Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 16, 2008

Oct 15, 2008 2:56PM PDT

Discussion is locked

- Collapse -
Troj/Doc-Zip
Oct 16, 2008 5:43AM PDT
- Collapse -
Troj/PDFex-W
Oct 16, 2008 8:04AM PDT
- Collapse -
Troj/FakeAV-ES
Oct 16, 2008 8:05AM PDT
- Collapse -
Troj/Dloadr-BVW
Oct 16, 2008 8:06AM PDT
- Collapse -
Troj/Agent-HXT
Oct 16, 2008 8:07AM PDT
- Collapse -
New Mac rogue?
Oct 16, 2008 8:10AM PDT

Thursday, October 16, 2008

This site is a sister to WiniGuard, a rogue antispyware program related to Innovagest 2000? a noted bad actor?

However, there are no downloadable binaries. Something to keep an eye on, though.

More: http://sunbeltblog.blogspot.com/index.html

- Collapse -
W32/Alcra-G
Oct 16, 2008 11:02AM PDT
- Collapse -
Troj/Zlob-API
Oct 16, 2008 11:03AM PDT
- Collapse -
Troj/VBStl-A
Oct 16, 2008 11:04AM PDT
- Collapse -
Troj/OzLog-Gen
Oct 16, 2008 11:05AM PDT
- Collapse -
Troj/KeyLo-HL
Oct 16, 2008 11:11AM PDT
- Collapse -
Troj/Invo-Zip
Oct 16, 2008 11:12AM PDT
- Collapse -
Troj/FakeAle-IN
Oct 16, 2008 11:13AM PDT

Category Viruses and Spyware

Type Trojan

Troj/FakeAle-IN is a Trojan for the Windows platform.

When Troj/FakeAle-IN is installed the following file is also created:

<Current Folder>\wcm.exe - detected as Troj/FakeAle-IN

The following registry entry is created to run Troj/FakeAle-IN on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\
smile
<Path to executable>\wcs.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealein.html?_log_from=rss

- Collapse -
Troj/FakeAle-IM
Oct 16, 2008 11:14AM PDT

Category Viruses and Spyware

Type Trojan

Troj/FakeAle-IM is a Trojan for the Windows platform.

When Troj/FakeAle-IM is installed the following files are created:

<Current Folder>\iebt.dll - detected as Troj/FakeAle-IM
<Current Folder>\iebtmm.exe - detected as Troj/FakeAle-IM

The following registry entry is created to run Troj/FakeAle-IM on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
start
<pathname of the Trojan executable>

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeim.html?_log_from=rss

- Collapse -
Troj/Agent-HXU
Oct 16, 2008 11:15AM PDT

Aliases Win32/Sinowal.gen!M
Trojan.Mebroot

Category Viruses and Spyware

Type Trojan

Troj/Agent-HXU is a Trojan for the Windows platform.

When first run, Troj/Agent-HXU copies itself to:
<Temp&gtMischief<number>.tmp

Troj/Agent-HXU then drops and runs a second file as:
<Temp&gtMischief<number>.tmp
This second file is a rootkit used to stealth Troj/Agent-HXU.
( The rootkit is detected as Troj/Mbroot-Gen )

Troj/Agent-HXU communicates with a remote server via HTTP.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxu.html?_log_from=rss

- Collapse -
Mal/EncPk-FP
Oct 16, 2008 11:17AM PDT
- Collapse -
TROJ_ZBOT.QT
Oct 16, 2008 11:20AM PDT
- Collapse -
WORM_ONLINEG.AFU
Oct 16, 2008 11:21AM PDT

Alert ID : FrSIRT/ALRT-2008-06156
Aliases : N/A
Size : 116489 bytes
Rated as : Low Risk
Release Date : 2008-10-16


Description

This worm may arrive via removable drives. It also propagates via removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.AFU

Credits

Reported by Trend Micro

- Collapse -
TROJ_BANKER.EDN
Oct 16, 2008 11:22AM PDT

Alert ID : FrSIRT/ALRT-2008-06157
Aliases : N/A
Size : 4566589 bytes
Rated as : Low Risk
Release Date : 2008-10-16


Description

This worm may arrive via removable drives. It also propagates via removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANKER.EDN

Credits

Reported by Trend Micro

- Collapse -
VBS_PSYME.DJY
Oct 16, 2008 11:23AM PDT

Alert ID : FrSIRT/ALRT-2008-06158
Aliases : N/A
Size : 2557 bytes
Rated as : Low Risk
Release Date : 2008-10-16


Description

This VBScript may be hosted on a Web site and run when a user accesses the said Web site. It takes advantage of the ADODB.STREAM Object Exploit, which causes a certain file to be downloaded from the Internet. It connects to a Web site to download a file. However, as of the time of this writing, the said Web site is currently inaccessible. It then executes the downloaded file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_PSYME.DJY

Credits

Reported by Trend Micro

- Collapse -
TROJ_DROPPER.FV
Oct 16, 2008 11:24AM PDT
- Collapse -
W32/SillyFDC-CR
Oct 16, 2008 11:26AM PDT
- Collapse -
Troj/ByteV-B
Oct 16, 2008 11:27AM PDT

Alert ID : FrSIRT/ALRT-2008-06142
Aliases : Trojan.Java.ClassLoader.ap - JAVA_BYTEVER.BQ - TROJ_JAVA.AT - Exploit:Java/ByteVerify.E
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-16


Description

Troj/ByteV-B is a Trojan for the Windows platform. Troj/ByteV-B may drop files during execution that are detected as Troj/ByteV-AC and Troj/ByteV-AD.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbytevb.html

Credits

Reported by Sophos