 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
W32/VB-EBJ
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32vbebj.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbwe.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmailbomax.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/JSRedir-B is a script embedded within web pages that redirects the user to another malicious web page.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeig.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeif.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxd.html?_log_from=rss
Category Viruses and Spyware
Type Worm
W32/AutoRun-LO is a worm for the Windows platform that spreads via removable drives.
When run W32/AutoRun-LO copies itself to <System>\regedit32.exe.
W32/AutoRun-LO installs itself as a service with the name "BackGround switch", a description of "BackGround Switch Disktop Control" and a startup type of automatic.
Registry entries are created under:
HKLMSYSTEM\CurrentControlSet\Enum\Root\LEGACY_BACKGROUND_SWITCH\
HKLM\SYSTEM\CurrentControlSet\Services\BackGround switch\
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlo.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunln.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeih.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhje.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxe.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotgxd.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/DwnLdr-HJF is a Trojan for the Windows platform.
When run Troj/DwnLdr-HJF copies itself to <Windows>
<random characters>.exe and creates another file <Windows><random characters>.exe (also detected as Troj/DwnLdr-HJF).
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbytevad.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbytevac.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BD is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebd.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BA is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframeba.html?_log_from=rss
Aliases Trojan.Win32.FraudPack.ajz
TROJ_FRAUDPA.ANK
Win32/Yektel.A
Category Viruses and Spyware
Type Trojan
Troj/FakeAV-EQ is a Trojan for the Windows platform.
When first run Troj/FakeAV-EQ copies itself to <System>\ieexplorer32.exe and creates the file:
<System>\winsrc.dll
The file winsrc.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeaveq.html?_log_from=rss
Aliases Generic FakeAlert.d
Trojan:Win32/Wantvi.I
HASH(0x9f85360)
Category Viruses and Spyware
Type Trojan
Troj/FakeAle-IJ is a Trojan for the Windows platform.
When Troj/FakeAle-IJ is installed the following files are created:
<Current Folder>\delself.bat
<System>\brastk.exe
<System>\dllcache\beep.sys
<System>\dllcache\figaro.sys
The files beep.sys and figaro.sys are detected as Mal/FakeAle-C. The file brastk.exe is detected as Troj/FakeAle-IG.
The following registry entries are created to run brastk.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeij.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BVR is a Trojan for the Windows platform.
Troj/Dloadr-BVR includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Dloadr-BVR is installed it creates the file <Temp>\wewt0.bat.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbanspyj.html?_log_from=rss
Aliases TROJ_AGENT.ASFC
Category Viruses and Spyware
Type Trojan
Troj/Agent-HXG is a Trojan for the Windows platform.
The Troj/Agent-HXG is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKCR\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}
Registry entries are set as follows:
HKCR\XML.XML.1\CLSID
(default)
{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKCR\XML.XML\CLSID
(default)
{500BCA15-57A7-4eaf-8143-8C619470B13D}
Registry entries are created under:
HKCR\XML.XML
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxg.html?_log_from=rss
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/Iframe-K exhibits characteristics commonly, but not exclusively, found in malware.
Sus/Iframe-K is a malicious script embedded in a web page that attempts to download malicious content from a remote site.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susiframek.html?_log_from=rss
Category Suspicious behavior and files
Type Suspicious behavior
Sus/Iframe-G is a malicious script embedded in a web page that attempts to download malicious content from a remote site.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susiframeg.html?_log_from=rss
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/Spy-B exhibits characteristics commonly, but not exclusively, found in malware.
Sus/Spy-B is a program which may report sensitive information to a remote website.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susspyb.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic