 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
W32/Autorun-LB
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlb.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdroprai.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvt.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvs.html?_log_from=rss
Type : Trojan
Category : Win32
Also known as: FakeAlert-AB.dr (McAfee), Troj/Agent-HRF (Sophos), Trojan.Fakeavalert (Symantec)
Description
Win32/Starimp.AX is a trojan that steals sensitive information from a system and posts it to a remote server. It also downloads and executes additional files.
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=73444
Type Trojan SubType Script
JS/Generic Exploit.h provides generic detection for CVE-2008-1309.
http://vil.mcafeesecurity.com/vil/content/v_147692.htm
SYMPTOMS:
There are no obvious symptoms.
TECHNICAL DESCRIPTION:
You might remember the recent Trojan.Exploit.SSX , where a mechanism of infection trough exploits was described.
http://www.bitdefender.com/VIRUS-1000410-en--Trojan.Exploit.ANNZ.html
This Trojan has a malicious payload. The program itself is a Windows PE DLL file. It is approximately 100KB in size.
The Trojan also creates the following registry key, and save its configuration to this key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\StrtdCfg]
The Trojan also creates the following files:
%WinDir%\1.txt
%System%\__1.dat
%WinDir%\system32\mswmpdat.tlb
%WinDir%\system32\winview.ocx
The Trojan gets network configuration via the following link:
http://livenews.*****.cx/update
http://www.viruslist.com/en/viruses/encyclopedia?virusid=220267
Technical details
This Trojan downloads another program via the Internet without the user?s knowledge or consent. It is a Visual Basic Script file. It is 10881 bytes in size.
The Trojan downloads a file from the following link:
www.game*****.com/mian.exe
The downloaded file is saved to the Windows root directory as follows:
%WinDir%\svchost.exe
The file is then launched for execution.
At the time of writing, the link was not active.
http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782517
Technical details
This malicious program is a Windows PE EXE file. It is 45056 bytes in size.
Installation
When launched, the worm copies its executable file to the Windows root directory:
[%WinDir%\services.exe
In order to ensure that the worm is launched automatically each time the system is booted, it adds a link to its executable file in the system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Services" = "%WinDir%\services.exe"
http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782512
Type Program SubType Remote Access
This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
The Serv-U FTP daemon is a popular commercial FTP server. This application has been used by many trojans for malicious purposes, where files are renamed to try to fool people into thinking that they are Windows system files. These renamed files will be picked up with regular detection within the on-access or on-demand scanners.
http://vil.mcafeesecurity.com/vil/content/v_101206.htm
Type Program SubType Adware
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
File Property Property Value
FileName play_mp3.exe
McAfee Detection Adware-BrowsingHancer.dldr
http://vil.mcafeesecurity.com/vil/content/v_152205.htm
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbuq.html?_log_from=rss
Aliases BKDR_HUPIGON.AZF
Backdoor.Win32.Hupigon.ccu
Category Viruses and Spyware
Type Trojan
Troj/Bckdr-QPP is a Trojan for the Windows platform.
When Troj/Bckdr-QPP is installed the following files are created:
<Temp>\e_4\console.fne
<Temp>\e_4\eAPI.fne
<Temp>\e_4\krnln.fnr
<Temp>\e_4\shell.fne
The file eAPI.fne is detected as Mal/Behav-010, shell.fne is detected as Troj/PWS-ANE and krnln.fnr is detected as AldHack.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpp.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpo.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbanhostaa.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/AOL-Buddy is an AOL password stealing Trojan.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojaolbuddy.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/RarMal-B is a family of malicious self-extracting RAR files, often seen in spam.
http://www.sophos.com/security/analyses/viruses-and-spyware/malrarmalb.html?_log_from=rss
Aliases Win32/Sality.gen
W32/Sality.dll
New Win32.s
Category Viruses and Spyware
Type Virus
W32/Sality-AM is a virus for the Windows platform.
The virus includes the functionality to download additional files from a remote location.
When first run, the virus may infect executables in the root folder, files on network shares, and files it may find based on the following registry locations:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
http://www.sophos.com/security/analyses/viruses-and-spyware/w32salityam.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/IEInject-A silently spawns an instance of Microsoft Internet Explorer and injects its own code into the running process.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojieinjecta.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-HVV has functionality to communicate with a remote internet site.
Troj/Agent-HVV copies itself to <Windows>\services.exe and creates the following registry entry to run itself on restart:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
services
<Windows>\services.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthvv.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/FakeVir-B is a family of Trojans for the Windows platform.
Members of Mal/FakeVir-B typically display fake spyware alerts in the system tray, attempting to lure the user into downloading and installing software from a remote location.
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakevirb.html?_log_from=rss
Name : Trojan-Downloader:W32/Agent.HSM
Type: Trojan-Downloader
Category: Malware
Platform: W32
Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Back to the Top
Additional Details
This trojan may be downloaded from a malicious website. It may also arrive as an e-mail attachment.
Known e-mail subjects associated with this malware are:
Really cool photos
Exclusive photos, you'll be happy
Spam: Great photos for you
Great photos for you
The best photos for you
http://www.f-secure.com/v-descs/trojan-downloader_w32_agent_hsm.shtml
Name : Trojan-Dropper:W32/Hoaxer.B
Detection Names : Trojan-Downloader.Win32.Hoaxer.a
Aliases : W32/Dorf.A!tr.dldr (Other)
TrojanDownloader:HTML/Renos.C (Microsoft)
Size: 333780
Type: Trojan-Dropper
Category: Malware
Summary
This type of trojan contains one or more malicious files, which it will secretly install on the system.
http://www.f-secure.com/v-descs/trojan-dropper_w32_hoaxer_b.shtml
Name : Trojan-Spy:W32/Goldun.RR
Detection Names : Trojan-Spy:W32/Goldun.RR
Trojan-Spy.Win32.Goldun.axt
Aliases : Trojan:Win32/Agent.PX (Microsoft)
TROJ_MEREDROP.GJ (Trend Micro)
Trojan.Goldun (Symantec)
Type: Trojan-Spy
Category: Malware
Summary
A type of trojan that includes a variety of spy programs and keyloggers.
http://www.f-secure.com/v-descs/trojan-spy_w32_goldun_rr.shtml
A new hacking tool circulating on the Internet allows malicious users to create fake YouTube pages designed to deliver malware.
The said tool, detected by Trend Micro as HKTL_FAKEYOUT, features a Spanish-language user-friendly console that a hacker could use to create a pair of Web pages that look eerily identical to legitimate YouTube pages.
More: http://blog.trendmicro.com/
Category Viruses and Spyware
Type Trojan
Troj/Doc-Zip is a family of zip files that contain malware.
Members of Troj/Doc-Zip are usually sent in spam pretending to contain information in an attached document, and the zip file containing the document is often password-protected.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdoczip.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbus.html?_log_from=rss
Alert ID : FrSIRT/ALRT-2008-05901
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-07
Description
W95/Chiton-F is a virus which may spread via network shares and by emailing itself via SMTP. The virus drops the dropper version of itself within the Windows folder as EXPIORER.EXE and changes entries in the registry at HKCR\comfile\shell\open\command, HKCR\pifile\shell\open\command and HKCR\exefile\shell\open\command so that the virus is run before files with the extensions COM, PIF or EXE.
http://www.sophos.com/security/analyses/viruses-and-spyware/w95chitonf.html
Alert ID : FrSIRT/ALRT-2008-05911
Aliases : Win32.HLLP.Dugert.a
Size : N/A
Rated as : Low Risk
Release Date : 2008-10-07
Description
W32/Dugert-A is a virus for the Windows platform, not including Windows 95, 95, ME or earlier. W32/Dugert-A infects executable files with an extension of EXE located on drives C: Z:.
References
http://www.sophos.com/security/analyses/viruses-and-spyware/w32dugerta.html
Category Viruses and Spyware
Type Trojan
Troj/PcClien-MJ is a component of malware that may log activity of an infected computer and send this information to others.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpcclienmj.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic