HP TouchSmart. Touch the future now.
Spyware, viruses, & security : VIRUS\ SPYWARE ALERTS - February 20, 2009
- 2/19/09 8:29 PM
VIRUS\ SPYWARE ALERTS - February 20, 2009
by Marianna Schmudlach - 2/19/09 8:29 PM
W32/Waled-AY
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32waleday.html?_log_from=rss
Troj/ServU-FQ
by Marianna Schmudlach - 2/19/09 8:30 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/ServU-FQ is a modified version of a commercial FTP application.
Troj/ServU-FQ runs continuously in the background providing an FTP server on a TCP port specified in its configuration file (the default is port 43958).
Troj/ServU-FQ is installed the following files are created:
<Current Folder>\perfci.osx
<Current Folder>\tslabels.osx
http://www.sophos.com/security/analyses/viruses-and-spyware/trojservufq.html?_log_from=rss
Troj/Mdrop-BZK
by Marianna Schmudlach - 2/19/09 8:31 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Mdrop-BZK is a password protected self-extracting archive, that exports its file to the <SYSTEM> folder.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbzk.html?_log_from=rss
Troj/FakeVir-KR
by Marianna Schmudlach - 2/19/09 8:33 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirkr.html?_log_from=rss
Troj/FakeAV-LE
by Marianna Schmudlach - 2/19/09 8:34 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Aliases
* Win32/TrojanDownloader.FakeAlert.YV
* Trojan.Win32.Monder.bdnr
Category
* Viruses and Spyware
Type
* Trojan
Troj/FakeAV-LE is a Trojan for the Windows platform.
Troj/FakeAV-LE includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/FakeAV-LE copies itself to <System>\frmwrk32.exe and creates the clean data file <System>\uniq.tll.
The following registry entry is created to run frmwrk32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Framework Windows
frmwrk32.exe
More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavle.html?_log_from=rss
Troj/Agent-HXJ
by Marianna Schmudlach - 2/19/09 8:35 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxj.html?_log_from=rss
W32/AutoRun-YP
by Marianna Schmudlach - 2/19/09 10:11 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
W32/AutoRun-YP is a worm for the Windows platform.
When run W32/AutoRun-YP copies itself to <System>\csrcs.exe and creates the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SuperHidden
0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe csrcs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
csrcs
<System>\csrcs.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunyp.html?_log_from=rss
W32/AutoRun-YO
by Marianna Schmudlach - 2/19/09 10:12 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
W32/AutoRun-YO is a worm for the Windows platform.
When run W32/AutoRun-YO copies itself to <System>\csrcs.exe and creates the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SuperHidden
0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe csrcs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
csrcs
<System>\csrcs.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunyo.html?_log_from=rss
W32/AutoRun-YN
by Marianna Schmudlach - 2/19/09 10:13 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
W32/AutoRun-YN is a worm for the Windows platform.
W32/AutoRun-YN spreads via removable hard drives by copying itself to:
<Root>\RECYCLER\<User>\shellrun.exe and creating the file <Root>\autorun.inf (detected as W32/HostInf-A).
When run W32/AutoRun-YN copies itself to <System>\symdbsv.exe, modifies the HOSTS file and sets the following registry entries:
More:http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunyn.html?_log_from=rss
W32/Autorun-YM
by Marianna Schmudlach - 2/19/09 10:14 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunym.html?_log_from=rss
W32/AutoRun-YL
by Marianna Schmudlach - 2/19/09 10:15 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
W32/AutoRun-YL is a worm for the Windows platform.
When run W32/AutoRun-YL copies itself to <System>\msnmsg.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Live
msnmsg.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunyl.html?_log_from=rss
Troj/Zbot-CW
by Marianna Schmudlach - 2/19/09 10:16 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotcw.html?_log_from=rss
Troj/Zbot-CV
by Marianna Schmudlach - 2/19/09 10:17 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotcv.html?_log_from=rss
Troj/BHO-KB
by Marianna Schmudlach - 2/19/09 10:18 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhokb.html?_log_from=rss
Troj/Agent-IYL
by Marianna Schmudlach - 2/19/09 10:19 PM
In reply to: VIRUS\ SPYWARE ALERTS - February 20, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Agent-IYL is a Trojan for the Windows platform.
When first run Troj/Agent-IYL copies itself to the Windows system folder.
Troj/Agent-IYL may install a new version of the file <System>\msinet.ocx.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiyl.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
