Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 21, 2008

by Marianna Schmudlach Oct 20, 2008 12:00PM PDT

W32/Fanbot-I

Aliases Worm.Win32.AutoRun.qxz

Category Viruses and Spyware

Type Worm

W32/Fanbot-I is a worm for the Windows platform.

W32/Fanbot-I includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/Fanbot-I copies itself to <System>\llwzjy081019.exe and creates the following files:

<User>\jjjydf16.ini
<Temporary Internet Files>\Content.IE5\od6fwfox\bc1[1].htm
<System>\mvjaj32dla.dll

The file mvjaj32dla.dll is detected as Mal/Behav-236.


http://www.sophos.com/security/analyses/viruses-and-spyware/w32fanboti.html?_log_from=rss

Discussion is locked

31 - 60 of 44 Posts
- Collapse + Expand Details
- Collapse -
Troj/Agent-HZI
by Marianna Schmudlach Oct 21, 2008 4:35AM PDT
- Collapse -
Mal/Behav-300
by Marianna Schmudlach Oct 21, 2008 5:46AM PDT
- Collapse -
Mal/StartPa-D
by Marianna Schmudlach Oct 21, 2008 5:47AM PDT
- Collapse -
Troj/Drop-BC
by Marianna Schmudlach Oct 21, 2008 5:48AM PDT
- Collapse -
Troj/Dwnldr-HJK
by Marianna Schmudlach Oct 21, 2008 5:49AM PDT
- Collapse -
Troj/KeyLgr-A
by Marianna Schmudlach Oct 21, 2008 5:50AM PDT
- Collapse -
HTML_EXPLOIT.NI
by Marianna Schmudlach Oct 21, 2008 5:51AM PDT

Alert ID : FrSIRT/ALRT-2008-06317
Aliases : N/A
Size : 2078 bytes
Rated as : Low Risk
Release Date : 2008-10-21


Description

This malicious HTML file may be downloaded unknowingly by a user when visiting malicious Web sites. It may be hosted on a Web site and run when a user accesses the said Web site.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_EXPLOIT.NI

Credits

Reported by Trend Micro

- Collapse -
TROJ_BANKER.FRU
by Marianna Schmudlach Oct 21, 2008 5:51AM PDT

Alert ID : FrSIRT/ALRT-2008-06318
Aliases : N/A
Size : 5124587 bytes
Rated as : Low Risk
Release Date : 2008-10-21


Description

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious Web sites. Upon execution, it drops a copy of itself in the system. It creates registry entry to enable its automatic execution at every system startup. It tracks the Web browsing activities on the affected system, specifically monitoring the title and address bars. It displays a spoofed login page if a user visits certain legitimate banking Web sites. This routine tricks the user into giving sensitive account-related information. It also logs keystrokes entered by the user in the user name and password fields of the spoofed login page. It sends the gatherd information to a server via HTTP post.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANKER.FRU

Credits

Reported by Trend Micro

- Collapse -
TROJ_ZBOT.AJD
by Marianna Schmudlach Oct 21, 2008 5:52AM PDT
- Collapse -
TROJ_BANKER.EBN
by Marianna Schmudlach Oct 21, 2008 5:53AM PDT
- Collapse -
Troj/PWS-AUT
by Marianna Schmudlach Oct 21, 2008 5:54AM PDT
- Collapse -
Troj/FakeAV-FC
by Marianna Schmudlach Oct 21, 2008 5:56AM PDT
- Collapse -
Troj/Agent-HZU
by Marianna Schmudlach Oct 21, 2008 5:57AM PDT
- Collapse -
Troj/Agent-HZR
by Marianna Schmudlach Oct 21, 2008 5:58AM PDT
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info