Spyware, viruses, & security : VIRUS \ SPYWARE ALERTS - March 31, 2009
- 3/30/09 9:15 PM
VIRUS \ SPYWARE ALERTS - March 31, 2009
by Marianna Schmudlach - 3/30/09 9:15 PM
W32/Tiotua-AP
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32tiotuaap.html?_log_from=rss
W32/Autorun-ADO
by Marianna Schmudlach - 3/30/09 9:16 PM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunado.html?_log_from=rss
Troj/PSW-GN
by Marianna Schmudlach - 3/30/09 9:17 PM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpswgn.html?_log_from=rss
Troj/Poison-AT
by Marianna Schmudlach - 3/30/09 9:18 PM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Poison-AT is a Trojan for the Windows platform.
When run Troj/Poison-AT copies itself to <System>\Msxmlcol.exe and creates the file <System>\Msxmlcol (which can be safely deleted). The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D38C6DC-D78C-9AD6-B45D-4DAAC33FD5EF}
StubPath
<System>\Msxmlcol.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpoisonat.html?_log_from=rss
Troj/DwnLdr-HPO
by Marianna Schmudlach - 3/30/09 9:18 PM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhpo.html?_log_from=rss
PWS-OnlineGames.dt.dll
by Marianna Schmudlach - 3/31/09 9:10 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Type
Trojan
SubType
Application extension
Overview -
This description is for a password stealing and keylogging Trojan which attempts to steal system information and user information for certain online games.
The characteristics of this password stealer with regards to passwords stolen, sites accessed, files downloaded etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.
Aliases
* Gh0stRat
* GhostRat
Characteristics
Characteristics -
As this detection covers many variants, the characteristics of this Trojan Password Stealer with regards to the file names, registry keys, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.
Depending on the variant, it may create any of the following autostart registry entries:
More: http://vil.nai.com/vil/content/v_154167.htm
Mal/Swizzor-D
by Marianna Schmudlach - 3/31/09 10:17 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Malicious Behavior
Mal/Swizzor-D is a family of Trojans which have functionality to download and execute files from the internet.
http://www.sophos.com/security/analyses/viruses-and-spyware/malswizzord.html
Troj/Agent-JLK
by Marianna Schmudlach - 3/31/09 10:18 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentjlk.html
Troj/Agent-JLL
by Marianna Schmudlach - 3/31/09 10:20 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentjll.html
Troj/Evenex-D
by Marianna Schmudlach - 3/31/09 10:22 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Evenex-D detects files that exploit a vulnerability in Excel (Microsoft Security Advisory 968272).
http://www.sophos.com/security/analyses/viruses-and-spyware/trojevenexd.html
Troj/Agent-JKT
by Marianna Schmudlach - 3/31/09 10:23 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Agent-JKT is a Trojan for the Windows platform.
Troj/Agent-JKT includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentjkt.html
Troj/Delf-FBU
by Marianna Schmudlach - 3/31/09 10:24 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Delf-FBU is a Trojan for the Windows platform.
When first run Troj/Delf-FBU copies itself to <Common Files>\Microsoft Shared\msinfo\Mighng.exe.
The file Mighng.exe is registered as a new system driver service named "Networkection", with a display name of "Connection Sharing Networkection" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Networkection
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelffbu.html
Troj/Inject-GE
by Marianna Schmudlach - 3/31/09 10:25 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Inject-GE is a Trojan for the Windows platform.
When run Troj/Inject-GE copies itself to <Windows>\winlogon.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Window UDP Control Servic
winlogon.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjectge.html
Troj/LdPinch-SD
by Marianna Schmudlach - 3/31/09 10:29 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/LdPinch-SD is a Trojan for the Windows platform.
When run Troj/LdPinch-SD creates the file <System>\<random characters>.dll (detected as Troj/LdPinch-SD).
The following registry entries are set:
HKCR\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186}\InprocServer32
(Default)
<System>\<random characters>.dll
HKCR\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186}\InprocServer32
ThreadingModel
Apartment
http://www.sophos.com/security/analyses/viruses-and-spyware/trojldpinchsd.html
Troj/Bckdr-QSY
by Marianna Schmudlach - 3/31/09 10:33 AM
In reply to: VIRUS \ SPYWARE ALERTS - March 31, 2009 by Marianna Schmudlach
Aliases
* BackDoor-CGX.svr
* Possibly a new variant of W32/Internet-Trojan-patched-based!Maximus
Category
* Viruses and Spyware
Type
* Trojan
Troj/Bckdr-QSY is a Trojan for the Windows platform.
Troj/Bckdr-QSY includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bckdr-QSY copies itself to <System>\serviecs.exe and creates the file <System>\serviecs.cfg.
The file serviecs.exe is registered as a new system driver service named "Netlogin", with a display name of "Net Login" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Netlogin
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqsy.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
