HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - October 27, 2008

by Marianna Schmudlach / October 26, 2008 2:52 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - October 27, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - October 27, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/PDFex-AD
by Marianna Schmudlach / October 26, 2008 2:53 PM PDT
Collapse -
Troj/OnLineG-BJ
by Marianna Schmudlach / October 26, 2008 2:54 PM PDT

Category Viruses and Spyware

Type Trojan


Troj/OnLineG-BJ is a Trojan for the Windows platform.

When first run Troj/OnLineG-BJ copies itself to <Windows>\help\EB6C4499B05F.exe and creates the following files:

<Root>\1.hiv
<Root>\2.hiv
<Current Folder>\2.bat
<Windows>\1.bat
<Windows>\help\EB6C4499B05F.dll

The file EB6C4499B05F.dll is detected as Mal/LineDLL-B. The other files are not malicious and may be deleted.

The file EB6C4499B05F.dll is registered as a COM object and shell extension, creating registry entries under:

HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{1DBD6574-D6D0-4782-94C3-69619E719765}


http://www.sophos.com/security/analyses/viruses-and-spyware/trojonlinegbj.html?_log_from=rss

Collapse -
Troj/FakeVir-GS
by Marianna Schmudlach / October 26, 2008 2:55 PM PDT
Collapse -
Troj/DwnLdr-HJR
by Marianna Schmudlach / October 26, 2008 2:56 PM PDT

Category Viruses and Spyware

Type Trojan

Troj/DwnLdr-HJR is a Trojan for the Windows platform.

Troj/DwnLdr-HJR includes functionality to access the internet and communicate with a remote server via HTTP.

When first run, Troj/DwnLdr-HJR creates the following file:

<System>\CbEvtSvc.exe

which is also detected as Troj/DwnLdr-HJR.

The file CbEvtSvc.exe is registered as a new system driver service named "CbEvtSvc", with a display name of "CbEvtSvc" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\

The following registry entry is changed:

HKCU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\


http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjr.html?_log_from=rss

Collapse -
Troj/Bckdr-QQB
by Marianna Schmudlach / October 26, 2008 2:57 PM PDT
Collapse -
Troj/Bancos-BEQ
by Marianna Schmudlach / October 26, 2008 2:58 PM PDT

Category Viruses and Spyware

Type Trojan

Troj/Bancos-BEQ is a Trojan for the Windows platform.

Troj/Bancos-BEQ includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/Bancos-BEQ is installed the following files are created:

<User>\Application Data\MicrosoftGenuine.exe
<User>\Application Data\winmanager.sys
<System>\drivers\winmanager.sys
<System>\skandisk.dll

The file MicrosoftGenuine.exe and winmanager.sys are detected as Troj/Bancos-BEQ. The file skandisk.dll is not malicious and may be deleted.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancosbeq.html?_log_from=rss

Collapse -
Troj/Agent-IBC
by Marianna Schmudlach / October 26, 2008 2:59 PM PDT
Collapse -
Troj/Agent-IBA
by Marianna Schmudlach / October 26, 2008 3:00 PM PDT
Collapse -
Troj/Agent-IAL
by Marianna Schmudlach / October 26, 2008 3:01 PM PDT
Collapse -
W32/Virut-Gen
by Marianna Schmudlach / October 27, 2008 1:19 AM PDT
Collapse -
Troj/Agent-HNY
by Marianna Schmudlach / October 27, 2008 1:21 AM PDT
Collapse -
W32/Voterai-B
by Marianna Schmudlach / October 27, 2008 1:22 AM PDT
Collapse -
Troj/Gimmiv-B
by Marianna Schmudlach / October 27, 2008 1:23 AM PDT
Collapse -
Troj/Banker-ENZ
by Marianna Schmudlach / October 27, 2008 1:24 AM PDT
Collapse -
Mal/PDFEx-B
by Marianna Schmudlach / October 27, 2008 1:25 AM PDT
Collapse -
Mal/ObfJS-BH
by Marianna Schmudlach / October 27, 2008 1:26 AM PDT
Collapse -
Mal/ObfJS-BF
by Marianna Schmudlach / October 27, 2008 1:27 AM PDT
Collapse -
Trojan:Java/Konov.A
by Marianna Schmudlach / October 27, 2008 1:48 AM PDT

Name : Trojan:Java/Konov.A
Detection Names : Trojan-SMS.J2ME.Konov.b
Trojan:Java/Konov.A

Aliases : Troj/Konov.A (Sophos)
Trojan.Konov.A (Symantec)

Type: Trojan
Category: Malware
Platform: Java

Summary
Konov is a Java (J2ME) trojan.

Konov will work on most phones capable of executing Java programs. Once executed Konov will send SMS messages to premium rate numbers.

http://www.f-secure.com/v-descs/trojan_java_konov_a.shtml

Collapse -
W32.Slugin.A
by Marianna Schmudlach / October 27, 2008 2:26 AM PDT
Collapse -
W32.Slugin.A!inf
by Marianna Schmudlach / October 27, 2008 2:27 AM PDT
Collapse -
W32/Bagle-TZ
by Marianna Schmudlach / October 27, 2008 2:48 AM PDT
Collapse -
W32/Bagle-TY
by Marianna Schmudlach / October 27, 2008 2:49 AM PDT

Aliases W32/Bagle.gen
Email-Worm.Win32.Bagle.of

Category Viruses and Spyware

Type Worm

W32/Bagle-TY is a worm for the Windows platform.

When first run W32/Bagle-TY copies itself to:

<System>\mdelk.exe
<System>\wintems.exe

W32/Bagle-TY sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).

http://www.sophos.com/security/analyses/viruses-and-spyware/w32baglety.html?_log_from=rss

Collapse -
W32/Bagle-TX
by Marianna Schmudlach / October 27, 2008 2:52 AM PDT

Aliases W32/Bagle.gen
Win32/Bagle.PJ worm
Email-Worm.Win32.Bagle.of

Category Viruses and Spyware

Type Worm

W32/Bagle-TX is a worm for the Windows platform.

When first run W32/Bagle-TX copies itself to:

<System>\mdelk.exe
<System>\wintems.exe

W32/Bagle-TX sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).

http://www.sophos.com/security/analyses/viruses-and-spyware/w32bagletx.html?_log_from=rss

Collapse -
Troj/Zlob-APW
by Marianna Schmudlach / October 27, 2008 2:53 AM PDT
Collapse -
Troj/Tiotua-U
by Marianna Schmudlach / October 27, 2008 2:54 AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Tiotua-U is a Trojan for the Windows platform.

Troj/Tiotua-U includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Tiotua-U copies itself to:

<Windows>\chrome.exe
<System>\chrome.exe

and creates the file <System>\autorun.ini.

The following registry entry is created to run chrome.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\chrome.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojtiotuau.html?_log_from=rss

Collapse -
Troj/Psyme-KJ
by Marianna Schmudlach / October 27, 2008 2:55 AM PDT
Collapse -
Troj/Dloadr-BXA
by Marianna Schmudlach / October 27, 2008 2:56 AM PDT
Collapse -
Troj/Agent-IBH
by Marianna Schmudlach / October 27, 2008 2:57 AM PDT
Collapse -
Troj/Agent-IBG
by Marianna Schmudlach / October 27, 2008 2:58 AM PDT
Collapse -
Troj/Agent-IBF
by Marianna Schmudlach / October 27, 2008 2:59 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.