Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VIRUS \ Spyware ALERTS - October 9, 2008

by: Marianna Schmudlach October 8, 2008 10:03 PM PDT

Like this

0 people like this thread

Staff pick

VIRUS \ Spyware ALERTS - October 9, 2008

by Marianna Schmudlach - 10/8/08 10:03 PM

W32/Autorun-LE


Category Viruses and Spyware

Type Worm


W32/Autorun-LE drops the following files:
- <System>\explorer.dll - detected as Troj/SpyAT
- <System>\ms_tcp.dll - detected as Troj/Agent-HMB

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunle.html?_log_from=rss


Reply
Report offensive post
Email to friend

Troj/KeyGen-Gen

by Marianna Schmudlach - 10/8/08 10:05 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojkeygengen.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/FakeAV-EN

by Marianna Schmudlach - 10/8/08 10:06 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeaven.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Dloadr-BVE

by Marianna Schmudlach - 10/8/08 10:07 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbve.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Bdoor-AOL

by Marianna Schmudlach - 10/8/08 10:09 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdooraol.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWF

by Marianna Schmudlach - 10/8/08 10:16 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwf.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

W32/Autorun-LF

by Marianna Schmudlach - 10/9/08 7:58 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Worm

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlf.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWH

by Marianna Schmudlach - 10/9/08 7:59 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwh.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWG

by Marianna Schmudlach - 10/9/08 8:00 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwg.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Packed.Generic.189

by Marianna Schmudlach - 10/9/08 8:02 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Discovered: October 9, 2008
Updated: October 9, 2008 11:29:18 AM
Type: Trojan, Virus

Packed.Generic.189 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100911-0549-99


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Packed.Generic.190

by Marianna Schmudlach - 10/9/08 8:03 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Discovered: October 9, 2008
Updated: October 9, 2008 11:31:49 AM
Type: Trojan, Virus

Packed.Generic.190 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100911-1708-99


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

UI redress attacks (aka Clickjacking)

by Marianna Schmudlach - 10/9/08 9:26 AM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

9 October 2008

Recently there has been quite a bit of noise about attacks involving a technique dubbed Clickjacking. The tale starts back in September when a talk planned for the OWASP conference was pulled at the last minute, due to concerns about disclosing details of the attack [1, 2].

The combination of the cancelled talk and scant attack details was sufficient to pique the interest of many, and speculation over the last few weeks about how the attack worked has been rife [3,4,5]. Earlier this week, the cat escaped its bag - a proof of concept demonstration of the attack was released [6]. Since then, the original researchers have published full details [7,8].

So, exactly what is clickjacking? And what can you do to prevent being hit by it?

More: http://www.sophos.com/security/blog/2008/10/1850.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Pushdo-X

by Marianna Schmudlach - 10/9/08 1:01 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Troj/Pushdo-X is a Trojan for the Windows platform.

When Troj/Pushdo-X is installed it creates the file <System>\drivers\ati7xbxx.sys, which is detected as Troj/Pushu-Gen.

The file ati7xbxx.sys is registered as a new system driver service named "ati7xbxx". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\ati7xbxx
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Minimal\ati7xbxx.sys
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Network\ati7xbxx.sys
HKLM\SYSTEM\ControlSet002\Services\ati7xbxx

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpushdox.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Iframe-BC

by Marianna Schmudlach - 10/9/08 1:02 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebc.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Iframe-BB

by Marianna Schmudlach - 10/9/08 1:03 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebb.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Dloadr-BVG

by Marianna Schmudlach - 10/9/08 1:04 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Aliases VirTool:Win32/DelfInject.gen!AF

Category Viruses and Spyware

Type Trojan

Troj/Dloadr-BVG is a downloader Trojan for the Windows platform.

When first run Troj/Dloadr-BVG copies itself to <Windows>\service.exe with the hidden, system and read-only attributes set and creates the following registry entries to run service.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Messenger Service
service.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Messenger Service
service.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Messenger Service
service.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvg.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWN

by Marianna Schmudlach - 10/9/08 1:05 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwn.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWM

by Marianna Schmudlach - 10/9/08 1:07 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwm.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWL

by Marianna Schmudlach - 10/9/08 1:08 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Troj/Agent-HWL is a Trojan for the Windows platform.

When first run Troj/Agent-HWL copies itself to <System>\qq.exe and creates the file <Root>\bot.txt.

The file QQ.exe is registered as a new system driver service named "windows XP", with a display name of "windows XP" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\windows XP

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwl.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWK

by Marianna Schmudlach - 10/9/08 1:09 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwk.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Troj/Agent-HWJ

by Marianna Schmudlach - 10/9/08 1:10 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwj.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Mal/FakeAV-I

by Marianna Schmudlach - 10/9/08 1:11 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeavi.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Adzgalore

by Marianna Schmudlach - 10/9/08 1:42 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Category Adware or PUA

Type Adware

Adzgalore is an adware plugin for Microsoft Internet Explorer.

When the application is installed the following files are created:

<System>\cont_adzgalore-remove.exe
<System>\nsxB.dll

The file nsxB.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}
HKCR\CLSID\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore

Adzgalore provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Contextual Tool Adzgalore".

http://www.sophos.com/security/analyses/adware-and-puas/adzgalore.html?_log_from=rss


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Trojan-Downloader:W32/Tibs.VX

by Marianna Schmudlach - 10/9/08 1:54 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Detection Names : Trojan-Downloader:W32/Tibs.VX
Trojan-Downloader.Win32.Agent.ajbg

Aliases : TrojanDownloader:Win32/Tibs (Microsoft)

Size: 14336
Type: Trojan-Downloader
Category: Malware
Platform: W32

Summary
This malware downloads files into the system and executes them.

http://www.f-secure.com/v-descs/trojan-downloader_w32_tibs_vx.shtml


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

W32.Bluven

by Marianna Schmudlach - 10/9/08 4:29 PM

In Reply to: VIRUS \ Spyware ALERTS - October 9, 2008 by Marianna Schmudlach

Discovered: October 9, 2008
Updated: October 9, 2008 6:41:07 PM
Type: Virus

W32.Bluven is a worm that infects all document files on the compromised computer and attempts to spread through removable devices.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-100917-1214-99


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close