 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Mdrop-BWG
Category Viruses and Spyware
Type Trojan
Troj/Mdrop-BWG drops the file <System>
<Random name>.dll which is detected as Mal/Behav-228.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbwg.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvo.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvn.html?_log_from=rss
Aliases Trojan:Win32/Helpud.A
Trojan-PSW.Win32.OnLineGames.ajlf
PWS-OnlineGames.y.dll trojan
Category Viruses and Spyware
Type Trojan
Troj/PWS-AUF is a password stealing Trojan for the Windows platform.
When Troj/PWS-AUF is installed the following files are created:
<Windows>\Help\<variable>.dll
<Windows>\Help\<variable>.exe
where <variable> is a filename consisting of upper-case letters and digits. Both files have the hidden and system attributes set.
The file <variable>.dll is registered as a COM object and shell extension, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrexploe.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwy.html?_log_from=rss
Notice
This is a Low-Profiled Threat Notice for BackDoor-BAC.gen
Justification
BackDoor-BAC.gen has been deemed Low-Profiled due to media attention at http://www.vnunet.com/vnunet/news/2228041/malware-writers-spoof-patch.
BackDoor-BAC.gen is referred to as "a Trojan application that infects the user's system with malware" in the article at vnunet.com.
Read About It
Information about BackDoor-BAC.gen is located on VIL at: http://vil.nai.com/vil/content/v_124832.htm
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzapchaseh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebe.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrexplof.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BD is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebd.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BA is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframeba.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Delta-I is a Trojan for the Windows platform.
Troj/Delta-I runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When Troj/Delta-I is installed the following files are created:
<Temp>\ixp000.tmp\hmkhkh~1.exe
<Windows>\ews.bat
<System>\IMG_SPA500135A.JPG.exe
<System>\hmkhkhkhk.exe
The following registry entry is created to run hmkhkhkhk.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Actualizacion
<System>\hmkhkhkhk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdeltai.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-HXB is a Trojan for the Windows platform.
When first run Troj/Agent-HXB copies itself to <System>\rs32net.exe.
The following registry entry is created to run rs32net.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rs32net
<System>\rs32net.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojemolda.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpswtibgen.html?_log_from=rss
Aliases Win32/PSW.OnLineGames.NMY
PWS-Gamania.gen.a
Trojan-GameThief.Win32.OnLineGames.tchp
WORM_LINEAGE.AJ
Category Viruses and Spyware
Type Trojan
Troj/OnLineG-BD is a Trojan for the Windows platform.
When first run Troj/OnLineG-BD copies itself to <System>\ckvo.exe and creates the following files:
<System>\ckvo0.dll
<System>\drivers\klif.sys
The file ckvo0.dll is also detected as Troj/OnLineG-BD and the file klif.sys is detected as Troj/OnLineG-BC.
The following registry entry is created to run ckvo.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kamsoft
<System>\ckvo.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojonlinegbd.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhja.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Dorf-BV is a Trojan for the Windows platform.
When Troj/Dorf-BV is installed the following files are created:
<Current Folder>\delself.bat
<System>\brastk.exe
<System>\dllcache\beep.sys
<System>\dllcache\figaro.sys
The files beep.sys and figaro.sys are detected as Mal/FakeAle-C. The file <System>\brastk.exe is detected as Troj/Dorf-BV. The file <Current Folder>\delself.bat is innocuous.
The following registry entries are created to run brastk.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdorfbv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvp.html?_log_from=rss
Aliases Trojan.Win32.Buzus.zel
Category Viruses and Spyware
Type Trojan
Troj/Buzus-S is a Trojan for the Windows platform.
When first run Troj/Buzus-S copies itself to <System>\system.exe.
The following registry entry is created to run system.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
system
<System>\system.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbuzuss.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbotb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxa.html?_log_from=rss
Category Adware or PUA
Type Adware
IKatzu Installer is a Windows AdWare installer for the Windows platform.
When run the installer will attempt to download and install components from the web.
http://www.sophos.com/security/analyses/adware-and-puas/ikatzuinstaller.html?_log_from=rss
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/Behav-273 exhibits characteristics commonly, but not exclusively, found in malware.
Sus/Behav-273 is a file which displays characteristics common to malware which have been mass-mailed within ZIP files.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susbehav273.html?_log_from=rss
SYMPTOMS:
The exploitation does not show any signs until the attacker infiltrates the system.
TECHNICAL DESCRIPTION:
The malware is a script written in Javascript. It is a part of known redirection and infection chains described in Trojan.Exploit.SSX (or later Trojan.Exploit.ANNZ ).
It is basically the same technique, but malware evolves and so a new features/exploits has been added:
CVE-2008-0647 which uses buffer overflow in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29.
A vulnerability for Adobe Flash player - CVE-2007-0071 which uses the d27cdb6e-ae6d-11cf-96b8-444553540000 CLSID.
http://www.bitdefender.com/VIRUS-1000424-en--Trojan.Exploit.JS.O.html
SYMPTOMS:
The presence of a file named autorun.inf in the root of fixed/mobile drives (hard disks partitions, USB pen drives etc.) and the strange behavior of the computer.
TECHNICAL DESCRIPTION:
This files enables worms and other type of malware to be executed at startup. Be aware that the mere presence of this file isn?t to be considered a threat because it may be used by legitimate software that need to be run on access (like the autorun software of a CD). The file is used as an alternative/complementary to the autorun registry keys created by the malware.
http://www.bitdefender.com/VIRUS-1000420-en--Trojan.Autorun.ZG.html
SYMPTOMS:
This is a web-based piece of malware which tricks the user by making false assumptions about the security of their system.
While surfing, you might be directed from various sources ( spam, hidden redirections on shady webpages, malware already present on your computer ) to an allegedly online scanning tool used for malicious software detection.
Before the scan starts, it's noticeable the intent of giving the false impression that the user is infected from these pictures displayed on the webpage.
http://www.bitdefender.com/VIRUS-1000419-en--Adware.FakeAntiVirus.M.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic