Find Whirlpool Deals at Lowe’s
Spyware, viruses, & security : VIRUS \ Spyware ALERTS - February 13, 2009
- 2/12/09 7:46 PM
VIRUS \ Spyware ALERTS - February 13, 2009
by Marianna Schmudlach - 2/12/09 7:46 PM
W32/Autorun-XP
Category Viruses and Spyware
Type Worm
W32/Autorun-XP is a worm for the Windows platform.
W32/Autorun-XP copies itself to <WINDOWS>\system\wmisync.exe and creates a service named "WMISYNC" to run on startup.
W32/Autorun-XP spreads via removable storage devices and local network shares.
W32/Autorun-XP also drops <SYSTEM>\drivers\sysdrv32.sys which Sophos detects as "TCP-Z TCP Patch and Monitor".
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunxp.html?_log_from=rss
Troj/PSW-GI
by Marianna Schmudlach - 2/12/09 7:47 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/PSW-GI is a Trojan for the Windows platform.
When run Troj/PSW-GI copies itself to <System>\wins\setup\msmgrs.exe and creates the files:
<Start Menu>\ntdll.lnk - this file can be deleted
<System>\wins\syskl32.sys - this file can be deleted
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpswgi.html?_log_from=rss
Troj/Mdrop-BZB
by Marianna Schmudlach - 2/12/09 7:48 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbzb.html?_log_from=rss
Troj/KeyLog-LF
by Marianna Schmudlach - 2/12/09 7:49 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeyloglf.html?_log_from=rss
Troj/HackTl-C
by Marianna Schmudlach - 2/12/09 7:50 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Unix
http://www.sophos.com/security/analyses/viruses-and-spyware/trojhacktlc.html?_log_from=rss
Troj/FakeVir-KJ
by Marianna Schmudlach - 2/12/09 7:51 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirkj.html?_log_from=rss
Troj/FakeAV-KU
by Marianna Schmudlach - 2/12/09 7:52 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavku.html?_log_from=rss
Troj/Agent-IWT
by Marianna Schmudlach - 2/12/09 7:53 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiwt.html?_log_from=rss
Troj/Agent-IWS
by Marianna Schmudlach - 2/12/09 7:54 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiws.html?_log_from=rss
Troj/Agent-IWR
by Marianna Schmudlach - 2/12/09 7:55 PM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Agent-IWR is a Trojan for the Windows platform.
Troj/Agent-IWR copies itself to <SYSTEM>\userinit.exe, saving the original Windows file to <SYSTEM>\init32.exe.
Troj/Agent-IWR also drops additional malware detected as Mal/FakeVirPk-A.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiwr.html?_log_from=rss
Troj/Small-EMT
by Marianna Schmudlach - 2/13/09 7:43 AM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallemt.html?_log_from=rss
Troj/PWS-AYJ
by Marianna Schmudlach - 2/13/09 7:45 AM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsayj.html?_log_from=rss
W32/Scribble-A
by Marianna Schmudlach - 2/13/09 7:46 AM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Aliases Virus.Win32.Virut.ce
PE_VIRUX.A
Virus:Win32/Virut.BM
Category Viruses and Spyware
Type Virus
W32/Scribble-A is a polymorphic virus for the Windows platform.
W32/Scribble-A allows a remote attacker to gain access and control over the infected computer through IRC channels.
W32/Scribble-A infects files with the EXE and SCR extensions when they are opened or run.
W32/Scribble-A injects a malicious iframe into files whose extensions start with HTM, PHP or ASP, with affected files detected as Troj/Fujif-Gen. At the time of writing the iframe points to a site that hosts more malware.
The virus also adds a line to the Windows HOSTS file so that redirects this host to the loopback address.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32scribblea.html?_log_from=rss
W32/AutoRun-XQ
by Marianna Schmudlach - 2/13/09 7:47 AM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Worm
W32/AutoRun-XQ is a worm for the Windows platform.
When run W32/AutoRun-XQ copies itself to <Windows>\gphone.exe amd <System>\gphone.exe and creates the file <System>\autorun.ini (detected as W32/Sohana-BI).
The following registry entries are set:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
shared
New Folder.exe
More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunxq.html?_log_from=rss
VBS/AutoRun-IB
by Marianna Schmudlach - 2/13/09 7:48 AM
In reply to: VIRUS \ Spyware ALERTS - February 13, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Worm
VBS/AutoRun-IB is a VB script worm for the Windows platform.
When run VBS/AutoRun-IB copies itself to <Windows>\SysRes.vbs or Radz_Services.vbs and sets the following registry entry to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
System Restore
wscript.exe <Windows>\SysRes.vbs\
More: http://www.sophos.com/security/analyses/viruses-and-spyware/vbsautorunib.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
