Find the perfect gift for everyone
Spyware, viruses, & security : VIRUS \ SPYWARE ALERTS - October 20, 2009
- 10/20/09 7:49 AM
VIRUS \ SPYWARE ALERTS - October 20, 2009
by Marianna Schmudlach - 10/20/09 7:49 AM
Troj/Banker-EUQ
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/Banker-EUQ is a Trojan for the Windows platform.
Troj/Banker-EUQ includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Banker-EUQ copies itself to
<SystemRoot>\system32\drivers\microsoft.exe
and creates the following files:
<System>infec.ini
<Program Files>systemsph.ini
Troj/Banker-EUQ sets the following registry entries to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Internet_Explorer"
"<SystemRoot>\\system32\\drivers\\microsoft.exe"
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankereuq.html?_log_from=rss
Troj/DwnLdr-HXS
by Marianna Schmudlach - 10/20/09 7:50 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/DwnLdr-HXS is a Trojan for the Windows platform.
When run, it immediately tries to download self "main component," - Troj/Banker-EUQ.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhxs.html?_log_from=rss
Troj/JPGIfram-A
by Marianna Schmudlach - 10/20/09 7:51 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjpgiframa.html?_log_from=rss
Troj/ZipMal-B
by Marianna Schmudlach - 10/20/09 7:51 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzipmalb.html?_log_from=rss
W32/Autorun-ATH
by Marianna Schmudlach - 10/20/09 7:52 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
How it spreads
* Removable storage devices
Affected operating systems Windows
Characteristics
* Drops more malware
* Installs itself in the registry
W32/Autorun-ATH is a worm for the Windows platform.
When W32/Autorun-ATH is installed the following files are created:
<System>\csrcs.exe - detected as W32/Autorun-ATH.
<Temp>\suicide.bat - detected as W32/AutoRun-SK.
The following registry entry is created to run csrcs.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
csrcs
<System>\csrcs.exe
The following registry entry is changed to run csrcs.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe csrcs.exe
Registry entries are set as follows:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\DRM\amty
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunath.html?_log_from=rss
W32/Dref-U
by Marianna Schmudlach - 10/20/09 7:53 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Virus
How it spreads
* Email attachments
* Infected files
Affected operating systems Windows
Characteristics
* Drops more malware
* Installs itself in the registry
W32/Dref-U is a virus with mass-mailing capability for the Windows platform.
W32/Dref-U spreads to other network computers and via email.
W32/Dref-U includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Dref-U copies itself to <System>\ppl.exe and creates the following registy keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
agent
<System>\ppl.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
agent
<System>\ppl.exe
W32/Dref-U sets the following registry entries, disabling the automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).
W32/Dref-U may also attempt to drop a randomly named file into the current folder and run it. This file is detected by Sophos as Troj/Dloadr-ANE.
Files infected by W32/Dref-U are detected by Sophos as W32/Dref-L.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32drefu.html?_log_from=rss
Cinmus
by Marianna Schmudlach - 10/20/09 7:55 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Adware or PUA
Type
* Adware
Affected operating systems Windows
Cinmus is an adware application.
http://www.sophos.com/security/analyses/adware-and-puas/cinmus.html
Troj/Oficla-Gen
by Marianna Schmudlach - 10/20/09 7:56 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Characteristics
* Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/trojoficlagen.html?_log_from=rss
Troj/Mdrop-CGZ
by Marianna Schmudlach - 10/20/09 7:57 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/Mdrop-CGZ is a Trojan for the Windows platform.
Troj/Mdrop-CGZ drops malware detected as Troj/Oficla-Gen.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropcgz.html?_log_from=rss
Troj/KeyGen-DD
by Marianna Schmudlach - 10/20/09 7:57 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeygendd.html?_log_from=rss
Troj/DocDrop-N
by Marianna Schmudlach - 10/20/09 7:58 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdocdropn.html?_log_from=rss
Troj/ByteVer-D
by Marianna Schmudlach - 10/20/09 7:59 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/ByteVer-D is a Trojan for the Windows platform.
Troj/ByteVer-D attempts to download a file from a remote website to C:\WindowsUpdate.exe and execute it.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbyteverd.html?_log_from=rss
Troj/Agent-LMQ
by Marianna Schmudlach - 10/20/09 8:00 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlmq.html?_log_from=rss
Troj/Agent-LMP
by Marianna Schmudlach - 10/20/09 8:01 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/Agent-LMP is a Trojan for the Windows platform.
When Troj/Agent-LMP is installed it creates the file <System>\csrcs.exe.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlmp.html?_log_from=rss
Troj/Agent-LMO
by Marianna Schmudlach - 10/20/09 8:01 AM
In reply to: VIRUS \ SPYWARE ALERTS - October 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlmo.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
