VIRUS \ Spyware ALERTS - October 23, 2008

Category Viruses and Spyware

Type Trojan

Troj/OnLineG-BI is a Trojan for the Windows platform.

When Troj/OnLineG-BI is installed the following files are created:

<System>\window32.dat
<System>\window32.dll

The file window32.dat is not malicious and may be deleted. The file window32.dll is detected as Troj/OnLineG-BI.

The file window32.dll is registered as a new service named "Windows Rat ". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Windows Rat


http://www.sophos.com/security/analyses/viruses-and-spyware/trojonlinegbi.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiab.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiaa.html?_log_from=rss

Category Viruses and Spyware

Type Virus

W32/Virut-Gen is a family of viruses for the Windows platform.

When a member of W32/Virut-Gent is run it attempts to hook itself into the system and infect files by appending itself.

Members of W32/Virut-Gen may also connect to IRC networks in an attempt to spread itself over the internet

http://www.sophos.com/security/analyses/viruses-and-spyware/w32virutgen.html?_log_from=rss

Aliases Worm.Win32.AutoRun.rad

Category Viruses and Spyware

Type Worm

W32/AutoRun-MQ is a worm for the Windows platform.

W32/AutoRun-MQ includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/AutoRun-MQ copies itself to <System>\lljyn081017.exe and creates the following files:

<User>\lljyndf16.ini
<Temporary Internet Files>\Content.IE5\od6fwfox\bc1[1].htm
<System>\llajyn32a.dll

The file llajyn32a.dll is detected as Mal/DelpDldr-F.

The following registry entry is created to run lljyn081017.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
llajyn_df
<System>\lljyn081017.exe

W32/AutoRun-MQ changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunmq.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallemo.html?_log_from=rss

Aliases TR/Spy.Agent.BA.1
Infostealer.Bzup

Category Viruses and Spyware

Type Trojan

Troj/PWS-AUZ is a password stealing Trojan for the Windows platform.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauz.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows
Characteristics Installs itself in the registry

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsauy.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Mdrop-BVA is a dropper/installer for Troj/Pushu-Gen.

When run Troj/Mdrop-BVA installs the file <System>\drivers\Hcj51.sys (detected as Troj/Pushu-Gen) and registers this file as a new system driver service named "Hcj51". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Hcj51

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbva.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeis.html?_log_from=rss

Aliases Infostealer.Banpaes
TrojanSpy:Win32/Banker
Trojan-Banker.Win32.Banker.atx
TR/Spy.Bavaria

Category Viruses and Spyware

Type Trojan

Troj/Bank-G is a password stealing Trojan for the Windows platform that targets internet banking usernames and passwords.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankg.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiae.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Agent-HHW is a Trojan for the Windows platform.

Troj/Agent-HHW includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthhw.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojrukapd.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Psyme-KI is a malicious script embedded in web pages that attempts to exploit browser vulnerabilities in order to download and run other malware.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpsymeki.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavff.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeir.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojclickerfa.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Bckdr-QPZ is a Trojan for the Windows platform.

When installed Troj/Bckdr-QPZ copies itself to

<UserProfile>\scvhost.exe
<System>\scvhost.exe

and creates the following files:

<UserProfile>\FindFile.exe
<UserProfile>\EXE.ini

The file FindFile.exe is detected as Mal/RootKit-A. The file EXE.ini can be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpz.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiag.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiaf.html?_log_from=rss

Aliases Trojan-Downloader.Win32.Agent.aknt

Category Viruses and Spyware

Type Trojan

Troj/Agent-IAD is a Trojan for the Windows platform.

When first run Troj/Agent-IAD copies itself to <Windows>\9129837.exe and creates the following file:

<Windows>\new_drv.sys

The file new_drv.sys is detected as Troj/Rootkit-DK.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiad.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows
Characteristics Drops more malware

http://www.sophos.com/security/analyses/viruses-and-spyware/malpdfexb.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojlineaggn.html?_log_from=rss

Aliases TrojanSpy:Win32/Gimmiv.A

Category Viruses and Spyware

Type Trojan

Troj/Gimmiv-A is a Trojan for the Windows platform.

When Troj/Gimmiv-A is run, the following file is dropped:

<System>\wbem\sysmgr.dll

This file is also detected as Troj/Gimmiv-A.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfg.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeiu.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeit.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Dload-EA drops a virtual copy of itself in <System>\msansspc.dll and modifies the following registry entry:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders
<defaut value>, msansspc.dll

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadea.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows
Characteristics Drops more malware

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdooraou.html?_log_from=rss