Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 23, 2008

Oct 22, 2008 2:36PM PDT

Discussion is locked

- Collapse -
Troj/OnLineG-BI
Oct 22, 2008 2:37PM PDT

Category Viruses and Spyware

Type Trojan

Troj/OnLineG-BI is a Trojan for the Windows platform.

When Troj/OnLineG-BI is installed the following files are created:

<System>\window32.dat
<System>\window32.dll

The file window32.dat is not malicious and may be deleted. The file window32.dll is detected as Troj/OnLineG-BI.

The file window32.dll is registered as a new service named "Windows Rat ". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Windows Rat


http://www.sophos.com/security/analyses/viruses-and-spyware/trojonlinegbi.html?_log_from=rss

- Collapse -
Troj/Agent-IAB
Oct 22, 2008 2:38PM PDT
- Collapse -
Troj/Agent-IAA
Oct 22, 2008 2:39PM PDT
- Collapse -
W32/Virut-Gen
Oct 23, 2008 12:57AM PDT
- Collapse -
W32/AutoRun-MQ
Oct 23, 2008 12:59AM PDT

Aliases Worm.Win32.AutoRun.rad

Category Viruses and Spyware

Type Worm

W32/AutoRun-MQ is a worm for the Windows platform.

W32/AutoRun-MQ includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/AutoRun-MQ copies itself to <System>\lljyn081017.exe and creates the following files:

<User>\lljyndf16.ini
<Temporary Internet Files>\Content.IE5\od6fwfox\bc1[1].htm
<System>\llajyn32a.dll

The file llajyn32a.dll is detected as Mal/DelpDldr-F.

The following registry entry is created to run lljyn081017.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
llajyn_df
<System>\lljyn081017.exe

W32/AutoRun-MQ changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunmq.html?_log_from=rss

- Collapse -
Troj/Small-EMO
Oct 23, 2008 1:00AM PDT
- Collapse -
Troj/PWS-AUZ
Oct 23, 2008 1:01AM PDT
- Collapse -
Troj/PWS-AUY
Oct 23, 2008 1:02AM PDT
- Collapse -
Troj/Mdrop-BVA
Oct 23, 2008 1:03AM PDT
- Collapse -
Troj/FakeAle-IS
Oct 23, 2008 1:04AM PDT
- Collapse -
Troj/Bank-G
Oct 23, 2008 1:05AM PDT
- Collapse -
Troj/Agent-IAE
Oct 23, 2008 1:06AM PDT
- Collapse -
Troj/Agent-HHW
Oct 23, 2008 1:07AM PDT
- Collapse -
Troj/Rukap-D
Oct 23, 2008 2:38AM PDT
- Collapse -
Troj/Psyme-KI
Oct 23, 2008 2:39AM PDT
- Collapse -
Troj/FakeAV-FF
Oct 23, 2008 2:41AM PDT
- Collapse -
Troj/FakeAle-IR
Oct 23, 2008 2:42AM PDT
- Collapse -
Troj/Clicker-FA
Oct 23, 2008 2:43AM PDT
- Collapse -
Troj/Bckdr-QPZ
Oct 23, 2008 2:44AM PDT
- Collapse -
Troj/Agent-IAG
Oct 23, 2008 2:46AM PDT
- Collapse -
Troj/Agent-IAF
Oct 23, 2008 2:47AM PDT
- Collapse -
Troj/Agent-IAD
Oct 23, 2008 2:48AM PDT
- Collapse -
Mal/PDFEx-B
Oct 23, 2008 2:50AM PDT
- Collapse -
Troj/Lineag-GN
Oct 23, 2008 5:49AM PDT
- Collapse -
Troj/Gimmiv-A
Oct 23, 2008 5:50AM PDT
- Collapse -
Troj/FakeAV-FG
Oct 23, 2008 5:51AM PDT
- Collapse -
Troj/FakeAle-IU
Oct 23, 2008 5:52AM PDT
- Collapse -
Troj/FakeAle-IT
Oct 23, 2008 5:53AM PDT
- Collapse -
Troj/Dload-EA
Oct 23, 2008 5:54AM PDT
- Collapse -
Troj/Bdoor-AOU
Oct 23, 2008 5:55AM PDT