Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - September 24, 2008

by Marianna Schmudlach / September 23, 2008 12:04 PM PDT
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - September 24, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - September 24, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Autorun-JY
by Marianna Schmudlach / September 23, 2008 12:05 PM PDT
Collapse -
W32/Autorun-JX
by Marianna Schmudlach / September 23, 2008 12:06 PM PDT
Collapse -
Troj/Bckdr-QPJ
by Marianna Schmudlach / September 23, 2008 12:07 PM PDT
Collapse -
Troj/Agent-HSL
by Marianna Schmudlach / September 23, 2008 12:08 PM PDT
Collapse -
Trojan-Downloader:W32/Agent.HPS
by Marianna Schmudlach / September 23, 2008 3:22 PM PDT

Name : Trojan-Downloader:W32/Agent.HPS
Detection Names : Trojan.Win32.Agent.aejy

Type: Trojan-Downloader
Category: Malware
Platform: W32

Summary
Trojan-downloaders attempt to download and install new malware, spyware, or adware on the targeted computer. No graphical user interface can be seen; it will run in the background.
Back to the Top



Additional Details
This file will copy itself to:


\system32\rs32net.exe

It creates a process as svchost.exe.

http://www.f-secure.com/v-descs/trojan-downloader_w32_agent_hps.shtml

Collapse -
Troj/Agent-HSM
by Marianna Schmudlach / September 23, 2008 3:27 PM PDT
Collapse -
W32/Brontok-DW
by Marianna Schmudlach / September 24, 2008 12:38 AM PDT
Collapse -
W32/AutoRun-KA
by Marianna Schmudlach / September 24, 2008 12:39 AM PDT
Collapse -
Troj/PWS-ATV
by Marianna Schmudlach / September 24, 2008 12:40 AM PDT
Collapse -
Troj/Dwnlh-Gen
by Marianna Schmudlach / September 24, 2008 12:41 AM PDT
Collapse -
W32/Sality-AM
by Marianna Schmudlach / September 24, 2008 12:42 AM PDT

Aliases Win32/Sality.gen
W32/Sality.dll
New Win32.s

Category Viruses and Spyware

Type Virus

W32/Sality-AM is a virus for the Windows platform.

The virus includes the functionality to download additional files from a remote location.

When first run, the virus may infect executables in the root folder, files on network shares, and files it may find based on the following registry locations:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

http://www.sophos.com/security/analyses/viruses-and-spyware/w32salityam.html?_log_from=rss

Collapse -
Troj/Zlob-AOM
by Marianna Schmudlach / September 24, 2008 12:43 AM PDT
Collapse -
Troj/Dloadr-BTS
by Marianna Schmudlach / September 24, 2008 12:44 AM PDT
Collapse -
Troj/Clicker-EZ
by Marianna Schmudlach / September 24, 2008 12:45 AM PDT
Collapse -
Troj/Agent-HSN
by Marianna Schmudlach / September 24, 2008 12:46 AM PDT
Collapse -
Mal/AutoInf-A
by Marianna Schmudlach / September 24, 2008 12:47 AM PDT
Collapse -
W32.Auraax
by Marianna Schmudlach / September 24, 2008 1:46 AM PDT
Collapse -
W32.Auraax
by mbt124 / December 13, 2008 11:04 AM PST
In reply to: W32.Auraax

Can anyone help me restore my settings...my auto-protect scan indicated a threat of W32.Auraax

Collapse -
Give the following a try........
by Marianna Schmudlach / December 13, 2008 11:16 AM PST
In reply to: W32.Auraax

Please download Malwarebytes Anti-Malwareand save it to your desktop.
alternate download link 1
alternate download link 2

* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates,
manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top.
It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully.
Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Did it help?

Collapse -
Question
by mbt124 / December 13, 2008 12:49 PM PST

Will I be able to get the opening screen to go back to normal with the windows task bar and start button by doing this...

Collapse -
Thank you!
by mbt124 / December 13, 2008 1:31 PM PST

Yes!
This helped me get back to all my opening screen settings!
Thank you ever so much for your help!
Happy Holiday! You have certainly given me a great gift!
MT

Collapse -
Great Job !
by Marianna Schmudlach / December 13, 2008 2:13 PM PST
In reply to: Thank you!

Glad to hear you fixed your problem Happy

You Are Very Welcome and Happy Holidays to You Too !

Collapse -
Scaning now!
by mbt124 / December 13, 2008 11:58 AM PST
In reply to: W32.Auraax

Thank you! Before I received your message I started a scan with my Symantec AntiVirus and did find the source of the W32.Auraax...an email from UPS_letter which caused the issue. My scan is not complete...it has indicated that action taken was quarantine and that the quarantine was successful. Maybe this will solve everything. I will reboot the scan is complete and see if I am back to normal. I am affraid that I may have to reinstall XP because it has been infected. Any thoughts or suggestions?

Collapse -
W32/AutoRun-KE
by Marianna Schmudlach / September 24, 2008 2:48 AM PDT
Collapse -
W32/AutoRun-KD
by Marianna Schmudlach / September 24, 2008 2:49 AM PDT
Collapse -
Troj/FakeAV-DX
by Marianna Schmudlach / September 24, 2008 2:50 AM PDT
Collapse -
Troj/Agent-HSP
by Marianna Schmudlach / September 24, 2008 2:51 AM PDT
Collapse -
Troj/Agent-HSO
by Marianna Schmudlach / September 24, 2008 2:52 AM PDT
Collapse -
Troj/Inject-CY
by Marianna Schmudlach / September 24, 2008 6:02 AM PDT
Collapse -
Troj/FakeAle-GZ
by Marianna Schmudlach / September 24, 2008 6:03 AM PDT

Aliases FakeAlert-AB.gen.a

Category Viruses and Spyware

Type Trojan

Troj/FakeAle-GZ is a Trojan for the Windows platform.

Troj/FakeAle-GZ includes functionality to download, install and run new software.

When Troj/FakeAle-GZ is installed the following files are created:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
<Desktop>\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Antivirus 2009.lnk
<User>\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
<Root>\Recycled\info2
<System>\ieupdates.exe
<System>\scui.cpl

Registry entries are set as follows:

HKCU\Software\A9502002EF938A5BCE6A8BDDBB1CF811\Options
pPath
<pathname of the Trojan executable>

HKLM\SOFTWARE\Microsoft\Internet Explorer
UserSession
A9502002EF938A5BCE6A8BDDBB1CF811

Registry entries are created under:

HKCU\Software\A9502002EF938A5BCE6A8BDDBB1CF811\Options

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealegz.html?_log_from=rss

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?