Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 30, 2008

Oct 29, 2008 3:06PM PDT

Discussion is locked

- Collapse -
Troj/Agent-ICK
Oct 30, 2008 6:07AM PDT
- Collapse -
Troj/Agent-ICJ
Oct 30, 2008 6:08AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Agent-ICJ is a Trojan for the Windows platform.

Troj/Agent-ICJ includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Agent-ICJ copies itself to <Program Files>\Microsoft Common\wuauclt.exe.

The following registry entry is changed to run wuauclt.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger
<Program Files>\Microsoft Common\wuauclt.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenticj.html?_log_from=rss

- Collapse -
Statements, reports, tracking numbers and tickets
Oct 30, 2008 6:12AM PDT

Thursday, October 30, 2008

Over the last 48 hours we've seen a huge increase in ZIP'd malicious email attachments being spammed. The subjects have been:

Your Tracking #xxxxxxxx (where xxxxxxx is a random number)
New Ticket #xxxxx (where xxxxx is a random number)
Accounts Operations Report
Your Statement between 1/1/08 and 10/30/08


The ZIP file typically contains a file that looks like a document (.DOC) but it is really an EXE, there's just a lot of whitespaces between .DOC and .EXE.

More: http://www.f-secure.com/weblog/

- Collapse -
TROJ_BANLOAD.JC.
Oct 30, 2008 7:06AM PDT

Portuguese YouTube Spam Leads Users To Japan, Then To Malware

Our honeypots captured spammed email messages, written in Portugese, supposedly coming from the popular video sharing website YouTube.

More: http://blog.trendmicro.com/

- Collapse -
TROJ_CHOST.E
Oct 30, 2008 7:07AM PDT

Popular Mexican News Anchor Died!

At least that?s what a new spam run tells you.

Email messages claiming to be from Esmas, the largest television network in Mexico and also the world?s largest producer of Spanish language media, inform users that Joaqu

- Collapse -
Troj/FakeAV-FS
Oct 30, 2008 7:26AM PDT

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-FS is a Trojan for the Windows platform.

Troj/FakeAV-FS includes functionality to access the internet and communicate with a remote server via HTTP.

The following registry entry is created to run Troj/FakeAV-FS on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
InstallProgram
<pathname of the Trojan executable>

Registry entries are created under:

HKCU\Software\Solt Lake Software\Pro Antispyware 2009

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfs.html?_log_from=rss

- Collapse -
Troj/BHO-HB
Oct 30, 2008 7:27AM PDT
- Collapse -
Troj/Agent-ICF
Oct 30, 2008 7:28AM PDT
- Collapse -
Troj/Zlob-AQC
Oct 30, 2008 11:02AM PDT
- Collapse -
Troj/FakeVir-GW
Oct 30, 2008 11:03AM PDT
- Collapse -
Troj/FakeAl-C
Oct 30, 2008 11:04AM PDT
- Collapse -
Troj/Dwnldr-HJU
Oct 30, 2008 11:05AM PDT
- Collapse -
Mal/Zlob-AC
Oct 30, 2008 11:06AM PDT
- Collapse -
MSN Hook Library
Oct 30, 2008 11:07AM PDT