Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - September 2, 2008

by Marianna Schmudlach / September 1, 2008 3:06 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - September 2, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - September 2, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/PWS-ASX
by Marianna Schmudlach / September 1, 2008 3:07 PM PDT
Collapse -
W32/AutoRun-IR
by Marianna Schmudlach / September 2, 2008 12:22 AM PDT

Category Viruses and Spyware

Type Worm

W32/AutoRun-IR is a worm for the Windows platform that spreads via removable shared drives.

When run W32/AutoRun-IR copies itself to:

<Windows>\scvhost.exe
<Windows>\hinhem.scr
<System>\scvhost.exe
<System>\blastclnnn.exe

W32/AutoRun-IR also creates the files:
<System>\autorun.ini - detected as W32/SillyFDC-AU

W32/AutoRun-IR also schedules a job in <Windows>\Tasks so that the worm is run at a particular time daily.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunir.html?_log_from=rss

Collapse -
Troj/FakeVir-FJ
by Marianna Schmudlach / September 2, 2008 12:24 AM PDT
Collapse -
Troj/Drop-AP
by Marianna Schmudlach / September 2, 2008 12:25 AM PDT
Collapse -
Troj/Agent-HNW
by Marianna Schmudlach / September 2, 2008 12:26 AM PDT
Collapse -
W32/Lewor-Gen
by Marianna Schmudlach / September 2, 2008 12:27 AM PDT
Collapse -
Troj/StartP-BM
by Marianna Schmudlach / September 2, 2008 12:28 AM PDT
Collapse -
Troj/Rootkit-DN
by Marianna Schmudlach / September 2, 2008 12:29 AM PDT
Collapse -
Troj/HkDla-Gen
by Marianna Schmudlach / September 2, 2008 12:31 AM PDT
Collapse -
Troj/Dropr-Z
by Marianna Schmudlach / September 2, 2008 12:32 AM PDT
Collapse -
Troj/Agent-HNX
by Marianna Schmudlach / September 2, 2008 12:33 AM PDT
Collapse -
ClickSpring
by Marianna Schmudlach / September 2, 2008 12:34 AM PDT

Category Adware or PUA

Type Adware

ClickSpring is an adware application.

ClickSpring is often installed as part of the installation for adware supported software such as PurityScan and MediaTickets.

ClickSpring usually consists of an executable component and a DLL component.

The DLL component is usually installed to the Windows system folder as ndrv.dll or using a variable filename with an extension of "DLL". When the ClickSpring executable is first run it typically copies itself to the <User>\Application Data folder using a preconfigured or randomly generated filename with the hidden, system and read-only attributes set, however some versions of the ClickSpring executable copy themselves to the Windows folder, the system folder or a new sub-folder of the Program Files folder. Known preconfigured filenames include opar.exe, mnee.exe, uko?.exe and ru.exe. When ClickSpring is installed one or more of the following files may be created:


http://www.sophos.com/security/analyses/adware-and-puas/clickspring.html?_log_from=rss

Collapse -
TROJ_FAKEAV.IG
by Marianna Schmudlach / September 2, 2008 12:37 AM PDT

Description:
This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web site(s). It creates registry entry(ies) to enable its automatic execution at every system startup. It creates a registry entry to modify the system?s desktop screensaver. It also modifies the system?s desktop wallpaper to display the following:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FFAKEAV%2EIG

Collapse -
Virus authors hone in on online gamers
by Marianna Schmudlach / September 2, 2008 12:57 AM PDT

2 September 2008

Just because the trojan recently discovered at the International Space Station mainly attempts to steal access data for online games does not mean that astronauts play such games in their free time. But it does mean that virus authors are increasingly focusing on those who play what are called Massively Multi-Player Online Role-Playing Games (MMPORG), such as Lineage and World of Warcraft (WoW). As a result, trojans that steal passwords are now found just about everywhere. Figures published by anti-virus vendors support this conclusion.

In July, the contaminant Win32/PSW.OnLineGames came in first, at 13 per cent in the detection statistics ? PDF ? published by NOD32 vendor Eset. Symantec says that a stolen WoW account is currently worth $10, far more than a valid credit card, which will only get you 50 cents in the underworld. 5 per cent of gamers have reportedly already fallen prey to an attack based on trojans or to phishing.

More: http://www.heise-online.co.uk/security/Virus-authors-hone-in-on-online-gamers--/news/111448

Collapse -
Zlob sites: update
by Marianna Schmudlach / September 2, 2008 12:59 AM PDT
Collapse -
Troj/Small-EME
by Marianna Schmudlach / September 2, 2008 3:22 AM PDT

Aliases Trojan.Win32.Small.xtm

Category Viruses and Spyware

Type Trojan


Troj/Small-EME is a Trojan for the Windows platform.

Troj/Small-EME includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Small-EME copies itself to <User>\Application Data\Adobe\Manager.exe and creates the following files:

<User>\Application Data\Microsoft\Network\Downloader\qmgr0.dat
<User>\Application Data\Microsoft\Network\Downloader\qmgr1.dat

The following registry entry is created to run Manager.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Run
<User>\Application Data\Adobe\Manager.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmalleme.html?_log_from=rss

Collapse -
Troj/FakeAle-GR
by Marianna Schmudlach / September 2, 2008 3:23 AM PDT
Collapse -
Troj/FakeAle-GQ
by Marianna Schmudlach / September 2, 2008 3:24 AM PDT
Collapse -
Mal/EncPk-ES
by Marianna Schmudlach / September 2, 2008 3:26 AM PDT
Collapse -
Troj/PDFex-Q
by Marianna Schmudlach / September 2, 2008 3:33 AM PDT
Collapse -
Troj/Dloadr-BRV
by Marianna Schmudlach / September 2, 2008 3:34 AM PDT
Collapse -
Troj/Banloa-FW
by Marianna Schmudlach / September 2, 2008 3:35 AM PDT
Collapse -
Troj/Banker-ENB
by Marianna Schmudlach / September 2, 2008 3:37 AM PDT
Collapse -
Troj/Agent-HNZ
by Marianna Schmudlach / September 2, 2008 3:38 AM PDT
Collapse -
Troj/Agent-HNY
by Marianna Schmudlach / September 2, 2008 3:39 AM PDT
Collapse -
JS.Posmonk
by Marianna Schmudlach / September 2, 2008 3:41 AM PDT
Collapse -
Troj/Agent-HOA
by Marianna Schmudlach / September 2, 2008 6:40 AM PDT
Collapse -
Troj/FakeAV-CQ
by Marianna Schmudlach / September 2, 2008 8:34 AM PDT
Collapse -
Troj/ExePage-A
by Marianna Schmudlach / September 2, 2008 8:35 AM PDT
Collapse -
Troj/Dloadr-BRX
by Marianna Schmudlach / September 2, 2008 8:36 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.