 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
W32/Autorun-LE
Category Viruses and Spyware
Type Worm
W32/Autorun-LE drops the following files:
- <System>\explorer.dll - detected as Troj/SpyAT
- <System>\ms_tcp.dll - detected as Troj/Agent-HMB
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunle.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeygengen.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeaven.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbve.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdooraol.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwf.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlf.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwh.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwg.html?_log_from=rss
Discovered: October 9, 2008
Updated: October 9, 2008 11:29:18 AM
Type: Trojan, Virus
Packed.Generic.189 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100911-0549-99
Discovered: October 9, 2008
Updated: October 9, 2008 11:31:49 AM
Type: Trojan, Virus
Packed.Generic.190 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100911-1708-99
9 October 2008
Recently there has been quite a bit of noise about attacks involving a technique dubbed ?Clickjacking?. The tale starts back in September when a talk planned for the OWASP conference was pulled at the last minute, due to concerns about disclosing details of the attack [1, 2].
The combination of the cancelled talk and scant attack details was sufficient to pique the interest of many, and speculation over the last few weeks about how the attack worked has been rife [3,4,5]. Earlier this week, the cat escaped its bag - a proof of concept demonstration of the attack was released [6]. Since then, the original researchers have published full details [7,
.
So, exactly what is clickjacking? And what can you do to prevent being hit by it?
More: http://www.sophos.com/security/blog/2008/10/1850.html
Category Viruses and Spyware
Type Trojan
Troj/Pushdo-X is a Trojan for the Windows platform.
When Troj/Pushdo-X is installed it creates the file <System>\drivers\ati7xbxx.sys, which is detected as Troj/Pushu-Gen.
The file ati7xbxx.sys is registered as a new system driver service named "ati7xbxx". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\ati7xbxx
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Minimal\ati7xbxx.sys
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Network\ati7xbxx.sys
HKLM\SYSTEM\ControlSet002\Services\ati7xbxx
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpushdox.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebb.html?_log_from=rss
Aliases VirTool:Win32/DelfInject.gen!AF
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BVG is a downloader Trojan for the Windows platform.
When first run Troj/Dloadr-BVG copies itself to <Windows>\service.exe with the hidden, system and read-only attributes set and creates the following registry entries to run service.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Messenger Service
service.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Messenger Service
service.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Messenger Service
service.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwn.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwm.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-HWL is a Trojan for the Windows platform.
When first run Troj/Agent-HWL copies itself to <System>\qq.exe and creates the file <Root>\bot.txt.
The file QQ.exe is registered as a new system driver service named "windows XP", with a display name of "windows XP" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\windows XP
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwl.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwk.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwj.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavi.html?_log_from=rss
Category Adware or PUA
Type Adware
Adzgalore is an adware plugin for Microsoft Internet Explorer.
When the application is installed the following files are created:
<System>\cont_adzgalore-remove.exe
<System>\nsxB.dll
The file nsxB.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}
HKCR\CLSID\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore
Adzgalore provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Contextual Tool Adzgalore".
http://www.sophos.com/security/analyses/adware-and-puas/adzgalore.html?_log_from=rss
Detection Names : Trojan-Downloader:W32/Tibs.VX
Trojan-Downloader.Win32.Agent.ajbg
Aliases : TrojanDownloader:Win32/Tibs (Microsoft)
Size: 14336
Type: Trojan-Downloader
Category: Malware
Platform: W32
Summary
This malware downloads files into the system and executes them.
http://www.f-secure.com/v-descs/trojan-downloader_w32_tibs_vx.shtml
Discovered: October 9, 2008
Updated: October 9, 2008 6:41:07 PM
Type: Virus
W32.Bluven is a worm that infects all document files on the compromised computer and attempts to spread through removable devices.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100917-1214-99
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic