Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - September 11, 2008

Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - September 11, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - September 11, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/DwnLdr-HHR

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Agent-HQF

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
WM97/Mdrop-BVP

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
W32/AutoRun-JD

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Category Viruses and Spyware

Type Worm

W32/AutoRun-JD is a worm for the Windows platform.

When run W32/AutoRun-JD copies itself to <Root>\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe and sets the following registry entry:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}
StubPath
<Root>\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe

W32/AutoRun-JD spreads by copying itself to <Root>\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe on the removable drive and creating the file <Root>\autorun.inf (also detected as W32/AutoRun-JD) to run the worm.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunjd.html?_log_from=rss

Collapse -
Mal/Zlob-Z

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Dloadr-BSQ

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Dldr-N

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Mal/Heuri-E

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Mal/Emogen-G

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Rootkit-DP

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/FakeAle-HF

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Dloadr-BSR

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Agent-HQG

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Mal/JsSwfDlr-A

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Mal/FakeAV-E

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Generic Spy.e

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Trojan
SubType Spyware

Characteristics -

When executed, spyware trojans run sliently in the background monitoring the victim's activity on the infected computer and record all or specific pre-defined data.

Recorded information could include the following:

Instant messenger chat logs Information on websites visited User names and passwords for instant messenger software or other software Screen shots of user's entire desktop taken at regular intervals User information for banking related websites and e-commerce websites like paypal Information on file & folder activity. This could include information on files created, opened etc Emails composed by the victimThe recorded information is usually hidden on the victim's machine, meant for later retrieval.
It can also be uploaded to a pre-determined website or emailed to the attacker, as configured by him/her earlier.

http://vil.mcafeesecurity.com/vil/content/v_140301.htm

Collapse -
Generic.dx!75C28C70

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Trojan

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

http://vil.mcafeesecurity.com/vil/content/v_149750.htm

Collapse -
BackDoor-DNP!80F0CFB4

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Trojan

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

http://vil.mcafeesecurity.com/vil/content/v_149992.htm

Collapse -
PWS-Mmorpg.gen!F8606CA5

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Trojan

SubType Password

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


http://vil.mcafeesecurity.com/vil/content/v_149997.htm

Collapse -
W32/Porex.e!E174A5CE

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Virus

SubType File Infector

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

http://vil.mcafeesecurity.com/vil/content/v_149993.htm

Collapse -
Generic PUP.x!1FE7683A

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Program

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Cleaner2009

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
PWS-Gamania.gen.a!F681950D

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Type Trojan

SubType Password

Overview -

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

http://vil.mcafeesecurity.com/vil/content/v_150008.htm

Collapse -
W32/Rbot-GXA

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/FakeAV-DE

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/FakeAV-DD

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Aliases not-a-virus:FraudTool.Win32.XPSecurityCenter.ao
TROJ_DLOADR.HQ
Generic FakeAlert.d

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-DD includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/FakeAV-DD changes settings for Microsoft Internet Explorer, including search settings, by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavdd.html?_log_from=rss

Collapse -
Troj/FakeAle-HG

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Delf-FBC

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
Troj/Agent-HQH

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Collapse -
W32/Rbot-GXA

In reply to: VIRUS \ Spyware ALERTS - September 11, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.