 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Agent-HVK
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvk.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbifrosewk.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvm.html?_log_from=rss
Aliases Trojan-Downloader.Win32.CodecPack.bc
Category Viruses and Spyware
Type Trojan
Troj/Agent-HVL is a Trojan for the Windows platform.
Troj/Agent-HVL includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-HVL is installed it creates the file <Temp>\a..bat.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvl.html?_log_from=rss
Aliases Win32/Sality.gen
W32/Sality.dll
New Win32.s
Category Viruses and Spyware
Type Virus
W32/Sality-AM is a virus for the Windows platform.
The virus includes the functionality to download additional files from a remote location.
When first run, the virus may infect executables in the root folder, files on network shares, and files it may find based on the following registry locations:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
http://www.sophos.com/security/analyses/viruses-and-spyware/w32salityam.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunla.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealehz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhis.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhir.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvo.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvn.html?_log_from=rss
Discovered: October 6, 2008
Downloader.Misapp!zip is a detection for password-protected .zip files, which may arrive as an attachment to a spammed email.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100610-0407-99
Category Viruses and Spyware
Type Worm
W32/Tilebot-KZ is a worm for the Windows platform.
W32/Tilebot-KZ includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Tilebot-KZ copies itself to <System>\drivers\LBTWiz.exe.
The following registry entry is created to run LBTWiz.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LBTWiz.exe
<System>\drivers\LBTWiz.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32tilebotkz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloaddv.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloaddu.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloaddt.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvr.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvq.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
When first run, Troj/Agent-HVP copies itself to the following location:
<System>\systeminit.exe
Troj/Agent-HVP also overwrites the following Windows system file with a malicious version:
<System>\drivers\beep.sys
The following registry entry is created in order to ensure that this file is loaded even in safe mode:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
beep.sys
beep
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvp.html?_log_from=rss
Discovered: October 6, 2008
Updated: October 6, 2008 9:59:08 AM
Type: Virus
Infection Length: 63,786 bytes
W32.Poskiwing is a worm that spreads by copying itself to removable and network drives. It also infects certain files and may open a back door on the compromised computer
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100605-1605-99
Aliases Win32.HLLP.Dugert.a
Category Viruses and Spyware
Type Virus
W32/Dugert-A is a virus for the Windows platform, not including
Windows 95, 95, ME or earlier.
W32/Dugert-A infects executable files with an extension of EXE located
on drives C: - Z:.
W32/Dugert-A tries to avoid infecting system executables.
The virus creates temporary files in the current folder named
<random1>.<random2> where <random1> is a random number within the range
0 - 9999 and <random2> is a random number within the range 0 - 999.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32dugerta.html?_log_from=rss
Aliases Trojan.Zlob
Category Viruses and Spyware
Type Trojan
Troj/Zlob-AOX is a downloader Trojan for the Windows platform.
The installer for Troj/Zlob-AOX drops a randomly named DLL to the System folder and registers this DLL as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D682D50-876E-454C-90BE-EFE6028FE389}
HKCR\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
HKCR\Interface\{7400E82A-929B-462A-BA8D-A7ED73843144}
HKCR\Interface\{1D745E53-A313-4CC4-9D5D-F6B655BE9167}
HKCR\CLSID\{5D682D50-876E-454C-90BE-EFE6028FE389}
HKCR\gigant.Bho
HKCR\monamia2
The installer then creates a hidden instance of Microsoft Internet Explorer to activate the DLL.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobaox.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Mdrop-BWC drops the file <Windows>\Debug\<Random Number>.dll which is detected as Mal/Emogen-N.
Troj/Mdrop-BWC disables security applications by creating the following registry value for each <Executable Name> it disables:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<Executable Name>
Debugger
IFEOFILE
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbwc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BUP is a downloader Trojan for the Windows platform.
When first run Troj/Dloadr-BUP copies itself to <Windows>\updater.com with the hidden, system and read-only attributes set and creates the following registry entries to run updater.com on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Windows Updater
updater.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Windows Updater
updater.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Updater
updater.com
The following registry entries are set, disabling system software:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableRegistrytools
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableTaskMgr
1
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbup.html?_log_from=rss
Aliases Trojan-Downloader.Win32.Agent.aiuc
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BUO is a downloader Trojan for the Windows platform.
When first run Troj/Dloadr-BUO moves itself to <System>\userinit.exe, replacing the Microsoft system file which it copies to <System>\stus.exe.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbuo.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/PHPInfo-A is a PHP script that provides information about the server on which it is hosted. Mal/PHPInfo-A is usually seen on hacked websites.
http://www.sophos.com/security/analyses/viruses-and-spyware/malphpinfoa.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic