HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - September 17, 2009

by Marianna Schmudlach / September 17, 2009 12:11 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - September 17, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - September 17, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Banker-EUI
by Marianna Schmudlach / September 17, 2009 12:12 AM PDT
Collapse -
Troj/Banker-EUJ
by Marianna Schmudlach / September 17, 2009 12:12 AM PDT
Collapse -
Troj/Bredo-G
by Marianna Schmudlach / September 17, 2009 12:13 AM PDT
Collapse -
Troj/FakeAV-ABI
by Marianna Schmudlach / September 17, 2009 12:14 AM PDT
Collapse -
Troj/Mdrop-CFU
by Marianna Schmudlach / September 17, 2009 12:14 AM PDT
Collapse -
Troj/Mdrop-CFV
by Marianna Schmudlach / September 17, 2009 12:15 AM PDT
Collapse -
Bat/Autorun-ARA
by Marianna Schmudlach / September 17, 2009 12:16 AM PDT
Collapse -
Troj/ASFDldr-D
by Marianna Schmudlach / September 17, 2009 12:17 AM PDT
Collapse -
Troj/Turko-A
by Marianna Schmudlach / September 17, 2009 12:18 AM PDT
Collapse -
Troj/FakeAV-ABB
by Marianna Schmudlach / September 17, 2009 12:19 AM PDT
Collapse -
Troj/FakeAV-ABA
by Marianna Schmudlach / September 17, 2009 12:20 AM PDT
Collapse -
Troj/FakeAV-AAZ
by Marianna Schmudlach / September 17, 2009 12:20 AM PDT
Collapse -
Troj/DwnLdr-HWP
by Marianna Schmudlach / September 17, 2009 12:21 AM PDT
Collapse -
Troj/Agent-LEF
by Marianna Schmudlach / September 17, 2009 12:22 AM PDT
Collapse -
Mal/Pigeo-D
by Marianna Schmudlach / September 17, 2009 12:23 AM PDT
Collapse -
Troj/MDrop-CFT
by Marianna Schmudlach / September 17, 2009 12:24 AM PDT
Collapse -
Troj/Agent-LEG
by Marianna Schmudlach / September 17, 2009 12:24 AM PDT
Collapse -
PersonalAntivirus
by Marianna Schmudlach / September 17, 2009 12:26 AM PDT

Updated: September 17, 2009 12:23:39 PM
Type: Misleading Application
Name: Personal Antivirus
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior
PersonalAntivirus is a misleading application that may give exaggerated reports of threats on the computer.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-091711-2257-99

Collapse -
Troj/FakeAV-ABD.
by Marianna Schmudlach / September 17, 2009 12:27 AM PDT

Fake Online AV Scanner Installs Fake AV

Today, SophosLabs witnessed a bogus website with a fake online AntiAdware scanner. When the website is accessed, it executes embedded javascript within the webpage. This script will cause the victim?s computer to display a fake progress bar pretending to scan the victim?s computer. After some time, a warning popup message appears and alerts the victim?s computer that it was infected by several spyware and viruses. It subsequently provides a link for the victim which when clicked will initiate a file download named Setup.exe. This file is malicious and is detected by SophosLabs as Troj/FakeAV-ABD. Access to the website has also been blocked in the Sophos Web Appliance.

More: http://www.sophos.com/blogs/sophoslabs/

Collapse -
J2ME/Hoaxer.B
by Marianna Schmudlach / September 17, 2009 12:29 AM PDT

Type
Trojan
SubType
PDA Device
Discovery Date
09/17/2009

Overview -

J2ME/Hoaxer.B is distributed in 3 JAR files named �EkskluzivE.jar�, �EXtreemSEXX.jar� and �SEXXzvezda.jar�. The JAR files contain the identical class files and differ only in images, configuration files and the contents of the MANIFEST.MF file.
Characteristics
Characteristics -

J2ME/Hoaxer.B user interface is in the Russian language. If user selects clicks the �Регистрация� (�Register�) menu item, an SMS message will be sent out with the contents �arhimed 40� to the number 4460.
Symptoms
Symptoms -

* Attempts to send out SMS messages to premium rate numbers.
* The Java Virtual Machine(JVM) on a device may prompt the user to allow the sending of SMS messages.
* Sent SMS messages may be listed in call logs.

More: http://vil.nai.com/vil/content/v_231354.htm

Collapse -
J2ME/Hoaxer.C
by Marianna Schmudlach / September 17, 2009 12:30 AM PDT

Type
Trojan
SubType
PDA Device
Discovery Date
09/17/2009

Overview -

J2ME/Hoaxer.C is a trojan which attempts to send SMS message to preset numbers. It is distributed in 3 JAR files named "freegprs.jar", "pomoshnik.jar" and "SEXXmaloletok111.jar".
Characteristics
Characteristics -

J2ME/Hoaxer.C user interface is in the Russian language. If user selects clicks the "

Регистрация� (�Register�) menu item and selects the country as "Россия" ("Russia"), an SMS message will be sent out. The number and contents are defined in the file named "main.cfg".
Symptoms
Symptoms -

*

Attempts to send out SMS messages to premium rate numbers.
*

The Java Virtual Machine(JVM) on a device may prompt the user to allow the sending of SMS messages.
*

Sent SMS messages may be listed in call logs.

More: http://vil.nai.com/vil/content/v_231392.htm

Collapse -
Keylog-Ardamax.dr!50520f1c962c
by Marianna Schmudlach / September 17, 2009 12:31 AM PDT

Type
Program
SubType
Keylogger
Discovery Date
09/17/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 6c856556c54fc6c295998b8e847ab657069c0652.exe
McAfee Artemis Artemis!50520f1c962c
McAfee Detection Keylog-Ardamax.dr
Length 495,817 bytes
CRC 4D4895DC
MD5 50520F1C962CA9DC38E10B09189E03D7
SHA1 6C856556C54FC6C295998B8E847AB657069C0652

Other Common Detection Aliases

Company Name Detection Name
avast Win32:Ardamax-BZ [Trj]
AVG (GriSoft) PSW.Generic2.XFM (Trojan horse)
Avira ADSPY/Dropper.Ardamax.Gen
BitDefender Spyware.Monitor.Ardamax.D
clamav Trojan.Spy.Ardamax-25
Eset Win32/KeyLogger.Ardamax.NAA (application)
FortiNet W32/Ardamax.E!tr.spy
F-Prot W32/Trojan.RQL
Kaspersky Trojan-Spy.Win32.Ardamax.e
microsoft trojanspy:win32/ardamax.e
norman w32/ardamax.btk
panda Generic Malware
rising Trojan.Spy.Ardamax.od
Sophos Ardamax Installer (PUA)
Symantec Suspicious.MH690.A
Trend Micro TROJ_MALLEL.A
vba32 Trojan-Spy.Win32.Ardamax.e
V-Buster TrojanSpy.Ardamax.J (trojan)
Vet (Computer Associates)
Win32/Ardamax!generic

Avert

Collapse -
Generic Toolbar.b!39ae151f5371
by Marianna Schmudlach / September 17, 2009 12:31 AM PDT

Type
Program
SubType
Tool
Discovery Date
09/17/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Avert

Collapse -
Dialer-185!889caa2a2947
by Marianna Schmudlach / September 17, 2009 12:32 AM PDT

Type
Program
SubType
Dialer
Discovery Date
09/17/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName df43b6bb533e1644a3d7e7935c38b56b817e142c.exe
McAfee Artemis Artemis!889caa2a2947
McAfee Detection Dialer-185
Length 184,360 bytes
CRC D4E05639
MD5 889CAA2A29472E8D8281484897E4A436
SHA1 DF43B6BB533E1644A3D7E7935C38B56B817E142C

Other Common Detection Aliases

Company Name Detection Name
avast Win32:VB-MBN [Trj]
AVG (GriSoft) Dropper.Small.AQD (Trojan horse)
Avira TR/Dldr.VB.keh
BitDefender Trojan.Generic.2180467
clamav Trojan.Downloader-68836
Eset Win32/Injector.HO trojan (variant)
FortiNet Dial/InstantAccess
F-Prot w32/skintrim.a
microsoft Trojan:Win32/Skintrim.gen!D [generic]
norman W32/Dialer.DUIC
rising Trojan.Win32.Skintrim.FT
Sophos InstantAccess (PUA)
Symantec Trojan.Skintrim
Trend Micro DIAL_INSTACCES
vba32 Trojan-Downloader.Win32.VB.keh
V-Buster Trojan.Skintrim.DKX (trojan)
Vet (Computer Associates)
Win32/SillyDl.HBM

Avert

Collapse -
Adware-TryMedia!f517e35388ae
by Marianna Schmudlach / September 17, 2009 12:33 AM PDT

Type
Program
SubType
Adware
Discovery Date
09/17/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName Unavailable
McAfee Artemis Artemis!f517e35388ae
McAfee Detection Adware-TryMedia
Length 140,616 bytes
CRC 9B834B11
MD5 f517e35388ae7b8e6cbf0c6234554b3f
SHA1 A3E609B179DE9B311C207B3AC1A385C609C45E9E

Other Common Detection Aliases

Company Name Detection Name
Avira GAME/Dldr.TryMedia.Gen
Eset Win32/Adware.Trymedia (application)
FortiNet Adware/Trymedia
F-Prot W32/Trymedia.A.gen!Eldorado
Trend Micro HeurSpy_Trymed
V-Buster Adware.Trymedia.E (trojan)
Vet (Computer Associates)
Win32/Trymedia!Adware

Avert

Collapse -
Dialer-185!74e1ce45a2a7
by Marianna Schmudlach / September 17, 2009 12:34 AM PDT

Type
Program
SubType
Dialer
Discovery Date
09/17/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 945ad900257ce9e3daf970452059038873c1b7d5.exe
McAfee Artemis Artemis!74e1ce45a2a7
McAfee Detection Dialer-185
Length 200,544 bytes
CRC 393EA773
MD5 74E1CE45A2A7D4059CECAFB6C460991D
SHA1 945AD900257CE9E3DAF970452059038873C1B7D5

Other Common Detection Aliases

Company Name Detection Name
avast Win32:VB-MBN [Trj]
AVG (GriSoft) Dropper.Small.AQD (Trojan horse)
Avira TR/Dldr.VB.keh
BitDefender Trojan.Generic.2208263
clamav Trojan.Downloader-68836
Eset Win32/Injector.HO trojan (variant)
FortiNet Dial/InstantAccess
F-Prot w32/skintrim.a
Kaspersky not-a-virus:Porn-Dialer.Win32.InstantAccess.fxg
microsoft Trojan:Win32/Skintrim.gen!D [generic]
norman W32/Dialer.DUIC
rising Trojan.Win32.Skintrim.FT
Sophos InstantAccess (PUA)
Symantec Trojan.Skintrim
Trend Micro DIAL_INSTACCES
vba32 Trojan-Downloader.Win32.VB.keh
V-Buster Trojan.Skintrim.DKX (trojan)
Vet (Computer Associates)
Win32/SillyDl.HBM

Avert

Collapse -
Mal/Bredo-A
by Marianna Schmudlach / September 17, 2009 12:35 AM PDT
Collapse -
W32/AutoRun-ARE
by Marianna Schmudlach / September 17, 2009 1:41 AM PDT

Category

* Viruses and Spyware

Type

* Worm


How it spreads

* Removable storage devices

Affected operating systems Windows
Characteristics

* Drops more malware
* Installs itself in the registry


W32/AutoRun-ARE spreads by copying itself to removable devices with hidden, system and read-only attributes. W32/AutoRun-ARE creates autorun.inf in the root folder of the removable device which is detected as Mal/AutoInf-C.

W32/AutoRun-ARE copies itself to <Documents and Settings>\<name>\<name>.exe where <name> can vary, eg "user", "support", etc. W32/AutoRun-ARE creates the following entry in the registry to run itself on system restart:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
<name>
<Documents and Settings>\<name>\<name>.exe

W32/AutoRun-ARE also sets the following registry entry to change the explorer display options for hidden files:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunare.html?_log_from=rss

Collapse -
W32/Autorun-ARD
by Marianna Schmudlach / September 17, 2009 1:42 AM PDT
Collapse -
Troj/KillAV-GA
by Marianna Schmudlach / September 17, 2009 1:43 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.