempt to exploit the intense media coverage involving the election of Barack Obama to the U.S. Presidency. A very recent spam run has already hit American online users ? now a new and different spam run targeting Latin American online users was also recently discovered.

Spammers have added some genuine global concerns in their social engineering techniques this time. Obama?s election indeed has implications for other nations besides the United States. Spammed messages, written in Spanish, carry the following message when translated in English:

More: http://blog.trendmicro.com/

- Collapse -
Troj/Zlob-AQU
Nov 9, 2008 4:55AM PST
- Collapse -
Troj/JSRedir-E
Nov 9, 2008 4:56AM PST
- Collapse -
Troj/FakeAle-JS
Nov 9, 2008 4:57AM PST
- Collapse -
Mal/Renos-D
Nov 9, 2008 4:58AM PST
- Collapse -
W32/Autorun-NY
Nov 9, 2008 7:40AM PST

Category Viruses and Spyware

Type Worm

W32/Autorun-NY copies itself to <System>\chrome.exe and <Windows>\chrome.exe.

W32/Autorun-NY schedules itself to run every day at 9:00AM.

W32/Autorun-NY sets the following registry values:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools

W32/Autorun-NY creates the following registry value

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\chrome.exe

W32/Autorun-NY changes the default page, the default search page and the start page for Internet Explorer.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunny.html?_log_from=rss

- Collapse -
Suspicious.Farfli
Nov 9, 2008 8:15AM PST

Alert ID : FrSIRT/ALRT-2008-06918
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-09


Description

Suspicious.Farfli is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-103115-5014-99

Credits

Reported by Symantec

- Collapse -
Trojan.Pidief.D
Nov 9, 2008 8:17AM PST
- Collapse -
Troj/NtRootK-EC
Nov 9, 2008 8:25AM PST
- Collapse -
Troj/BHO-HV
Nov 9, 2008 8:27AM PST