Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 20, 2008

Oct 19, 2008 3:01PM PDT

W32/Jeans-B

Category Viruses and Spyware

Type Worm

W32/Jeans-B copies itself to removable drives as imagenes.exe.

W32/Jeans-B copies itself to:
<System32>\mexica.exe
<Temp>\mexica.exe
<Windows>\system234.exe
<Root>\imagenes.exe

W32/Jeans-B creates the registry entries
HKLM\Software\Microsoft\Windows\CurrentVersion
Run
<Temp>\mexica.exe

HKLM\Software\Microsoft\Windows NT\Currentversion\WOW\boot
rhell
explorer.exe <System>\mexica.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/w32jeansb.html?_log_from=rss

Discussion is locked

- Collapse -
Troj/Dloadr-BWH
Oct 19, 2008 3:02PM PDT
- Collapse -
Troj/Agent-HYQ
Oct 19, 2008 3:04PM PDT
- Collapse -
Troj/Agent-HYP
Oct 19, 2008 3:05PM PDT
- Collapse -
Troj/PDFex-Y
Oct 20, 2008 1:24AM PDT
- Collapse -
Troj/PDFEx-X
Oct 20, 2008 1:25AM PDT
- Collapse -
Troj/FakeAv-EX
Oct 20, 2008 1:26AM PDT
- Collapse -
Troj/FakeAle-IP
Oct 20, 2008 1:27AM PDT
- Collapse -
Troj/Dloadr-BWJ
Oct 20, 2008 1:28AM PDT
- Collapse -
Troj/Agent-HYV
Oct 20, 2008 1:33AM PDT
- Collapse -
Troj/Agent-HYU
Oct 20, 2008 1:34AM PDT
- Collapse -
Troj/Agent-HYT
Oct 20, 2008 1:35AM PDT
- Collapse -
Troj/Agent-HYS
Oct 20, 2008 1:36AM PDT
- Collapse -
Troj/Agent-HYR
Oct 20, 2008 1:37AM PDT
- Collapse -
Trojan-Downloader:W32/Renos.GEN
Oct 20, 2008 2:36AM PDT

Name : Trojan-Downloader:W32/Renos.GEN
Type: Trojan-Downloader
Category: Malware

Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Additional Details
This trojan downloads rogueware, which attempts to persuade the user to buy a particular rogue antispyware application by pretending that the system is infected with spyware.

http://www.f-secure.com/v-descs/trojan-downloader_w32_renos_gen.shtml

- Collapse -
Trojan-Downloader:W32/FakeAlert.BG
Oct 20, 2008 2:37AM PDT
- Collapse -
Infostealer.Bancos.AC
Oct 20, 2008 2:39AM PDT
- Collapse -
W32.Harakit
Oct 20, 2008 2:40AM PDT
- Collapse -
W32/Autorun-MG
Oct 20, 2008 3:15AM PDT
- Collapse -
Troj/Bifrose-WL
Oct 20, 2008 3:17AM PDT
- Collapse -
Troj/Agent-HYY
Oct 20, 2008 3:18AM PDT
- Collapse -
Troj/Agent-HYX
Oct 20, 2008 3:19AM PDT
- Collapse -
WORM_AUTORUN.CTO. - Your eTicket Makes a Worm Fly
Oct 20, 2008 6:03AM PDT

October 20, 1008

Planning your fall holiday? Be careful when booking flights online or opening emails about your ?online flight ticket??or you could crash-land on a heap of malware trouble.

TrendLabs researchers caught spammed email messages featuring bogus eTickets supposedly from Continental Airlines, the fourth-largest airline in the U.S. The message thanks the recipient for availing of a new service called ?Buy flight ticket Online? and provides account details (even a password). Then it makes the recipient simply print out the attached ?purchase invoice and plane ticket? before they use these, and they?re off! How convenient!

Here?s a screenshot:

More: http://blog.trendmicro.com/

- Collapse -
TROJ_AGENT.DAM
Oct 20, 2008 6:04AM PDT

There?s another wave of malware-bearing spam. This time, the spam claims that ?new clauses? have been added to the legislation regulating your online activities.

More: http://blog.trendmicro.com/

- Collapse -
TROJ_BANKER.FPF
Oct 20, 2008 6:06AM PDT

Alert ID : FrSIRT/ALRT-2008-06243
Aliases : N/A
Size : 553348 bytes
Rated as : Low Risk
Release Date : 2008-10-20


Description

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious Web sites. Upon execution, it drops a copy of itself in the system. It modifies the system registry to enable its automatic execution at every system startup. It tracks the Web browsing activities on the affected system, specifically monitoring the title and address bars. It displays a spoofed login page if a user visits certain legitimate banking sites. This routine tricks the user into giving sensitive account-related information. This Trojan logs keystrokes entered by the user in the user name and password fields of the spoofed login page.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANKER.FPF

Credits

Reported by Trend Micro

- Collapse -
TROJ_QHOST.YC
Oct 20, 2008 6:07AM PDT
- Collapse -
TROJ_BANLOAD.EXQ
Oct 20, 2008 6:08AM PDT
- Collapse -
TROJ_ZBOT.AJC
Oct 20, 2008 6:09AM PDT
- Collapse -
Troj/Gida-A
Oct 20, 2008 7:53AM PDT
- Collapse -
Troj/Dwnldr-HJK
Oct 20, 2008 7:54AM PDT
- Collapse -
Troj/Drop-BC
Oct 20, 2008 7:56AM PDT