Spyware, viruses, & security : VIRUS \ Spyware ALERTS - October 10, 2008
- 10/9/08 10:19 PM
VIRUS \ Spyware ALERTS - October 10, 2008
by Marianna Schmudlach - 10/9/08 10:19 PM
W32/Malas-H
Category Viruses and Spyware
Type Worm
W32/Malas-H is a worm for the Windows platform.
When first run W32/Malas-H copies itself to:
<User>\Application Data\usrinit.exe
<User>\Local Settings\startup.exe
<Temp>\systray.exe
<Common Files>\AdobeUpdate.exe
<Program Files>\XPCode\SexGame.exe
<Program Files>\XPCode\SexGameList.pif
<Program Files>\XPCode\SexScreenSaver.scr
http://www.sophos.com/security/analyses/viruses-and-spyware/w32malash.html?_log_from=rss
Troj/Rootkit-DW
by Marianna Schmudlach - 10/9/08 10:20 PM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrootkitdw.html?_log_from=rss
Troj/FakeAle-IE
by Marianna Schmudlach - 10/9/08 10:21 PM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeie.html?_log_from=rss
Troj/Bancban-QZ
by Marianna Schmudlach - 10/9/08 10:22 PM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancbanqz.html?_log_from=rss
Troj/Agent-HWP
by Marianna Schmudlach - 10/10/08 8:18 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Agent-HWP is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwp.html?_log_from=rss
Troj/Psyme-KF
by Marianna Schmudlach - 10/10/08 8:19 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpsymekf.html?_log_from=rss
Troj/Dloadr-BVI
by Marianna Schmudlach - 10/10/08 8:20 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvi.html?_log_from=rss
Troj/Agent-HWR
by Marianna Schmudlach - 10/10/08 8:22 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwr.html?_log_from=rss
Troj/Agent-HWQ
by Marianna Schmudlach - 10/10/08 8:23 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Aliases Generic Downloader.x
Trojan-Downloader.Win32.Agent.aiuc
Category Viruses and Spyware
Type Trojan
Troj/Agent-HWQ is a Trojan for the Windows platform.
When first run Troj/Agent-HWQ copies itself to <System>\userinit.exe and creates the file <Temp>\in1.tmp.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwq.html?_log_from=rss
Mal/ObfJS-X
by Marianna Schmudlach - 10/10/08 8:25 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Mal/ObfJS-X uses obfuscation to run other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/malobfjsx.html?_log_from=rss
W32/Yahlov-A
by Marianna Schmudlach - 10/10/08 8:27 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Aliases W32/Yahlover.worm.gen.f virus
TROJ_MALBEHV.AB
Trojan.Win32.Autoit.dq
W32.SillyFDC
Category Viruses and Spyware
Type Worm
How it spreads Removable storage devices
Network shares
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/w32yahlova.html?_log_from=rss
W32/Agent-HWS
by Marianna Schmudlach - 10/10/08 8:28 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32agenthws.html?_log_from=rss
Troj/Iframe-BA
by Marianna Schmudlach - 10/10/08 8:29 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BA is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframeba.html?_log_from=rss
Mal/Autorun-C
by Marianna Schmudlach - 10/10/08 8:30 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Mal/Autorun-C is a malicious program which typically spreads by copying itself to removable devices.
http://www.sophos.com/security/analyses/viruses-and-spyware/malautorunc.html?_log_from=rss
- Panda Security's weekly report on viruses and intruders -
by Marianna Schmudlach - 10/10/08 9:40 AM
In reply to: VIRUS \ Spyware ALERTS - October 10, 2008 by Marianna Schmudlach
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at the Lydra.AO Trojan, the Redvoz.A
backdoor Trojan and the Autorun.AHS worm.
Lydra.AO records users' activity on the infected computer and sends it
to the malware author. To do so, it remains active in the Windows memory
and starts capturing keystrokes and mouse movements. It also collects
email addresses found in files with certain extensions.
It stores the information gathered, together with the PC hardware and
software data, and sends it to the malware author via email. To do so,
it uses its own SMTP or MAPI engine.
Redvoz.A is a backdoor Trojan that connects to a remote server, which
allows the creator to run arbitrary commands on the infected computer
and take control of the system.
This new malicious code creates a system service for managing network
policies displayed by default by system services and third-party
applications. This service is run continuously and cannot be stopped,
making it difficult to remove. As the service is in a loop, the threat
is recreated if it is deleted.
Autorun.AHS is a worm designed to spread through the floppy disk drive.
When run on the computer, it modifies specific Registry entries to make
it seem as though the Task Manager, Windows Registry, Folder options and
Explorer files have been enabled. What it really does though, is replace
the Internet Explorer start page for a malicious page. It also modifies
the Windows Registry to run on every system startup.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
