VIRUS \ Spyware ALERTS - October 3, 2008

Category Viruses and Spyware

Type Trojan

Troj/Fujif-Gen is a family of files, usually affected by members of the W32/Fujacks and W32/Pardona family of viruses.

Members of Troj/Fujif-Gen are usually a clean file that has been modified to include an iframe pointing to remote malicious code.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfujifgen.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealehy.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/Doc-Zip is a family of zip files that contain malware.

Members of Troj/Doc-Zip are usually sent in spam pretending to contain information in an attached document, and the zip file containing the document is often password-protected.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdoczip.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloaddp.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/BHO-HG is a Trojan for the Windows platform.

When run, Troj/BHO-HG creates the files:
<System>\retasevo.dll - detected as Troj/BHO-HG
<System>\tesawuzo.dll - detected as Troj/BHO-HG
<System>\kewuziga.dll - detected as Troj/BHO-HG

The following registry entries are set:

HKCR\CLSID\{794cc7e0-a911-4eb7-8e9f-de06450b3747}\InprocServer32\
(default)
<System>\tesawuzo.dll

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohg.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpl.html?_log_from=rss

Category Viruses and Spyware

Type Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthnf.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malwintrima.html?_log_from=rss

Aliases 157-Trojan-Win32-Zlob.gen-P

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkfj.html?_log_from=rss

Malware type: Trojan

Malware Overview

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. A sample screenshot is given below:


More:http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSMALL%2EMEZ

Category Viruses and Spyware

Type Trojan

Troj/PWS-AUD is a Trojan for the Windows platform.

When run, the following files are created:

<System>\7335775971.cpx (Detected as Troj/PWS-AUD)
<System>\73357759712.CPX (not malicious)
<System>\73357759721.cpx (not malicious)

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
wave1
7335775971.CPX


http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsaud.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbrp.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/BHO-HF is a Trojan for the Windows platform.

Troj/BHO-HF may install a new version of the file <System>\msxml71.dll (also detected as Troj/BHO-HF).

Registry entries are created under:

HKCR\XML.XML

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohf.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthux.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malmdropi.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav298.html?_log_from=rss

Category Viruses and Spyware

Type Virus

W32/Vesic-A is a appending virus for the Windows platform.

When executed the virus will drop its viral code to the file
sst.exe in the Windows system folder which it will then
execute.

W32/Vesic-A searches through the C:\ drive of the infected
computer adding itself to executables.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32vesica.html?_log_from=rss

Category Viruses and Spyware

Type Virus

How it spreads Infected files

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32stayta.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojspyba.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojautoitx.html?_log_from=rss

Category Adware or PUA

Type Unspecified PUA

App/HomeKey-Ins is an installer for the HomeKeyLogger key logging utility.


http://www.sophos.com/security/analyses/adware-and-puas/homekeyloggerins_nwAsO2Rg.html?_log_from=rss

Category Adware or PUA

Type Unspecified PUA

HomeKeyLogger is a key logging application for the Windows platform.

When HomeKeyLogger is installed the following files are created:

<Start Menu\Programs>\Home Key Logger\Dir.lnk
<Start Menu\Programs>\Home Key Logger\Home Key Logger.lnk
<Start Menu\Programs>\Home Key Logger\Links\Download lastest version.lnk
<Start Menu\Programs>\Home Key Logger\Links\Mail to support.lnk
<Start Menu\Programs>\Home Key Logger\Links\Program's home page.lnk
<Start Menu\Programs>\Home Key Logger\Links\Try Family Key Logger.lnk
<Start Menu\Programs>\Home Key Logger\Other Products.lnk
<Start Menu\Programs>\Home Key Logger\Quick Start.lnk
<Start Menu\Programs>\Home Key Logger\Uninstall.lnk
<Start Menu\Programs>\Home Key Logger\faq.lnk
<Program Files>\HomeKeylogger\FAQ.html
<Program Files>\HomeKeylogger\KeyLogger.Dll - HomeKeyLogger
<Program Files>\HomeKeylogger\KeyLogger.exe - HomeKeyLogger
<Program Files>\HomeKeylogger\Links\Download lastest version.url
<Program Files>\HomeKeylogger\Links\Mail to support.url
<Program Files>\HomeKeylogger\Links\Program's home page.url
<Program Files>\HomeKeylogger\Links\Try Family Key Logger.url
<Program Files>\HomeKeylogger\OtherProducts.html
<Program Files>\HomeKeylogger\QuickStart.html
<Program Files>\HomeKeylogger\bg1.gif
<Program Files>\HomeKeylogger\fkllogo.gif
<Program Files>\HomeKeylogger\license.txt
<Program Files>\HomeKeylogger\readme.txt
<Program Files>\HomeKeylogger\uninstall.exe

More: http://www.sophos.com/security/analyses/adware-and-puas/homekeylogger.html?_log_from=rss

Type Program SubType Adware

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

http://vil.mcafeesecurity.com/vil/content/v_151691.htm

( Skintrim.gen, Trojan:Win32/Skintrim, Win32:ScarMorph )

SYMPTOMS:

Pop-ups advertisements may appear. Some versions create %SYSTEM%\nvs2.inf file.


TECHNICAL DESCRIPTION:

The Adware.NaviPromo malware family is an advanced and difficult-to-detect adware that runs silently on the infected computer. It uses rootkit techniques to hide its files on disk and memory. It also hides its registry entries.

http://www.bitdefender.com/VIRUS-1000408-en--Adware.NaviPromo.Gen.2.html

Type Program SubType Adware

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Type Program SubType Adware

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Type Program SubType Adware

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Type Trojan SubType Password

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Characteristics
Characteristics -

File Property Property Value
FileName sample.exe

http://vil.mcafeesecurity.com/vil/content/v_151703.htm

Type Program

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 6.exe

http://vil.mcafeesecurity.com/vil/content/v_151701.htm

Type Program

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 6.exe

http://vil.mcafeesecurity.com/vil/content/v_151705.htm