 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Skintrim-D
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojskintrimd.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpdfexad.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/OnLineG-BJ is a Trojan for the Windows platform.
When first run Troj/OnLineG-BJ copies itself to <Windows>\help\EB6C4499B05F.exe and creates the following files:
<Root>\1.hiv
<Root>\2.hiv
<Current Folder>\2.bat
<Windows>\1.bat
<Windows>\help\EB6C4499B05F.dll
The file EB6C4499B05F.dll is detected as Mal/LineDLL-B. The other files are not malicious and may be deleted.
The file EB6C4499B05F.dll is registered as a COM object and shell extension, creating registry entries under:
HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{1DBD6574-D6D0-4782-94C3-69619E719765}
http://www.sophos.com/security/analyses/viruses-and-spyware/trojonlinegbj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirgs.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/DwnLdr-HJR is a Trojan for the Windows platform.
Troj/DwnLdr-HJR includes functionality to access the internet and communicate with a remote server via HTTP.
When first run, Troj/DwnLdr-HJR creates the following file:
<System>\CbEvtSvc.exe
which is also detected as Troj/DwnLdr-HJR.
The file CbEvtSvc.exe is registered as a new system driver service named "CbEvtSvc", with a display name of "CbEvtSvc" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\
The following registry entry is changed:
HKCU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqqb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Bancos-BEQ is a Trojan for the Windows platform.
Troj/Bancos-BEQ includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Bancos-BEQ is installed the following files are created:
<User>\Application Data\MicrosoftGenuine.exe
<User>\Application Data\winmanager.sys
<System>\drivers\winmanager.sys
<System>\skandisk.dll
The file MicrosoftGenuine.exe and winmanager.sys are detected as Troj/Bancos-BEQ. The file skandisk.dll is not malicious and may be deleted.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancosbeq.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentibc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiba.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagential.html?_log_from=rss
Category Viruses and Spyware
Type Virus
W32/Virut-Gen is a family of viruses for the Windows platform.
When a member of W32/Virut-Gent is run it attempts to hook itself into the system and infect files by appending itself.
Members of W32/Virut-Gen may also connect to IRC networks in an attempt to spread itself over the internet.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32virutgen.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthny.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32voteraib.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmivb.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankerenz.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
Characteristics Drops more malware
http://www.sophos.com/security/analyses/viruses-and-spyware/malpdfexb.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/ObfJS-BH is a malicious JavaScript within a web page.
http://www.sophos.com/security/analyses/viruses-and-spyware/malobfjsbh.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/ObfJS-BF is an obfuscated JavaScript within a web page intended to exploit vulnerabilities in the browser in order to infect the victim with malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/malobfjsbf.html?_log_from=rss
Name : Trojan:Java/Konov.A
Detection Names : Trojan-SMS.J2ME.Konov.b
Trojan:Java/Konov.A
Aliases : Troj/Konov.A (Sophos)
Trojan.Konov.A (Symantec)
Type: Trojan
Category: Malware
Platform: Java
Summary
Konov is a Java (J2ME) trojan.
Konov will work on most phones capable of executing Java programs. Once executed Konov will send SMS messages to premium rate numbers.
http://www.f-secure.com/v-descs/trojan_java_konov_a.shtml
Type: Virus
W32.Slugin.A is a virus that opens a back door and spreads by infecting executable files found on all drives accessible from the compromised computer.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-102512-3719-99
Type: Virus
W32.Slugin.A!inf is a detection for files infected with W32.Slugin.A.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-102513-4113-99
Aliases Trojan-Downloader.Win32.Bagle.aep
Category Viruses and Spyware
Type Worm
W32/Bagle-TZ is a worm for the Windows platform.
W32/Bagle-TZ includes functionality to access the internet and communicate with a remote server via HTTP.
Registry entries are created under:
HKCU\Software\FFC
http://www.sophos.com/security/analyses/viruses-and-spyware/w32bagletz.html?_log_from=rss
Aliases W32/Bagle.gen
Email-Worm.Win32.Bagle.of
Category Viruses and Spyware
Type Worm
W32/Bagle-TY is a worm for the Windows platform.
When first run W32/Bagle-TY copies itself to:
<System>\mdelk.exe
<System>\wintems.exe
W32/Bagle-TY sets the following registry entries, disabling the automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).
http://www.sophos.com/security/analyses/viruses-and-spyware/w32baglety.html?_log_from=rss
Aliases W32/Bagle.gen
Win32/Bagle.PJ worm
Email-Worm.Win32.Bagle.of
Category Viruses and Spyware
Type Worm
W32/Bagle-TX is a worm for the Windows platform.
When first run W32/Bagle-TX copies itself to:
<System>\mdelk.exe
<System>\wintems.exe
W32/Bagle-TX sets the following registry entries, disabling the automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).
http://www.sophos.com/security/analyses/viruses-and-spyware/w32bagletx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Zlob-APW is a Trojan for the Windows platform.
Troj/Zlob-APW includes functionality to access the internet and communicate with a remote server via HTTP.
Registry entries are created under:
HKCU\Software\Applications
HKCR\multimediaControls.chl\CLSID
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobapw.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Tiotua-U is a Trojan for the Windows platform.
Troj/Tiotua-U includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Tiotua-U copies itself to:
<Windows>\chrome.exe
<System>\chrome.exe
and creates the file <System>\autorun.ini.
The following registry entry is created to run chrome.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\chrome.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojtiotuau.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Psyme-KJ is a malicious script embedded in web pages that attempts to exploit browser vulnerabilities in order to download and run other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpsymekj.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Wind
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbxa.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentibh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentibg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentibf.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic