Spyware, Viruses, & Security forum

General discussion

VIRUS \ SPYWARE ALERTS - September 6, 2009

by Marianna Schmudlach / September 6, 2009 12:11 AM PDT
Discussion is locked
You are posting a reply to: VIRUS \ SPYWARE ALERTS - September 6, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ SPYWARE ALERTS - September 6, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Marianna Schmudlach / September 6, 2009 12:11 AM PDT
Collapse -
by Marianna Schmudlach / September 6, 2009 12:12 AM PDT
Collapse -
by Marianna Schmudlach / September 6, 2009 12:13 AM PDT

Discovery Date

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName 227173eefaae2596328a8fce30ae76183a02f527.exe
McAfee Artemis Artemis!658fd858a8e2
McAfee Detection Dialer-185
Length 200,480 bytes
CRC 17B3A4C0
MD5 658FD858A8E23B4557DFE0B63236A6B3
SHA1 227173EEFAAE2596328A8FCE30AE76183A02F527

Other Common Detection Aliases

Company Name Detection Name
avast Win32:VB-MBN [Trj]
AVG (GriSoft) Dropper.Small.AQD (Trojan horse)
Avira TR/Dldr.VB.keh
BitDefender Trojan.Generic.2209620
clamav Trojan.Downloader-68836
Eset Win32/Injector.HO trojan (variant)
FortiNet Dial/InstantAccess
F-Prot w32/skintrim.a
Kaspersky not-a-virus:Porn-Dialer.Win32.InstantAccess.fwy
microsoft Trojan:Win32/Skintrim.gen!D [generic]
norman W32/Dialer.DUIC
rising Trojan.Win32.Skintrim.FT
Sophos InstantAccess (PUA)
Symantec Trojan.Skintrim
vba32 Trojan-Downloader.Win32.VB.keh
V-Buster Trojan.Skintrim.DKX (trojan)
Vet (Computer Associates)


Collapse -
by Marianna Schmudlach / September 6, 2009 12:15 AM PDT

by Mary Bagtas (Anti-spam Research Engineer)

No one is absolutely safe from Influenza H1N1, not even world leaders.

This is the scenario painted by cybercriminals in their latest spam run. The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig Garc

Collapse -
FakeAV Generates Own Fake Malware Troj/FakeAV-AAB
by Marianna Schmudlach / September 6, 2009 12:17 AM PDT

September 6th, 2009 by CheeHui, SophosLabs AU

We?ve all seen FakeAV applications deliberately misreporting malware detection and encouraging the user to buy their ?products?. The slew of these fake anti-virus applications has been relentless. My colleague, Pete, has highlighted the importance of taking adequate measures to ensure that you do not fall for such scams.

This FakeAV ups the ante further.

Take a look at the following folder:

This is the typical My Documents folder for Windows. It shows the folder is by and large, empty with the exception of a few folders.

We now turn our attention to the FakeAV in question. When this particular Trojan (Troj/FakeAV-AAB) is executed, the following dialog box is displayed:

More: http://www.sophos.com/blogs/sophoslabs/

Collapse -
by Marianna Schmudlach / September 6, 2009 12:19 AM PDT
Collapse -
by Marianna Schmudlach / September 6, 2009 3:01 PM PDT
Collapse -
by Marianna Schmudlach / September 6, 2009 3:02 PM PDT

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!