Go to Windows 7 Insider Guide
Spyware, viruses, & security : VIRUS \ SPYWARE ALERTS - April 24, 2009
- 4/24/09 6:45 AM
VIRUS \ SPYWARE ALERTS - April 24, 2009
by Marianna Schmudlach - 4/24/09 6:45 AM
Troj/DwnLdr-HQF
Category
* Viruses and Spyware
Type
* Trojan
Troj/DwnLdr-HQF is a Trojan for the Windows platform.
When run Troj/DwnLdr-HQF copies itself to <Windows>\winlogon.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Window UDP Control Servic
winlogon.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhqf.html?_log_from=rss
Troj/Banker-ERI
by Marianna Schmudlach - 4/24/09 6:46 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankereri.html?_log_from=rss
W32/AutoRun-AFV
by Marianna Schmudlach - 4/24/09 6:47 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
W32/AutoRun-AFV is a worm for the Windows platform.
W32/AutoRun-AFV includes functionality to access the internet and communicate with a remote server via HTTP.
W32/AutoRun-AFV copies itself to removable drives.
When first run W32/AutoRun-AFV copies itself to <System>\uret463.exe and creates the following files:
<System>\drivers\klif.sys
<System>\lhgjyit0.dll
The file klif.sys is detected as Troj/Klif-Gen.
The following registry entry is created to run uret463.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dorfgwe
<System>\uret463.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunafv.html?_log_from=rss
W32/Autorun-AFU
by Marianna Schmudlach - 4/24/09 6:48 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunafu.html?_log_from=rss
Troj/Zbot-FJ
by Marianna Schmudlach - 4/24/09 6:49 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/Zbot-FJ is a Trojan for the Windows platform.
Troj/Zbot-FJ has been seen to be spammed out in an email with the following message text:
Your transaction has been processed by WorldPay, on behalf of Amazon Inc.
The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Amazon Inc has received your order,
and will inform you about delivery.
Sincerely,
Amazon Team
This confirmation only indicates that your transaction has been processed successfully.
It does not indicate that your order has been accepted.
It is the responsibility of Amazon Inc to confirm that
your order has been accepted, and to deliver any goods or services you have ordered.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotfj.html?_log_from=rss
Troj/Rootkit-FR
by Marianna Schmudlach - 4/24/09 6:50 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojrootkitfr.html?_log_from=rss
Troj/Banker-ERJ
by Marianna Schmudlach - 4/24/09 6:51 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankererj.html?_log_from=rss
Mal/FakeAV-AR
by Marianna Schmudlach - 4/24/09 6:52 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavar.html?_log_from=rss
Mal/FakeAV-AQ
by Marianna Schmudlach - 4/24/09 6:53 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavaq.html?_log_from=rss
Exp/MS06048-A
by Marianna Schmudlach - 4/24/09 6:54 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Exploit
Exp/MS06048-A detects malicious Microsoft PowerPoint presentations that exploit CVE-2006-3590. Please refer to Microsoft patch MS06-048 for more details.
http://www.sophos.com/security/analyses/viruses-and-spyware/expms06048a.html?_log_from=rss
W32/Prolaco-B
by Marianna Schmudlach - 4/24/09 6:56 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
http://forums.cnet.com/5224-6132_102-0.html?forumID=32&threadID=340338&messageID=3031501&tag=forums06;posts
Troj/FakeAV-PO
by Marianna Schmudlach - 4/24/09 6:57 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavpo.html?_log_from=rss
Troj/Bckdr-QTS
by Marianna Schmudlach - 4/24/09 6:58 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
When Troj/Bckdr-QTS is installed it creates the file <Windows>\iexplore.exe - also detected as Troj/Bckdr-QTS.
The following registry entry is created to run iexplore.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
windows Live Messenger
iexplore.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqts.html?_log_from=rss
Mal/EncPk-HW
by Marianna Schmudlach - 4/24/09 6:59 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkhw.html?_log_from=rss
Virus Alerts [Panda Security's weekly report on viruses and
by Marianna Schmudlach - 4/24/09 10:28 AM
In reply to: VIRUS \ SPYWARE ALERTS - April 24, 2009 by Marianna Schmudlach
Virus Alerts [Panda Security's weekly report on viruses and intruders - 04/24/09]
- Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at SMSlock.A, AVAntispyware and
Waledac.AX.
The SMSlock.A Trojan blocks users' computers and asks for a ransom
payment. To do so, once blocked it displays a screen in Russian
requesting users to send an SMS with a specific text, which randomly
changes, to a phone number (image here:
http://www.flickr.com/photos/panda_security/3470517956/)
"It is not the first time this type of blackmailer Trojans appear,
however, the way in which payment is requested (SMS) is new," explains
Luis Corrons, technical director of PandaLabs.
For more information about this malware strain, go to the PandaLabs
blog:
http://pandalabs.pandasecurity.com/archive/Ransomware-Reloaded.aspx
AVAAntiSpyware, on the other hand, is an adware aimed at selling users a
fake antivirus. This adware, like all of its kind, simulates a system
scan, detecting several malware variants which are really not on the
computer.
It then displays a window in which users can purchase a "Premium"
version of a product to delete the supposed malware, or continue
unprotected. If users decide to continue unprotected, the malicious
code starts displaying warnings and windows informing users they are
infected, so they purchase the Premium version.
However, if users decide to purchase the pay version, they will be asked
to pay a "reasonable" sum. The only difference on activating the pay
product is that false detection warnings will disappear in subsequent
scans. Images at:
http://www.flickr.com/photos/panda_security/tags/avantispyware/
Finally, Waledac.AX is a worm that is distributed through the SMTP mail
protocol. It sends two types of mails, one to infect victims and another
by the way of advertising messages or spam. Below are some of the
subjects used:
Can your health problems be solved
Give you lover new intimate feeling.
Which one of enlarhing products really work?
Additionally, it is distributed through different Web pages, one of
which offers an application that supposedly allows users to read
third-party SMSs. On downloading the application, users actually
download the worm onto their computer.
This worm is also designed to steal passwords and email addresses, which
it encrypts and sends to different IP addresses.
More information about these and other malicious codes is available in
the Panda Security Encyclopedia
http://www.pandasecurity.com/spain/homeusers/security-info/about-malware
/encyclopedia/
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
