Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - September 6, 2009

by Marianna Schmudlach / September 6, 2009 12:11 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - September 6, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - September 6, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Banker-EUB
by Marianna Schmudlach / September 6, 2009 12:11 AM PDT
Collapse -
Troj/FakeAV-AAB
by Marianna Schmudlach / September 6, 2009 12:12 AM PDT
Collapse -
Dialer-185!658fd858a8e2
by Marianna Schmudlach / September 6, 2009 12:13 AM PDT

Type
Program
SubType
Dialer
Discovery Date
09/06/2009

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 227173eefaae2596328a8fce30ae76183a02f527.exe
McAfee Artemis Artemis!658fd858a8e2
McAfee Detection Dialer-185
Length 200,480 bytes
CRC 17B3A4C0
MD5 658FD858A8E23B4557DFE0B63236A6B3
SHA1 227173EEFAAE2596328A8FCE30AE76183A02F527

Other Common Detection Aliases

Company Name Detection Name
avast Win32:VB-MBN [Trj]
AVG (GriSoft) Dropper.Small.AQD (Trojan horse)
Avira TR/Dldr.VB.keh
BitDefender Trojan.Generic.2209620
clamav Trojan.Downloader-68836
Eset Win32/Injector.HO trojan (variant)
FortiNet Dial/InstantAccess
F-Prot w32/skintrim.a
Kaspersky not-a-virus:Porn-Dialer.Win32.InstantAccess.fwy
microsoft Trojan:Win32/Skintrim.gen!D [generic]
norman W32/Dialer.DUIC
rising Trojan.Win32.Skintrim.FT
Sophos InstantAccess (PUA)
Symantec Trojan.Skintrim
Trend Micro DIAL_INSTACCES
vba32 Trojan-Downloader.Win32.VB.keh
V-Buster Trojan.Skintrim.DKX (trojan)
Vet (Computer Associates)
Win32/SillyDl.HBM

Avert

Collapse -
TSPY_BANCOS.AEM
by Marianna Schmudlach / September 6, 2009 12:15 AM PDT

by Mary Bagtas (Anti-spam Research Engineer)

No one is absolutely safe from Influenza H1N1, not even world leaders.

This is the scenario painted by cybercriminals in their latest spam run. The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig Garc

Collapse -
FakeAV Generates Own Fake Malware Troj/FakeAV-AAB
by Marianna Schmudlach / September 6, 2009 12:17 AM PDT

September 6th, 2009 by CheeHui, SophosLabs AU

We?ve all seen FakeAV applications deliberately misreporting malware detection and encouraging the user to buy their ?products?. The slew of these fake anti-virus applications has been relentless. My colleague, Pete, has highlighted the importance of taking adequate measures to ensure that you do not fall for such scams.

This FakeAV ups the ante further.

Take a look at the following folder:


This is the typical My Documents folder for Windows. It shows the folder is by and large, empty with the exception of a few folders.

We now turn our attention to the FakeAV in question. When this particular Trojan (Troj/FakeAV-AAB) is executed, the following dialog box is displayed:

More: http://www.sophos.com/blogs/sophoslabs/

Collapse -
SpyCobra
by Marianna Schmudlach / September 6, 2009 12:19 AM PDT
Collapse -
Troj/Agent-LBL
by Marianna Schmudlach / September 6, 2009 3:01 PM PDT
Collapse -
Troj/FakeAV-AAC
by Marianna Schmudlach / September 6, 2009 3:02 PM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?