Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - October 8, 2009

Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - October 8, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mal/FakeAV-BK

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Category

* Viruses and Spyware

Type

* Malicious Behavior


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Mal/FakeAV-BK is an application for the Windows platform that exhibits malicious behaviour.

Mal/FakeAV-BK is a fake security application that fraudulently reports a users system as infected and will not clean up these fraudulent reports until the users pays and registers the application.

http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavbk.html?_log_from=rss

Collapse -
Troj/Agent-LJM

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Agent-LJN

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Bckdr-QZK

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Bckdr-QZL

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/BredoZp-K

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/DwnLdr-HXH

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Iframe-DC

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Mdrop-CGV

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Baidu

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Aliases

* Trojan-Clicker.Win32.VB.pn

Category

* Adware or PUA

Type

* Adware


How it spreads

* Web browsing
* Web downloads

Affected operating systems Windows

Baidu is an adware application which displays advertising popups when the browser is active.

Baidu may be installed as part of the installation for other software, such as shareware or freeware downloaded from the internet. Baidu can arrive as a result of web browsing. Visiting certain web sites may initiate the download process. Certain web pages may exploit vulnerabilities associated with Microsoft Internet Explorer to silently download and install/run the application without user interaction.

Baidu includes functionality to silently download, install and run new software, including updates of its software.

When Baidu is installed the following files are typically created:

<System>\3F56BE3E.exe
<System>\A49C5B74.exe

http://www.sophos.com/security/analyses/adware-and-puas/baidu.html

Collapse -
Troj/FakeAV-AEY

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Zbot-IQ

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Agent-LJJ

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Mal/Imgo-A

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Aliases

* Trojan-Downloader.Win32.Agent.cory
* Trojan-Downloader.Win32.Agent.ayix
* Trojan-Downloader.Win32.Agent.cipf
* TrojanDownloader:Win32/Troxen!rts

Category

* Viruses and Spyware

Type

* Malicious Behavior


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Mal/Imgo-A is a malicious executable file for the Windows platform.

Mal/Imgo-A often pretends to "Adobe Acrobat SpeedLauncher" and may copy itself to <User Profile>\Application Data\Adobe\reader_sl.exe, setting the following registry entry to run itself on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
<User Profile>\Application Data\Adobe\reader_sl.exe

Mal/Imgo-A usually sends information about the infected computer to remote websites, and can list, kill or start processes and download or upload files if instructed to do so.

Mal/Imgo-A typically contacts a remote, often compromised, website and looks for hidden instructions that tell it from where it should download and execute further files.

http://www.sophos.com/security/analyses/viruses-and-spyware/malimgoa.html?_log_from=rss

Collapse -
Avert Labs Low-Profiled Threat Notice: Generic Dropper.js

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Notice
This is a Low-Profiled Threat Notice for Generic Dropper.js

Justification
Generic Dropper.js has been deemed Low-Profiled due to media attention at
http://www.theregister.co.uk/2009/10/06/scareware_skype/

Read About It
Information about Generic Dropper.js is located on VIL at:
http://vil.nai.com/vil/content/v_209519.htm

Detection
Generic Dropper.js was first discovered on August 22,2009,and updated coverage will be available in 5758 dat files (Release Date : October 1, 2009)

If you suspect you have Generic Dropper.js, please submit a sample to <http://www.webimmune.net>

Collapse -
W32.SillyFDC.BDC

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
AL/Bursted-Fam

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Category

* Viruses and Spyware

Type

* Virus


How it spreads

* Infected files

Affected operating systems

* Windows
* Unix


AL/Bursted-Fam is a family of AutoCAD LISP (AutoLISP) virus. If an infected
file is received as ACAD.LSP and an AutoCAD Drawing is loaded from the same
folder the virus becomes resident within AutoCAD.

AL/Bursted-Fam edits the existing global ACAD.LSP or creates one to load
itself at AutoCAD startup from another LSP file in the same folder.

When an AutoCAD drawing (DWG file) is editted an ACAD.LSP will be created in
the same folder as the drawing.

http://www.sophos.com/security/analyses/viruses-and-spyware/alburstedfam.html?_log_from=rss

Collapse -
Mal/ObfJS-CK

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Agent-LHX

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Agent-LID

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows
Characteristics

* Installs itself in the registry


Troj/Agent-LID is a Trojan for the Windows platform.

Troj/Agent-LID runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run Troj/Agent-LID copies itself to <Windows>\raidhost.exe and creates the file <System>\YoItzVlad.tmp.

The following registry entry is created to run raidhost.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
raidhost
raidhost.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlid.html?_log_from=rss

Collapse -
Troj/Agent-LJO

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/FakeAV-AFA

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Category

* Viruses and Spyware

Type

* Trojan


Affected operating systems Windows

Troj/FakeAV-AFA is a Trojan for the Windows platform.

When the Troj/FakeAV-AFA is installed the following files are created:

<User>\Application Data\seres.exe
<User>\Application Data\svcst.exe

The following registry entries are created to run svcst.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mserv
<User>\Application Data\svcst.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svchost
<User>\Application Data\svcst.exe

Registry entries are set as follows:

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavafa.html?_log_from=rss

Collapse -
Troj/PDFex-CE

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/PDFex-CF

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/PDFJs-DR

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Spy-EA

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
EtherFlood

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Mal/Behav-354

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Mal/EncPk-KS

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Collapse -
Troj/Agent-LJP

In reply to: VIRUS \ SPYWARE ALERTS - October 8, 2009

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.