Spyware, viruses, & security : VIRUS \ Spyware ALERTS - January 29, 2009
- 1/28/09 9:48 PM
VIRUS \ Spyware ALERTS - January 29, 2009
by Marianna Schmudlach - 1/28/09 9:48 PM
W32/Mytob-C
Category Viruses and Spyware
Type Virus
W32/Mytob-C is a mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
When first run the worm copies itself to the Windows system folder as wfdmgr.exe and creates the following registry entries so as to auto-start:
More: http://www.sophos.com/security/analyses/viruses-and-spyware/w32mytobc.html?_log_from=rss
Troj/Mosuck-AX
by Marianna Schmudlach - 1/28/09 9:50 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmosuckax.html?_log_from=rss
Troj/MDrop-BYN
by Marianna Schmudlach - 1/28/09 9:51 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
When Troj/MDrop-BYN is installed it creates the file <Current Folder>\dfxspc.dll.
The file dfxspc.dll is detected as Mal/Behav-304.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbyn.html?_log_from=rss
Troj/FakeAV-JS
by Marianna Schmudlach - 1/28/09 9:52 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavjs.html?_log_from=rss
Troj/Dloadr-CFT
by Marianna Schmudlach - 1/28/09 9:53 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcft.html?_log_from=rss
Troj/Bdoor-ASH
by Marianna Schmudlach - 1/28/09 9:55 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdoorash.html?_log_from=rss
Mal/EncPk-GV
by Marianna Schmudlach - 1/28/09 9:56 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkgv.html?_log_from=rss
Troj/Spy-BQ
by Marianna Schmudlach - 1/28/09 9:57 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojspybq.html?_log_from=rss
W32/Sdbot.worm.gen.z
by Marianna Schmudlach - 1/28/09 10:00 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Type Virus SubType Generic Worm
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
Packed.Win32.Black.a (Kaspersky) Worm:Win32/DuiskBot.gen (Microsoft)
Characteristics
Characteristics -
Update: 01/28/2009
A recent variant named wintcpi.exe exhibits the following behavior:
The worm file is Themida-packed The process opens three TCP ports for listening and one for sending data using IRC. The port numbers vary The following command is sent to try to join an IRC channel
NICK [0]USA|XP-SP0[P]643318
USER laMer "localhost" "gsta.q8pilots.net" :lamer The worm is injected into csrss.exe and services.exe. If the malicious process is closed then it respawns and tries to reach the command server repeatedly on increasing port numbersFiles added:
More: http://vil.mcafeesecurity.com/vil/content/v_128504.htm
RpcDcom.c
by Marianna Schmudlach - 1/28/09 10:01 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Type Program SubType Win32
http://vil.mcafeesecurity.com/vil/content/v_120624.htm
Puper.gen.j
by Marianna Schmudlach - 1/28/09 10:02 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Type Trojan SubType Generic
Overview -
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, attempts to download malicious files to the local computer and execute them.
Aliases
FakeAlert-BE.gen[McAfee] packed with: UPX [Kaspersky Lab] Trojan-Downloader.Win32.Zlob.aaru [Kaspersky Lab] Trojan.Popuper.origin (Doctor Web) Trojan.Zlob [Ikarus] Trojan.Zlob [Symantec] TrojanDownloader:Win32/Zlob.gen!DA [Microsoft]
Characteristics
Characteristics -
A new variant of Puper Trojans has been discovered.
http://vil.nai.com/vil/content/v_133666.htm
The Puper family of trojans is used to modify the internet explorer home page and search page in addition to monitoring internet usage.
The Puper Trojan’s monitors its own processes and will continually execute them to ensure they stay in memory. Additionally it will launch every time explorer.exe gets launched.
This Trojan may drop hpxxxx.tmp where xxxx is random characters. This file will be detected as puper.dll and is responsible for the start page and search page behavior.
More: http://vil.mcafeesecurity.com/vil/content/v_152819.htm
Puper.gen.h
by Marianna Schmudlach - 1/28/09 10:03 PM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Type Trojan SubType Generic
Overview -
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, attempts to download malicious files to the local computer and execute them.
Aliases
FakeAlert-BE.gen [McAfee] Troj/Zlob-ALO [Sophos] Trojan-Downloader.Win32.Zlob.yjr [Kaspersky Lab] Trojan.Popuper [PCTools] Trojan.Zlob [Ikarus] Trojan.Zlob [Symantec] TrojanDownloader:Win32/Zlob.gen!BD [Microsoft]
Characteristics
Characteristics -
Puper Trojan hijacks the default Internet Explorer settings and changes your Internet Explorer homepage. It also appears as a security alert notifying users that their PC has been compromised and then downloads rogue antispyware products onto their PC.
The following Internet Connection was established
More: http://vil.mcafeesecurity.com/vil/content/v_150076.htm
trojan
by gpriceshop02 - 1/29/09 5:06 AM In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
yes trojans are worst if not dealt properly. but update anti virus always.i just suggest you to use all the hardwares related to the anti virus from the best manufacturers of its kind and my uncle just disclosed his store of gaming :
http://www.gpriceshop.com/blog/
i also bought the products from the best in the industries.
Guys just check this out. live well to play well
Troj/FakeAV-JT
by Marianna Schmudlach - 1/29/09 7:53 AM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavjt.html?_log_from=rss
Troj/Dloadr-CFU
by Marianna Schmudlach - 1/29/09 7:55 AM
In reply to: VIRUS \ Spyware ALERTS - January 29, 2009 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrcfu.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
