Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 12, 2008

by Marianna Schmudlach Oct 12, 2008 2:19AM PDT

Troj/PWS-AUF


Aliases Trojan:Win32/Helpud.A
Trojan-PSW.Win32.OnLineGames.ajlf
PWS-OnlineGames.y.dll trojan

Category Viruses and Spyware

Type Trojan

Troj/PWS-AUF is a password stealing Trojan for the Windows platform.

When Troj/PWS-AUF is installed the following files are created:

<Windows>\Help\<variable>.dll
<Windows>\Help\<variable>.exe

where <variable> is a filename consisting of upper-case letters and digits. Both files have the hidden and system attributes set.

The file <variable>.dll is registered as a COM object and shell extension, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauf.html?_log_from=rss

Discussion is locked

14 Posts
- Collapse + Expand Details
- Collapse -
Troj/Pushdo-Y
by Marianna Schmudlach Oct 12, 2008 2:20AM PDT

Aliases Rootkit.Win32.Protector.bd
Cutwail.gen.a trojan
Trojan.Pandex
VirTool:WinNT/Cutwail.K

Category Viruses and Spyware

Type Trojan

Troj/Pushdo-Y is a rootkit Trojan for the Windows platform.

Troj/Pushdo-Y is installed by other malware (typically downloader Trojans) to provide stealthing.

Troj/Pushdo-Y will typically be installed to:

<System>\drivers\<variable>.sys

and the file <variable>.sys registered as a new system driver service named <variable> (the filename of the SYS driver minus its extension).

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpushdoy.html?_log_from=rss

- Collapse -
Troj/FakeVir-GJ
by Marianna Schmudlach Oct 12, 2008 2:21AM PDT
- Collapse -
Troj/Dloadr-BVM
by Marianna Schmudlach Oct 12, 2008 2:22AM PDT
- Collapse -
Troj/Dloadr-BVL
by Marianna Schmudlach Oct 12, 2008 2:24AM PDT
- Collapse -
Troj/Banker-ENS
by Marianna Schmudlach Oct 12, 2008 2:25AM PDT
- Collapse -
Troj/Agent-HWX
by Marianna Schmudlach Oct 12, 2008 2:27AM PDT
- Collapse -
Troj/Agent-HWW
by Marianna Schmudlach Oct 12, 2008 2:28AM PDT
- Collapse -
Troj/Agent-HWV
by Marianna Schmudlach Oct 12, 2008 2:29AM PDT
- Collapse -
W32/Autorun-LJ
by Marianna Schmudlach Oct 12, 2008 6:10AM PDT
- Collapse -
Troj/PWS-AUF
by Marianna Schmudlach Oct 12, 2008 6:11AM PDT

Aliases Trojan:Win32/Helpud.A
Trojan-PSW.Win32.OnLineGames.ajlf
PWS-OnlineGames.y.dll trojan

Category Viruses and Spyware

Type Trojan

Troj/PWS-AUF is a password stealing Trojan for the Windows platform.

When Troj/PWS-AUF is installed the following files are created:

<Windows>\Help\<variable>.dll
<Windows>\Help\<variable>.exe

where <variable> is a filename consisting of upper-case letters and digits. Both files have the hidden and system attributes set.

The file <variable>.dll is registered as a COM object and shell extension, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauf.html?_log_from=rss

- Collapse -
Troj/Mdrop-BWF
by Marianna Schmudlach Oct 12, 2008 6:12AM PDT
- Collapse -
Troj/Keygen-CM
by Marianna Schmudlach Oct 12, 2008 6:13AM PDT
- Collapse -
Troj/Dwnldr-HIZ
by Marianna Schmudlach Oct 12, 2008 6:14AM PDT
- Collapse -
Troj/Crack-O
by Marianna Schmudlach Oct 12, 2008 6:16AM PDT
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info