Spyware, viruses, & security : VIRUS \ SPYWARE ALERTS - June 5, 2009
- 6/5/09 6:39 AM
VIRUS \ SPYWARE ALERTS - June 5, 2009
by Marianna Schmudlach - 6/5/09 6:39 AM
Avert Labs Low-Profiled Threat Notice: Generic Downloader.c
Notice
This is a Low-Profiled Threat Notice for Generic Downloader.c
Justification
Generic Downloader.c has been deemed a Low-Profiled threat due to media attention at http://isc.sans.org/diary.html?storyid=6511&rss.
Generic Downloader.c is referred to as "details.rtf" in article at sans.org.
Read About It
Information about Generic Downloader.c is located on VIL at: http://vil.nai.com/vil/content/v_103794.htm
Detection
Generic Downloader.c was first discovered on January 21, 2004 and detection, for this particular variant, will be added to the 5637 dat files (Release Date: June 5, 2009).
Though we consider this a low threat, An EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page: https://www.webimmune.net/extra/getextra.aspx
If you suspect you have Generic Downloader.c, please submit a sample to http://www.webimmune.net
Troj/Drop-CD
by Marianna Schmudlach - 6/5/09 6:41 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdropcd.html?_log_from=rss
Troj/Dloadr-CJV
by Marianna Schmudlach - 6/5/09 6:41 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcjv.html?_log_from=rss
Troj/Agent-JGR
by Marianna Schmudlach - 6/5/09 6:42 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentjgr.html?_log_from=rss
Troj/VB-ECS
by Marianna Schmudlach - 6/5/09 6:43 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojvbecs.html?_log_from=rss
Troj/StartP-BY
by Marianna Schmudlach - 6/5/09 6:44 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Troj/StartP-BY is a Trojan for the Windows platform.
Troj/StartP-BY is likely to be seen masquerading as a legitimate application (for example, trial version of some popular software). However, the installer includes malicious content which modifies the default homepage for Internet Explorer and Firefox browsers.
For Internet Explorer, the following Registry entry is made:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
http://www.[removed].com/
For Firefox, the prefs.js file within each of the Mozilla profiles on the computer, is modified to set the browser.startup.homepage option to the same URL.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojstartpby.html?_log_from=rss
Troj/Mdrop-CBO
by Marianna Schmudlach - 6/5/09 6:45 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropcbo.html?_log_from=rss
Troj/BHO-MH
by Marianna Schmudlach - 6/5/09 6:46 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Aliases
* Win32/BHO.TBL
Category
* Viruses and Spyware
Type
* Trojan
Troj/BHO-MH is a Trojan for the Windows platform.
When Troj/BHO-MH is installed it creates the clean file
<User>\Application Data\IEApplet.dll.
Registry entries are created under:
HKCR\FirstBHO.HelloWorldBHO
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhomh.html?_log_from=rss
Troj/Banker-EQF
by Marianna Schmudlach - 6/5/09 6:47 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankereqf.html?_log_from=rss
Mid/Gift-32768
by Marianna Schmudlach - 6/5/09 6:47 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Virus
This virus is part of the W32/Gift-32768 virus.
http://www.sophos.com/security/analyses/viruses-and-spyware/midgift32768.html?_log_from=rss
Mal/Behav-342
by Marianna Schmudlach - 6/5/09 6:48 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav342.html?_log_from=rss
Mal/FakeAV-AX
by Marianna Schmudlach - 6/5/09 6:49 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Aliases
* Trojan-Downloader.Win32.FraudLoad
* FakeAlert-WinwebSecurity
* TROJ_FAKEAV
* TROJ_FRAUDLOA
* TROJ_WINWEBSEC
* Trojan:Win32/Winwebsec
* PWS:Win32/Zbot
Category
* Viruses and Spyware
Type
* Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavax.html?_log_from=rss
Troj/Agent-JEZ
by Marianna Schmudlach - 6/5/09 6:50 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentjez.html?_log_from=rss
Troj/Dloadr-CJH
by Marianna Schmudlach - 6/5/09 6:51 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcjh.html?_log_from=rss
Troj/FakeAV-PL
by Marianna Schmudlach - 6/5/09 6:52 AM
In reply to: VIRUS \ SPYWARE ALERTS - June 5, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavpl.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
