Spyware, viruses, & security : VIRUS \ Spyware ALERTS - November 17, 2008
- 11/16/08 10:15 PM
REFERENCE SCRIPTS-MALWARE
by susanphelps - 11/17/08 4:57 PM In reply to: I would suggest......... by Marianna Schmudlach
Thank you - I will try this - it will probably take me all night and I may have some questions later. (It took be over 3-days, without sleep to eradicate MicroantivirusPro2009, can't tell you how many times went back to my previous restore point) even going by site instructions. I've been going through files since last night. I truly appreciate your assistance and step-by-step instructions - more than you know. Respectfully, Susan
Reference scripts - malware
by susanphelps - 11/19/08 6:10 AM In reply to: I would suggest......... by Marianna Schmudlach
Marianna - You have my undying gratitude...I ran Malwarebytes and it found and disposed of 20 adware intruders. The only problem I had was trying to disable my CA suite. I've been having a problem with it - trying to 'update my programs to an earlier one." I don't want to go backwards, but every few hours it pops up and tries to extract my files. I'm under the impression that you were only supposed to run one program for virus, one for spyware, one for spam, and one firewall. Anyway - I had to run it twice due to interference of ?something? I really appreciate your baby step instructions - that was awsome. You all are wonderful, thank you for your time and dedication. Have a wonderful Thanksgiving - I'm giving thanks for you all. Susan PS - After the first download - something hyjacked my touchpad cursor - nothing would respond - I just can't seem to get it right.
IF you are having any problems with CA Suite.....
by Marianna Schmudlach - 11/19/08 9:50 AM
In reply to: Reference scripts - malware by susanphelps
why don't you visit their forum?
http://homeofficeforum.ca.com/homeofficeforum/forumdisplay.php?s=0b9c7fe539778dbd2b8ceac686f5bbbb&f=14&order=desc
Yes, ONE Firewall, ONE Anti Virus, but you can have more than one Anti Malware program.
Did MalwareBytes Anti Malware clean up everything?
You could even give SuperAntiSpyware a try:
Download and scan with SUPERAntiSpyware Free for Home Users
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
W32/AutoRun-PC
by Marianna Schmudlach - 11/17/08 9:32 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Aliases Worm.Win32.AutoRun.ryz
Win32/AutoRun.Agent.AO worm
Category Viruses and Spyware
Type Worm
W32/AutoRun-PC is a worm for the Windows platform.
W32/AutoRun-PC includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/AutoRun-PC copies itself to <Program Files>\Microsoft Common\svchost.exe.
The following registry entry is changed to run W32/AutoRun-PC on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger
<Program Files>\Microsoft Common\svchost.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunpc.html?_log_from=rss
VBS/Sasan-J
by Marianna Schmudlach - 11/17/08 9:33 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Worm
How it spreads Removable storage devices
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/vbssasanj.html?_log_from=rss
Troj/Zbot-AX
by Marianna Schmudlach - 11/17/08 9:34 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Aliases Trojan-Spy.Win32.Zbot.gkj
Category Viruses and Spyware
Type Trojan
Troj/Zbot-AX is a Trojan for the Windows platform.
Troj/Zbot-AX includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zbot-AX is installed the following files are created:
<System>\ntos.exe
<System>\wsnpoem\audio.dll
<System>\wsnpoem\video.dll
The following registry entry is changed to run ntos.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\ntos.exe,
http://www.sophos.com/security/analyses/viruses-and-spyware/trojzbotax.html?_log_from=rss
Troj/PWS-AWD
by Marianna Schmudlach - 11/17/08 9:35 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpwsawd.html?_log_from=rss
Troj/Buzus-X
by Marianna Schmudlach - 11/17/08 9:35 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbuzusx.html?_log_from=rss
Troj/Buzus-W
by Marianna Schmudlach - 11/17/08 9:37 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbuzusw.html?_log_from=rss
Troj/Agent-IGU
by Marianna Schmudlach - 11/17/08 9:37 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentigu.html?_log_from=rss
Troj/Agent-IGT
by Marianna Schmudlach - 11/17/08 9:38 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentigt.html?_log_from=rss
Troj/Agent-IGS
by Marianna Schmudlach - 11/17/08 9:39 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentigs.html?_log_from=rss
Sus/ObfJS-BM
by Marianna Schmudlach - 11/17/08 9:41 AM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/ObfJS-BM exhibits characteristics commonly, but not exclusively, found in malware.
How it spreads Web browsing
Affected operating systems Windows
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susobfjsbm.html?_log_from=rss
Troj/FakeAle-JW
by Marianna Schmudlach - 11/17/08 12:53 PM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/FakeAle-JW is a Trojan for the Windows platform.
When Troj/FakeAle-JW is installed the following files are created:
<Temp>\flav.exe
<System>\brastk.exe
<System>\dllcache\figaro.sys
<System>\drivers\ctfmon.exe
The file ctfmon.exe is detected as Mal/Behav-009 and the file figaro.sys is detected as Mal/FakeAle-C.
The following registry entries are created to run Troj/FakeAle-JW on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
systemz
<System>\drivers\ctfmon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
brastk
<System>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealejw.html?_log_from=rss
Troj/Dwnldr-HKR
by Marianna Schmudlach - 11/17/08 12:54 PM
In reply to: VIRUS \ Spyware ALERTS - November 17, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Dwnldr-HKR is a Trojan for the Windows platform.
Troj/Dwnldr-HKR attempts to download and run executable files.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhkr.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
