 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Mal/Psyme-A
Category Viruses and Spyware
Type Malicious Behavior
Mal/Psyme-A is a malicious script that exploits an Internet Explorer vulnerability to download and execute remote content.
http://www.sophos.com/security/analyses/viruses-and-spyware/malpsymea.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauk.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsaul.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunmb.html?_log_from=rss
Category Viruses and Spyware
Type Worm
W32/HostInf-A is a worm with IRC backdoor functionality for the Windows platform.
W32/HostInf-A modifies the infected computers hosts file.
W32/HostInf-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over
the computer via IRC channels.
When first run W32/HostInf-A copies itself to <System>
<temp name>.exe.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32hostinfa.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrootkitdy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxw.html?_log_from=rss
Category Adware or PUA
Type Unspecified PUA
PlayMp3 is a potentially unwanted application that attempts to perform downloads.
http://www.sophos.com/security/analyses/adware-and-puas/playmp3.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/jspsymekh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobapj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeygencn.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirgm.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhji.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/jsdloaddz.html?_log_from=rss
Category Adware or PUA
Type Unspecified PUA
App/CoupBar-A is a potentially unwanted application.
When the application is installed the following files are created:
<Windows>\CBBasis.xml
<Windows>\CBVersion.txt
<Windows>\CouponBarIE.dll
<Windows>\cpbrkpie.ocx
<Windows>\UccSpecB.sys
The files CouponBarIE.dll and cpbrkpie.ocx are registered as COM objects, creating registry entries under:
http://www.sophos.com/security/analyses/adware-and-puas/couponbar.html?_log_from=rss
Updated: October 17, 2008 10:56:42 AM
Type: Misleading Application
Name: AntivirusPlasma
Version: 1.3.1
Risk Impact: Medium
AntivirusPlasma is a misleading application that may give exaggerated reports of threats on the computer.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-101710-1015-99
Name : Worm:W32/AutoRun.NOI
Detection Names : Worm.Win32.AutoRun.noi
Aliases : W32/Autorun-jl (Sophos)
Generic.dx trojan (McAfee)
WORM_AUTORUN.RC (Trend Micro)
W32.SillyFDC (Symantec)
Worm:Win32/Emold.C (Microsoft)
Type: Worm
Category: Malware
Summary
AutoRun worm.
Additional Details
Worm.Win32.AutoRun.noi creates a copy of itself as the following:
C:\Program Files\Microsoft Common\wuauclt.exe
It creates the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger = "%ProgramFiles%\Microsoft Common\wuauclt.exe
Note: The key is created for automatic execution when explorer.exe is launched.
http://www.f-secure.com/v-descs/worm_w32_autorun_noi.shtml
Category Viruses and Spyware
Type Trojan
How it spreads Web browsing
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredird.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsadclid.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/FakeVir-GL is a Trojan for the Windows platform.
Troj/FakeVir-GL creates the files:
<Windows>\brastk.exe - detected as Troj/FakeVir-GL
<Windows>\karna.dat - detected as Mal/EncPk-BB
<System>\beep.sys - detected as Mal/FakeAle-C
The following registry entries are set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
karna.da
HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<Windows>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirgl.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavev.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeaveu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BVY is a Trojan for the Windows platform.
Troj/Dloadr-BVY includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Dloadr-BVY is installed it creates the file <Temp>\wewt0.bat.
Registry entries are created under:
HKCU\Software\Applications
HKCR\multimediaControls.chl\CLSID
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvy.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankerenu.html?_log_from=rss
Crafty little redirect
17 October 2008
As discussed previously, redirection - the ability to guide/control user traffic - plays a critical role in today?s malware [1]. In this post I will describe a crafty way of redirecting users from a web page. Not new by any means, but seen again recently in the distribution of fake alert malware.
Our favourite-fake-alert-attackers ? have uploaded a whole series of malicious web pages packed with enticing keywords intended to catch user traffic. Numerous domains have been used, including some that were hosted on AOL servers [2]. Many of the pages follow standard templates, so are visually very similar:
More: http://www.sophos.com/security/blog/2008/10/1865.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic