Spyware, viruses, & security : VIRUS \ SPYWARE ALERTS - November 11, 2009
- 11/11/09 7:45 AM
Troj/Sasfis-C
by Marianna Schmudlach - 11/11/09 7:57 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Characteristics
* Drops more malware
Troj/Sasfis-C is a Trojan for the Windows platform.
Troj/Sasfis-C drops malware detected as Troj/Oficla-Gen.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojsasfisc.html?_log_from=rss
Troj/Agent-LTL
by Marianna Schmudlach - 11/11/09 7:58 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/Agent-LTL is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentltl.html?_log_from=rss
Troj/Agent-LTK
by Marianna Schmudlach - 11/11/09 7:59 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Characteristics
* Installs itself in the registry
Troj/Agent-LTK is a Trojan for the Windows platform.
Troj/Agent-LTK includes functionality to:
- run automatically
- create files in the <WINDOWS>\system32 folder
- access the internet and communicate with a remote server via HTTP
Troj/Agent-LTK communicates via HTTP with the following locations:
qyf28xd841c . com
Troj/Agent-LTK copies itself to:
<User>\photo_id.exe
<System>\photo_id.exe
The following registry entry is created to run photo_id.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
photo_id
<System>\photo_id.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentltk.html?_log_from=rss
Troj/Agent-LTJ
by Marianna Schmudlach - 11/11/09 8:00 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Troj/Agent-LTJ is a Trojan for the Windows platform.
Troj/Agent-LTJ includes functionality to:
- run automatically
- copy itself to the <WINDOWS>\system32 folder
- create files in the <WINDOWS>\system32 folder
When Troj/Agent-LTJ is installed the following files are created:
<System>\lowsec\local.ds
<System>\lowsec\user.ds
<System>\sdra64.exe,which is also detected as Troj/Agent-LTJ
The following registry entry is changed to run sdra64.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\sdra64.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentltj.html?_log_from=rss
W32.Gosys
by Marianna Schmudlach - 11/11/09 8:03 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Discovered: November 11, 2009
Updated: November 11, 2009 2:47:39 PM
Type: Worm
Infection Length: 192,533 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
W32.Gosys is a worm that spreads through network shares. It also opens a back door on the compromised computer.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-111112-3448-99
Other:W32/False Positive
by Marianna Schmudlach - 11/11/09 8:05 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Name : Other:W32/False Positive
Category: Malware
Type: Other
Platform: W32
Summary
A malicious program which does not easily fit into any other malware category.
Additional Details
When a legitimate file is incorrectly detected as infected by an antivirus product, it is called a "false positive" or a "false alarm". False positives sometimes occur in every antivirus product because of the complexity of present-day malware and file compression/ protection utilities that are used on both malware and legitimate software.
If you encounter a false positive, please submit a sample of it for testing and verification, specifying that you are submitting a false positive. Any additional information such as the origin of the file, scanning report file, and false positive detection name will help to resolve the issue more quickly.
http://www.f-secure.com/v-descs/other_w32_false_positive.shtml
Generic PUP.x!034a7dd67222
by Marianna Schmudlach - 11/11/09 8:06 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Type
Program
SubType
-
Discovery Date
11/11/2009
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
File Property Property Value
FileName 034a7d~1.exe
McAfee Artemis Artemis!034a7dd67222
McAfee Detection Generic PUP.x
Length 24,064 bytes
CRC FFF140C8
MD5 034A7DD67222F24F26DFD87CE25A40EA
SHA1 E449F7BE99D5BE75CE994B4A98806C4339FEDF5F
Other Common Detection Aliases
Company Name Detection Name
AVG (GriSoft) patched_c.abo
Avira TR/Crypt.FKM.Gen
BitDefender DeepScan:Generic.Malware.SYd!.688BAAAB
eSafe (Alladin) suspicious Trojan/Worm [101]
Eset ~NEW_VIRUS
FortiNet Misc/PUP
F-Prot W32/Downldr2.HGME
Kaspersky Trojan-Dropper.Win32.VB.adrl
microsoft TrojanDownloader:Win32/VB.XQ
rising Trojan.DL.Win32.VB.gdd
Sophos Mal/Behav-160
Symantec Trojan Horse
Trend Micro TROJ_Gen.4X0244
vba32 Trojan-Downloader.Win32.Agent.bexi
AvertŪ Labs has observed the following system activities:
http://vil.nai.com/vil/content/v_241493.htm
Generic BackDoor!bdm
by Marianna Schmudlach - 11/11/09 8:07 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Type
Trojan
Overview -
This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
File Properties
File Name : Xp.exe
Size : 66,048 bytes
MD5 : 0709C498C40B4987B0E181B00274C7B6
SHA1 : 45D3C1023A160B2F7D07CF5A508756C391985752
Aliases
Kaspersky :Trojan.Win32.Dialer.ext
Ikarus :Trojan.Win32.Dialer
Ahnlab :Win-Trojan/Downloader.48640.AI
Sophos :Mal/EncPk-
Characteristics
Characteristics -
System Changes
It enables backdoor functionalities by connecting to a remote site and performing actions as programmed by a remote attacker.
The following folders have been added to the system:
* %SystemDrive%\DATA
* %SystemDrive%\DATA\SYSTEM
The following files have been added to the system:
http://vil.nai.com/vil/content/v_240032.htm
W32/Autorun.worm.h
by Marianna Schmudlach - 11/11/09 8:08 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Type
Virus
SubType
Worm
Overview -
This detection is for a worm that attempts to copy itself to the root of any accessible disk volumes. Additionally it attempts to place an Autorun.inf file on the root of the volume so that it is executed the next time the volume is mounted.
Characteristics
Characteristics -
-----Update november 11, 2009--------
File Information
o MD5 - Bc2f7c071c53fe8ec6441e8f745af802
o Size - 740352 bytes
This worm copies itself to a hidden folder called \RESTORE\k-1-3542-4232123213-7676767-8888886\ on drive C and connected external drives, and also creates an autorun.inf file on the external drives.
It adds the following registry entries.
o HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563} "StubPath"
o Type: REG_SZ
o Data: C:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
It drops the following files:
http://vil.nai.com/vil/content/v_142639.htm
Win32/Zbot.S
by Marianna Schmudlach - 11/11/09 8:10 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Date Published:
11 Nov 2009
Characteristics
Type : Trojan
Category : Win32
Description
This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.
This malware is being dissected by the CA Security Advisory Team - a detailed analysis will be available shortly.
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80226
Win32/Limdoor.A
by Marianna Schmudlach - 11/11/09 8:10 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Date Published:
11 Nov 2009
Type : Trojan
Category : Win32
Also known as: Trojan:Win32/Oficla.E (MS OneCare)
Description
This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.
This malware is being dissected by the CA Security Advisory Team - a detailed analysis will be available shortly.
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80225
W32/Voterai-K
by Marianna Schmudlach - 11/11/09 9:12 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
W32/Voterai-K is a worm for the Windows platform.
When first run W32/Voterai-K copies itself to the Windows system folder and creates the following files:
<Desktop>\Raila Odinga.gif
<Temp>\nsz2.tmp\System.dll
<Startup>\%ORIGFILENAME
W32/Voterai-D drops an image file on the Desktop and opens it. This file can be deleted safely.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32voteraik.html?_log_from=rss
W32/Autorun-AUN
by Marianna Schmudlach - 11/11/09 9:13 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Worm
Affected operating systems Windows
W32/Autorun-AUN is a worm for the Windows platform.
W32/Autorun-AUN includes functionality to:
- run automatically.
- access the internet and communicate with a remote server via HTTP
When first installed W32/Autorun-AUN copies itself to <Root>\recycler\S-1-5-21-8416390416-2724757324-296846001-1525\rundll32.exe
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Taskman
<Root>\RECYCLER\S-1-5-21-3396385956-3129618364-378792361-8163\rundll32.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunaun.html?_log_from=rss
Troj/SkimTrim-M
by Marianna Schmudlach - 11/11/09 9:14 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
Affected operating systems Windows
Characteristics
* Installs itself in the registry
Troj/SkimTrim-M is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojskimtrimm.html?_log_from=rss
Troj/ObfJS-R
by Marianna Schmudlach - 11/11/09 9:15 AM
In reply to: VIRUS \ SPYWARE ALERTS - November 11, 2009 by Marianna Schmudlach
Category
* Viruses and Spyware
Type
* Trojan
How it spreads
* Web browsing
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojobfjsr.html?_log_from=rss
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
