Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 15, 2008

by Marianna Schmudlach Oct 14, 2008 2:47PM PDT

Discussion is locked

31 - 60 of 50 Posts
- Collapse + Expand Details
- Collapse -
W32/Antinny-BH
by Marianna Schmudlach Oct 15, 2008 7:22AM PDT

Aliases Win32/Antinny worm
Worm.Win32.Antinny.ai
virus
W32/Antinny.BH

Category Viruses and Spyware

Type Worm

W32/Antinny-BH is a worm for the Windows platform.

When first run W32/Antinny-BH copies itself to:

<Program Files>\Messenger\spoolsv.exe
<Program Files>\bearshare\bearshare965.exe

The following registry entries are created to run W32/Antinny-BH on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
spoolsv
<Program Files>\Messenger\spoolsv.exe" /start

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ara-key
<Program Files>\bearshare\bearshare965.exe" /startup

http://www.sophos.com/security/analyses/viruses-and-spyware/w32antinnybh.html?_log_from=rss

- Collapse -
Troj/Zlob-APH
by Marianna Schmudlach Oct 15, 2008 7:23AM PDT
- Collapse -
Troj/Small-EMM
by Marianna Schmudlach Oct 15, 2008 7:24AM PDT
- Collapse -
Troj/Iframe-BF
by Marianna Schmudlach Oct 15, 2008 7:27AM PDT
- Collapse -
Troj/FakeAV-ER
by Marianna Schmudlach Oct 15, 2008 7:28AM PDT
- Collapse -
Troj/DownLd-AA
by Marianna Schmudlach Oct 15, 2008 7:29AM PDT
- Collapse -
Troj/Dloadr-BVU
by Marianna Schmudlach Oct 15, 2008 7:30AM PDT
- Collapse -
Troj/CHMDrop-C
by Marianna Schmudlach Oct 15, 2008 7:31AM PDT

Category Viruses and Spyware

Type Trojan

When Troj/CHMDrop-C is run, it drops the following files:

- <Windows>\Downloaded Program Files\svchost.exe
- <Temporary internet files>\svchost.exe
- <Application data>\Adobe\reader_sl.exe

All the above files are detected as Troj/CHMDrop-C.

The following registry entry is created:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Adobe Reader Speed Launcher
<path to executable>\reader_sl.exe


http://www.sophos.com/security/analyses/viruses-and-spyware/trojchmdropc.html?_log_from=rss

- Collapse -
Troj/ByteV-B
by Marianna Schmudlach Oct 15, 2008 7:32AM PDT
- Collapse -
Troj/Agent-HXQ
by Marianna Schmudlach Oct 15, 2008 7:33AM PDT

Aliases PWS:Win32/Yahoopass.H

Category Viruses and Spyware

Type Trojan

Troj/Agent-HXQ is a Trojan for the Windows platform.

When Troj/Agent-HXQ is installed the following files are created:

<System>\googlejd.dll
<System>\sys.dat

Both these files are also detected as Troj/Agent-HXQ. The file googlejd.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DA58FB5-AADE-4E31-8E63-BCB33D59E8E2}
HKCR\CLSID\{2DA58FB5-AADE-4E31-8E63-BCB33D59E8E2}

Troj/Agent-HXQ changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxq.html?_log_from=rss

- Collapse -
Alot Toolbar Installer
by Marianna Schmudlach Oct 15, 2008 7:34AM PDT
- Collapse -
Sus/Sality-A
by Marianna Schmudlach Oct 15, 2008 7:35AM PDT

Category Suspicious behavior and files

Type Suspicious behavior

What's been detected Sus/Sality-A exhibits characteristics commonly, but not exclusively, found in malware.

Sus/Sality-A is a file that displays characteristics or behavior typically associated with malware.

Sus/Sality-A is a file that may have been infected by W32/Sality-AM.

Please send a sample to Sophos support to assist in improving our technology.

http://www.sophos.com/security/analyses/suspicious-behavior-and-files/sussalitya.html?_log_from=rss

- Collapse -
Sus/ObfJS-BD
by Marianna Schmudlach Oct 15, 2008 7:36AM PDT
- Collapse -
WORM_AUTORUN.CTO
by Marianna Schmudlach Oct 15, 2008 7:38AM PDT
- Collapse -
TROJ_RENOS.AMC
by Marianna Schmudlach Oct 15, 2008 7:39AM PDT

Alert ID : FrSIRT/ALRT-2008-06106
Aliases : N/A
Size : 184832 bytes
Rated as : Low Risk
Release Date : 2008-10-15


Description

This worm drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_RENOS.AMC

Credits

Reported by Trend Micro

- Collapse -
TROJ_ROOTKIT.BI
by Marianna Schmudlach Oct 15, 2008 7:40AM PDT
- Collapse -
Email-VBS/Gedza.B
by Marianna Schmudlach Oct 15, 2008 7:42AM PDT

Alert ID : FrSIRT/ALRT-2008-06064
Aliases : N/A
Size : 274380 bytes
Rated as : Low Risk
Release Date : 2008-10-15


Description

This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.

References

http://www.f-secure.com/v-descs/email-worm_vbs_gedza_b.shtml

Credits

Reported by F-Secure

- Collapse -
Troj/DelReg-D
by Marianna Schmudlach Oct 15, 2008 7:44AM PDT

Alert ID : FrSIRT/ALRT-2008-06094
Aliases : TROJ_DELREG.Y - TR/Vundo.Gen
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-15


Description

Troj/DelReg-D is a a Trojan for the Windows platform that attempts to delete the following registry entry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelregd.html

Credits

Reported by Sophos

- Collapse -
Troj/Clckr-LH
by Marianna Schmudlach Oct 15, 2008 7:45AM PDT

Alert ID : FrSIRT/ALRT-2008-06093
Aliases : AdClicker-GO.dll
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-15


Description

Troj/Clckr-LH is a Trojan for the Windows platform. Troj/Clckr-LH includes functionality to access the internet and communicate with a remote server via HTTP.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojclckrlh.html

Credits

Reported by Sophos

- Collapse -
Troj/BHO-HI
by Marianna Schmudlach Oct 15, 2008 7:47AM PDT

Alert ID : FrSIRT/ALRT-2008-06092
Aliases : Trojan.Win32.Agent.aguj
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-15


Description

Troj/BHO-HI is a Trojan for the Windows platform. The Troj/BHO-HI is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under: HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} HKCR\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D} Registry entries are set as follows: HKCR\XML.XML.1\CLSID (default) {500BCA15-57A7-4eaf-8143-8C619470B13D} HKCR\XML.XML\CLSID (default) {500BCA15-57A7-4eaf-8143-8C619470B13D} Registry entries are created under: HKCR\XML.XML.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohi.html

Credits

Reported by Sophos

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info