Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 31, 2008

by Marianna Schmudlach Oct 30, 2008 3:00PM PDT

W32/Yahlov-A


Aliases W32/Yahlover.worm.gen.f virus
TROJ_MALBEHV.AB
Trojan.Win32.Autoit.dq
W32.SillyFDC

Category Viruses and Spyware

Type Worm


W32/Yahlov-A is a worm for the Windows platform.

W32/Yahlov-A speads by copying itself to network shares and removable drives.

W32/Yahlov-A copies itself to the root folder of removeable drives with a randomly generated filename and creates an autorun.inf file in the root folder of the drive in an attempt to run the copy when the drive is loaded. Both the copy and the autorun.inf file will have the system, hidden and read-only attributes set.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32yahlova.html?_log_from=rss

Discussion is locked

1 - 30 of 62 Posts
- Collapse + Expand Details
- Collapse -
Troj/Spy-BH
by Marianna Schmudlach Oct 30, 2008 3:03PM PDT
- Collapse -
Troj/DwnLdr-HJV
by Marianna Schmudlach Oct 30, 2008 3:04PM PDT
- Collapse -
Troj/Dloadr-BXM
by Marianna Schmudlach Oct 30, 2008 3:05PM PDT
- Collapse -
Troj/Bankr-C
by Marianna Schmudlach Oct 30, 2008 3:06PM PDT
- Collapse -
Troj/Agent-ICN
by Marianna Schmudlach Oct 30, 2008 3:07PM PDT
- Collapse -
Troj/Agent-ICM
by Marianna Schmudlach Oct 30, 2008 3:08PM PDT
- Collapse -
Mal/Renos-D
by Marianna Schmudlach Oct 31, 2008 12:38AM PDT
- Collapse -
spyware doctor license code for 6.0
by sravanth72 Nov 2, 2008 1:37AM PDT

hi my name is munna i want the license key code and name .so that i can delete my viruses in the system so plz send me the details as soon as possible waiting for your reply

- Collapse -
Re: spyware doctor license code for 6.0
by Marianna Schmudlach Nov 2, 2008 1:47AM PDT
- Collapse -
Mal/EncPk-FD
by Marianna Schmudlach Oct 31, 2008 12:39AM PDT
- Collapse -
W32/Small-EMQ
by Marianna Schmudlach Oct 31, 2008 12:40AM PDT
- Collapse -
W32/Sdbot-DNI
by Marianna Schmudlach Oct 31, 2008 12:41AM PDT
- Collapse -
W32/Autorun-NH
by Marianna Schmudlach Oct 31, 2008 12:42AM PDT
- Collapse -
W32/Autorun-KO
by Marianna Schmudlach Oct 31, 2008 12:43AM PDT
- Collapse -
Troj/VBDown-G
by Marianna Schmudlach Oct 31, 2008 12:44AM PDT
- Collapse -
Troj/Rootkit-DX
by Marianna Schmudlach Oct 31, 2008 12:45AM PDT
- Collapse -
Troj/PWS-AVI
by Marianna Schmudlach Oct 31, 2008 12:45AM PDT
- Collapse -
Troj/Agent-ICO
by Marianna Schmudlach Oct 31, 2008 12:46AM PDT
- Collapse -
Sus/ObfJS-BI
by Marianna Schmudlach Oct 31, 2008 12:48AM PDT
- Collapse -
Trojan.Reglirer
by Marianna Schmudlach Oct 31, 2008 1:34AM PDT
- Collapse -
W32/Mourn-A
by Marianna Schmudlach Oct 31, 2008 1:42AM PDT
- Collapse -
Troj/Renos-BL
by Marianna Schmudlach Oct 31, 2008 1:43AM PDT
- Collapse -
Troj/FakeAv-FU
by Marianna Schmudlach Oct 31, 2008 1:44AM PDT

Category Viruses and Spyware

Type Trojan

Troj/FakeAv-FU is a Trojan for the Windows platform.

Troj/FakeAv-FU includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/FakeAv-FU is first run it copies itself to <Profile>\Application Data\winlogon.exe and creates the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTEMON.EXE
<Profile>\Application Data\winlogon.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfu.html?_log_from=rss

- Collapse -
Troj/Agent-ICR
by Marianna Schmudlach Oct 31, 2008 1:45AM PDT
- Collapse -
Troj/Agent-ICQ
by Marianna Schmudlach Oct 31, 2008 1:46AM PDT
- Collapse -
TROJ_GAMETHI.DDV
by Marianna Schmudlach Oct 31, 2008 5:42AM PDT
- Collapse -
TROJ_ZBOT.AJR
by Marianna Schmudlach Oct 31, 2008 5:43AM PDT

Alert ID : FrSIRT/ALRT-2008-06649
Aliases : N/A
Size : 67584 bytes
Rated as : Low Risk
Release Date : 2008-10-31


Description

This Trojan arrives as a file downloaded from a certain URL. Upon execution, it drops a copy of itself and its components in the system. It modifies the system registry to enable its automatic execution at every system startup. It then attempts to access a certain Web site to download its configuration file. The said file contains information on where the malware can download an updated copy of itself, and on where it can send its stolen data. This configuration file also contains a list of targeted bank-related Web sites to monitor from which it steals information. Once users accesses any of the monitored sites, this Trojan starts logging keystrokes. It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data. It has rootkit capabilities, which enables it to hide its processes and files from the user.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ZBOT.AJR

Credits

Reported by Trend Micro

- Collapse -
AH.Farfli.0
by Marianna Schmudlach Oct 31, 2008 5:45AM PDT

Alert ID : FrSIRT/ALRT-2008-06643
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-31


Description

AH.Farfli.0 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-103115-3559-99

Credits

Reported by Symantec

- Collapse -
AH.Farfli.1
by Marianna Schmudlach Oct 31, 2008 5:45AM PDT

Alert ID : FrSIRT/ALRT-2008-06644
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-31


Description

AH.Farfli.1 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-103115-5014-99

Credits

Reported by Symantec

- Collapse -
MH.Farfli.0
by Marianna Schmudlach Oct 31, 2008 5:46AM PDT

Alert ID : FrSIRT/ALRT-2008-06645
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-31


Description

MH.Farfli.0 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-103116-0436-99

Credits

Reported by Symantec

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info