MWBLOG.ORG

Virus Malware and Threat News for 20081129

Bloodhound.PDF.1

- Bloodhound.PDF.1 at Norton Symantec

Bloodhound.PDF.1 is a heuristic detection for reporting PDF files that contain JavaScript that may have been
obfuscated or encrypted to conceal it from antivirus software.
...

W32.Delezium!inf

- W32.Delezium!inf at Norton Symantec

W32.Delezium!inf is a detection for files infected by W32.Delezium.
...

W32.Delezium

- W32.Delezium at Norton Symantec

W32.Delezium is a virus that infects executable files and deletes certain files on the compromised computer.
...

Troj/Dloadr-CBF

- Troj/Dloadr-CBF at Sophos

Troj/Dloadr-CBF is a Trojan for the Windows platform. Troj/Dloadr-CBF
contacts malicious websites and may attempt to download additional malware detected as Mal/Behav-300.
Troj/Dloadr-CBF sets the following registry entry to run on startup
HKCU\So...

Troj/Dloadr-CBG

- Troj/Dloadr-CBG at Sophos

...

Troj/Renos-BQ

- Troj/Renos-BQ at Sophos

Troj/Renos-BQ is a downloader Trojan for the Windows platform.
...

Troj/Renos-BR

- Troj/Renos-BR at Sophos

Troj/Renos-BR is a downloader Trojan for the Windows platform.
...

Troj/Renos-BS

- Troj/Renos-BS at Sophos

Troj/Renos-BS is a downloader Trojan for the Windows platform.
...

Troj/Renos-BT

- Troj/Renos-BT at Sophos

Troj/Renos-BT is a downloader Trojan for the Windows platform.
Troj/Renos-BT is a DLL which is typically installed as a Browser Helper Object (BHO) for Microsoft Internet
Explorer....

Mal/ObfJS-AJ

- Mal/ObfJS-AJ at Sophos

Mal/ObfJS-AJ is a script obfuscated in a manner typical of malware.
...

Troj/Agent-IJJ

- Troj/Agent-IJJ at Sophos

Troj/Agent-IJJ is a Trojan for the Windows platform. When first run
Troj/Agent-IJJ copies itself to <Windows>\msauc.exe and creates the file <System>\shell31.dll.
This is a text file and can be safely deleted. The following registry entry is created
to run msauc.ex...

Troj/FakeVir-HV

- Troj/FakeVir-HV at Sophos

...

Troj/Agent-IJN

- Troj/Agent-IJN at Sophos

...

Troj/Agent-IJM

- Troj/Agent-IJM at Sophos

...

Troj/FakeAV-HC

- Troj/FakeAV-HC at Sophos

...

Troj/KeySteal-A

- Troj/KeySteal-A at Sophos

Troj/KeySteal-A obtains keys related to the game Call of Duty 5 from the registry and posts them
to a remote site from where they are retailed to buyers illegally.
...

W32/IRCbot-ADE

- W32/IRCbot-ADE at Sophos

W32/IRCbot-ADE is a worm with IRC backdoor functionality for the Windows platform.
W32/IRCbot-ADE runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/I...

Troj/Agent-IJK

- Troj/Agent-IJK at Sophos

...

Troj/Agent-IJL

- Troj/Agent-IJL at Sophos

...

Troj/Dloadr-CBH

- Troj/Dloadr-CBH at Sophos

...

0 writebacks [11/30/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081128

Worm:W32/Autorun.KK

- Worm:W32/Autorun.KK at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

Worm:W32/AutoIt.Q

- Worm:W32/AutoIt.Q at F-Secure

This malware spreads by copying itself to removable devices and replacing the autorun.inf of the device with
its own copy to ensure automatic execution.
...

Nakhatar.A

- Nakhatar.A at Panda

It carries out several modifications in the Windows Registry, which prevent the computer from working
properly. It disables several options such as the Task Manager and the Folder Options, among others. It
spreads making copies of itself in all the available system drives.
...

Mal/VidHtml-F

- Mal/VidHtml-F at Sophos

Mal/VidHtml-F is a malicious script that attempts to redirect to a malicious executable file.
The script is often found in a page pretending to be YouTube or another video site. The
malicious executable often pretends to be related to a video codec or a Flash update.
...

Troj/Dialer-FW

- Troj/Dialer-FW at Sophos

...

Troj/PSW-GA

- Troj/PSW-GA at Sophos

...

W32/Insom-A

- W32/Insom-A at Sophos

...

W32/Jeff-A

- W32/Jeff-A at Sophos

W32/Jeff-A may overwite file data during infection. As a result, some files may not be recoverable.
...

Mal/Trakil-A

- Mal/Trakil-A at Sophos

...

Mal/VidHtml-A

- Mal/VidHtml-A at Sophos

Mal/VidHtml-A is a malicious script that attempts to redirect to a malicious executable file.
The script is often found in a page pretending to be YouTube or another video site. The
malicious executable often pretends to be related to a video codec or a Flash update.
...

Mal/WnSpyProt-A

- Mal/WnSpyProt-A at Sophos

Mal/WnSpyProt-A is a family of fake Anti-Virus programs.
...

Troj/BDoor-Gen

- Troj/BDoor-Gen at Sophos

...

Bloodhound.PDF.1

W32.Delezium!inf

- W32.Delezium!inf at Norton Symantec

W32.Delezium!inf is a detection for files infected by W32.Delezium.
...

W32.Delezium

- W32.Delezium at Norton Symantec

W32.Delezium is a virus that infects executable files and deletes certain files on the compromised computer.
...

Troj/Dloadr-CBF

Troj/Dloadr-CBG

- Troj/Dloadr-CBG at Sophos

...

Troj/Renos-BQ

- Troj/Renos-BQ at Sophos

Troj/Renos-BQ is a downloader Trojan for the Windows platform.
...

Troj/Renos-BR

- Troj/Renos-BR at Sophos

Troj/Renos-BR is a downloader Trojan for the Windows platform.
...

Troj/Renos-BS

- Troj/Renos-BS at Sophos

Troj/Renos-BS is a downloader Trojan for the Windows platform.
...

Troj/Renos-BT

Mal/ObfJS-AJ

- Mal/ObfJS-AJ at Sophos

Mal/ObfJS-AJ is a script obfuscated in a manner typical of malware.
...

Troj/Agent-IJJ

0 writebacks [11/29/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081127

Rogue:W32/VirusRemover2008.C

- Rogue:W32/VirusRemover2008.C at F-Secure

'Rogue' software is an antivirus or antispyware program that tricks users into buying or installing it,
usually by infecting a user's computer, or by pretending the computer is infected.
...

Worm:W32/Downadup.A

- Worm:W32/Downadup.A at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

Trojan-Downloader:OSX/Jahlev.A

- Trojan-Downloader:OSX/Jahlev.A at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Adware.OneStep

- Adware.OneStep at Norton Symantec

BehaviorAdware.OneStep is a security risk that installs itself as a browser search plug-in.
...

Packed.Generic.199

- Packed.Generic.199 at Norton Symantec

Packed.Generic.199 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.198

- Packed.Generic.198 at Norton Symantec

Packed.Generic.198 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.197

- Packed.Generic.197 at Norton Symantec

Packed.Generic.197 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

W32/Conficker.worm

- W32/Conficker.worm at McAfee

When executed, the worm copies itself using a random name to the %Sysdir% folder.(Where %Sysdir% is the
Windows system folder; e.g. C:\Windows\System32)It modifies the following registry key to create a
randomly-named service on the affected syetem:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\"Service...

Conficker.B

- Conficker.B at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download the rogue antimalware detected as Adware/Antivirus2009.
...

BankoLimb.BW

- BankoLimb.BW at Panda

It is designed to steal users' banking data related to a certain British banking entity. When they access the
website of this bank, the Trojan adds extra fields to the legitimate website and logs the
information entered. It does not spread automatically using its own means.
...

Mal/BckDr-A

- Mal/BckDr-A at Sophos

...

Mal/Seimon-A

- Mal/Seimon-A at Sophos

...

Troj/Agent-IIV

- Troj/Agent-IIV at Sophos

...

Troj/Agent-IIW

- Troj/Agent-IIW at Sophos

...

Troj/Dloadr-CAZ

- Troj/Dloadr-CAZ at Sophos

...

Troj/FakeMD5-A

- Troj/FakeMD5-A at Sophos

...

Troj/NtRootK-ED

- Troj/NtRootK-ED at Sophos

...

Troj/Zlob-Gen

- Troj/Zlob-Gen at Sophos

Troj/Zlob-Gen detects members of the Zlob family of Trojan downloaders.The Troj/Zlob-Gen family of Trojans
usually attempt to stealth themselves by injecting themselves into another system process or by registering
themselves as a service process.The typical Troj/Zlob-Gen Trojan may create folders in the <System>
folder and sto...

W32/Autorun-QP

- W32/Autorun-QP at Sophos

W32/Autorun-QP is a worm for the Windows platform. W32/Autorun-QP copies
itself to the <SYSTEM> folder and sets a registry entry to run on startup.
W32/Autorun-QP copies itself to removable storage devices when inserted into the computer and creates an
autorun.inf file...

Worm:W32/Autorun.KK

Worm:W32/AutoIt.Q

- Worm:W32/AutoIt.Q at F-Secure

This malware spreads by copying itself to removable devices and replacing the autorun.inf of the device with
its own copy to ensure automatic execution.
...

Nakhatar.A

Mal/VidHtml-F

Troj/Dialer-FW

- Troj/Dialer-FW at Sophos

...

Troj/PSW-GA

- Troj/PSW-GA at Sophos

...

W32/Insom-A

- W32/Insom-A at Sophos

...

W32/Jeff-A

- W32/Jeff-A at Sophos

W32/Jeff-A may overwite file data during infection. As a result, some files may not be recoverable.
...

Mal/Trakil-A

- Mal/Trakil-A at Sophos

...

Mal/VidHtml-A

Mal/WnSpyProt-A

- Mal/WnSpyProt-A at Sophos

Mal/WnSpyProt-A is a family of fake Anti-Virus programs.
...

Troj/BDoor-Gen

- Troj/BDoor-Gen at Sophos

...

0 writebacks [11/28/2008 06:02] [] permanent link

Virus Malware and Threat News for 20081126

Worm:W32/Autorun.KD

- Worm:W32/Autorun.KD at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

AntiSpywareGuard

- AntiSpywareGuard at Norton Symantec

BehaviorAntiSpywareGuard is a misleading application that may give exaggerated reports of threats on the
computer....

W32.Ransom.A

- W32.Ransom.A at Norton Symantec

W32.Ransom.A is a worm that spreads by copying itself to fixed drives and network shares.
...

WORM_NETWORM.C

- WORM_NETWORM.C at Trend Micro

This worm may be downloaded from remote Web sites by other malware. It may also be dropped by other malware or
arrive via network shares.When executed, it creates registry entries to enable its automatic execution at
every system startup. It searches the network for certain shares, into which it attempts to drop copies of
itself.It a...

WORM_DOWNAD.A

- WORM_DOWNAD.A at Trend Micro

This .DLL worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It
may also arrive bundled with malware packages as a malware component.It is a file stored in the Windows system
folder and is capable of exporting functions used by other malware.Once executed, it connects to certain Web
sites t...

Spammer.AKE

- Spammer.AKE at Panda

It sends spam messages related to the subjects of friendship and love. These messages, which are in Portuguese,
contain a link from which a copy of itself is downloaded.
...

Troj/Dloadr-CAV

- Troj/Dloadr-CAV at Sophos

...

Troj/PDFEx-AH

- Troj/PDFEx-AH at Sophos

...

W32/Confick-A

- W32/Confick-A at Sophos

...

W32/IRCBot-ADD

- W32/IRCBot-ADD at Sophos

W32/IRCBot-ADD is a worm for the Windows platform. W32/IRCBot-ADD speads by
copying itself to network shares and removable drives. W32/IRCBot-ADD copies itself to
the following location on removable drives: \RECYCLER\<user folder>\recycle.exe
...

W32/Sdbot-DNL

- W32/Sdbot-DNL at Sophos

W32/Sdbot-DNL is a Trojan for the Windows platform. W32/Sdbot-DNL runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. W32/Sdbot-DNL is installed the following
files are c...

Mal/Emogen-K

- Mal/Emogen-K at Sophos

Mal/Emogen-K is a malicious program for the Windows platform. Detection
for members of Mal/Emogen-K is behavior based. It is extremely important that customers report detections of
Mal/Emogen-K to Sophos and send a sample for analysis.
...

Mal/Emogen-M

- Mal/Emogen-M at Sophos

Mal/Emogen-M is a malicious program for the Windows platform. Detection
for members of Mal/Emogen-M is behavior based. It is extremely important that customers report detections of
Mal/Emogen-M to Sophos and send a sample for analysis.
...

Mal/Heuri-D

- Mal/Heuri-D at Sophos

...

Rogue:W32/VirusRemover2008.C

Worm:W32/Downadup.A

Trojan-Downloader:OSX/Jahlev.A

- Trojan-Downloader:OSX/Jahlev.A at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Adware.OneStep

- Adware.OneStep at Norton Symantec

BehaviorAdware.OneStep is a security risk that installs itself as a browser search plug-in.
...

Packed.Generic.199

- Packed.Generic.199 at Norton Symantec

Packed.Generic.199 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.198

- Packed.Generic.198 at Norton Symantec

Packed.Generic.198 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.197

- Packed.Generic.197 at Norton Symantec

Packed.Generic.197 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

W32/Conficker.worm

Conficker.B

- Conficker.B at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download the rogue antimalware detected as Adware/Antivirus2009.
...

BankoLimb.BW

Mal/BckDr-A

- Mal/BckDr-A at Sophos

...

Mal/Seimon-A

- Mal/Seimon-A at Sophos

...

Troj/Agent-IIV

- Troj/Agent-IIV at Sophos

...

Troj/Agent-IIW

- Troj/Agent-IIW at Sophos

...

Troj/Dloadr-CAZ

- Troj/Dloadr-CAZ at Sophos

...

Troj/FakeMD5-A

- Troj/FakeMD5-A at Sophos

...

Troj/NtRootK-ED

- Troj/NtRootK-ED at Sophos

...

Troj/Zlob-Gen

W32/Autorun-QP

0 writebacks [11/27/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081125

BackDoor-DTA

- BackDoor-DTA at McAfee

BackDoor-DTA trojan provides remote access capabilities to an attacker by opening a backdoor on the
compromised machine.When run, the trojan installs itself in the following path:
%Windir%\System32\startup\svchost.exe(Where %Windir% is the Windows installation folder, e.g. C:\Windows or C:
\WINNT)The following registry keys are added w...

Mal/FakeAle-KC

- Mal/FakeAle-KC at Sophos

Mal/FakeAle-KC is associated with rogue security applications.
...

Troj/Agent-IIM

- Troj/Agent-IIM at Sophos

...

Troj/Agent-IIN

- Troj/Agent-IIN at Sophos

...

Troj/Agent-IIO

- Troj/Agent-IIO at Sophos

Troj/Agent-IIO is a Trojan for the Windows platform. Troj/Agent-IIO includes functionality to
inject code into processes.
...

Troj/DwnLdr-HKW

- Troj/DwnLdr-HKW at Sophos

Troj/DwnLdr-HKW is a downloader Trojan for the Windows platform.
...

Troj/FakeAle-KC

- Troj/FakeAle-KC at Sophos

Troj/FakeAle-KC is a Trojan for the Windows platform. Troj/FakeAle-KC
creates and installs Mal/FakeAle-KC in the folder <PROGRAM
FILES>\AntiSpywareGuard Troj/FakeAle-KC sets the following registry entry to run on
startup HK...

Troj/Psyme-KG

- Troj/Psyme-KG at Sophos

Troj/Psyme-KG is a malicious script embedded in web pages that attempts to exploit browser
vulnerabilities in order to download and run other malware.
...

Troj/Rootkit-EG

- Troj/Rootkit-EG at Sophos

Troj/Rootkit-EG intercepts network traffic to and from the computer.
Troj/Rootkit-EG copies itself to <System>\userinit.exe. It renames the original userinit.exe to stu2.exe.
...

Troj/Winical-A

- Troj/Winical-A at Sophos

Troj/Winical-A is a Trojan for the Windows platform.
...

Worm:W32/Autorun.KD

AntiSpywareGuard

- AntiSpywareGuard at Norton Symantec

BehaviorAntiSpywareGuard is a misleading application that may give exaggerated reports of threats on the
computer....

W32.Ransom.A

- W32.Ransom.A at Norton Symantec

W32.Ransom.A is a worm that spreads by copying itself to fixed drives and network shares.
...

WORM_NETWORM.C

WORM_DOWNAD.A

Spammer.AKE

- Spammer.AKE at Panda

It sends spam messages related to the subjects of friendship and love. These messages, which are in Portuguese,
contain a link from which a copy of itself is downloaded.
...

Troj/Dloadr-CAV

- Troj/Dloadr-CAV at Sophos

...

Troj/PDFEx-AH

- Troj/PDFEx-AH at Sophos

...

W32/Confick-A

- W32/Confick-A at Sophos

...

W32/IRCBot-ADD

W32/Sdbot-DNL

Mal/Emogen-K

Mal/Emogen-M

Mal/Heuri-D

- Mal/Heuri-D at Sophos

...

0 writebacks [11/26/2008 05:47] [] permanent link

Virus Malware and Threat News for 20081124

Mal/PWSBank-A

- Mal/PWSBank-A at Sophos

...

Mal/ZipMal-B

- Mal/ZipMal-B at Sophos

...

Troj/Buzus-Z

- Troj/Buzus-Z at Sophos

...

Troj/Dropr-AM

- Troj/Dropr-AM at Sophos

...

Troj/FakeVir-HQ

- Troj/FakeVir-HQ at Sophos

...

Troj/Zbot-BA

- Troj/Zbot-BA at Sophos

...

Troj/Zlob-APY

- Troj/Zlob-APY at Sophos

...

W32/AutoRun-QD

- W32/AutoRun-QD at Sophos

W32/AutoRun-QD is a worm for the Windows platform.
...

Troj/Proxy-IU

- Troj/Proxy-IU at Sophos

...

BackDoor-DTA

Mal/FakeAle-KC

- Mal/FakeAle-KC at Sophos

Mal/FakeAle-KC is associated with rogue security applications.
...

Troj/Agent-IIM

- Troj/Agent-IIM at Sophos

...

Troj/Agent-IIN

- Troj/Agent-IIN at Sophos

...

Troj/Agent-IIO

- Troj/Agent-IIO at Sophos

Troj/Agent-IIO is a Trojan for the Windows platform. Troj/Agent-IIO includes functionality to
inject code into processes.
...

Troj/DwnLdr-HKW

- Troj/DwnLdr-HKW at Sophos

Troj/DwnLdr-HKW is a downloader Trojan for the Windows platform.
...

Troj/FakeAle-KC

Troj/Psyme-KG

- Troj/Psyme-KG at Sophos

Troj/Psyme-KG is a malicious script embedded in web pages that attempts to exploit browser
vulnerabilities in order to download and run other malware.
...

Troj/Rootkit-EG

Troj/Winical-A

- Troj/Winical-A at Sophos

Troj/Winical-A is a Trojan for the Windows platform.
...

0 writebacks [11/25/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081123

Mal/PWSBank-A

- Mal/PWSBank-A at Sophos

...

Mal/ZipMal-B

- Mal/ZipMal-B at Sophos

...

Troj/Buzus-Z

- Troj/Buzus-Z at Sophos

...

Troj/Dropr-AM

- Troj/Dropr-AM at Sophos

...

Troj/FakeVir-HQ

- Troj/FakeVir-HQ at Sophos

...

Troj/Zbot-BA

- Troj/Zbot-BA at Sophos

...

Troj/Zlob-APY

- Troj/Zlob-APY at Sophos

...

W32/AutoRun-QD

- W32/AutoRun-QD at Sophos

W32/AutoRun-QD is a worm for the Windows platform.
...

Troj/Proxy-IU

- Troj/Proxy-IU at Sophos

...

0 writebacks [11/24/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081122

Troj/Dload-EM

- Troj/Dload-EM at Sophos

...

Troj/Dload-EN

- Troj/Dload-EN at Sophos

...

Troj/Tibs-UY

- Troj/Tibs-UY at Sophos

...

Troj/Inject-DF

- Troj/Inject-DF at Sophos

...

Troj/PDFJs-G

- Troj/PDFJs-G at Sophos

...

W32/Autorun-QC

- W32/Autorun-QC at Sophos

W32/Autorun-QC is a worm for the Windows platform. When W32/Autorun-QC is
installed it creates the files <Temp>\tmp1.tmp and <Temp>\tmp2.tmp. The
file tmp1.tmp is detected as Mal/AdvPatch-A and the file tmp2.tmp is detected as Troj/AdvHack-A.
...

Troj/Agent-IIE

- Troj/Agent-IIE at Sophos

...

Troj/Dloadr-CAQ

- Troj/Dloadr-CAQ at Sophos

...

Troj/Nebuler-S

- Troj/Nebuler-S at Sophos

Troj/Nebuler-S is a Trojan for the Windows platform. Troj/Nebuler-S
includes the ability to access the internet and communicate with a remote server via HTTP.
When Troj/Nebuler-S is installed the following files are created: <Temp>\twe1.
bat ...

0 writebacks [11/23/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081121

Trojan:W32/Feedel

- Trojan:W32/Feedel at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

W32.Downadup

- W32.Downadup at Norton Symantec

W32.Downadup is a worm that may spread by exploiting a vulnerability.
...

Mal/Behav-104

- Mal/Behav-104 at Sophos

Mal/Behav-104 is a malicious program.
...

Mal/EncPk-AP

- Mal/EncPk-AP at Sophos

Mal/EncPk-AI is a program that has been packed with a protection system typically used by malware
authors. ...

Mal/Sramler-A

- Mal/Sramler-A at Sophos

Mal/Sramler-A is a program that drops and executes other malware.
...

Troj/Dloadr-CAP

- Troj/Dloadr-CAP at Sophos

...

Troj/FakeAle-KB

- Troj/FakeAle-KB at Sophos

Troj/FakeAle-KB is a Trojan for the Windows platform. Troj/FakeAle-KB is a
rogue security application that displays false warnings to trick the user into purchasing further software.
...

Troj/PDFex-AG

- Troj/PDFex-AG at Sophos

...

Troj/VB-EBT

- Troj/VB-EBT at Sophos

...

Troj/Agent-IHY

- Troj/Agent-IHY at Sophos

...

Troj/Agent-IID

- Troj/Agent-IID at Sophos

...

Troj/Corefloo-O

- Troj/Corefloo-O at Sophos

...

0 writebacks [11/22/2008 05:47] [] permanent link

Virus Malware and Threat News for 20081120

Packed.Generic.201

- Packed.Generic.201 at Norton Symantec

Packed.Generic.201 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

generic pws.y!badb4c88

- generic pws.y!badb4c88 at McAfee

...

Mal/EncPk-GB

- Mal/EncPk-GB at Sophos

Mal/EncPk-GB is a program that has been packed with a protection system typically used by malware
authors. ...

Mal/ObfJS-BN

- Mal/ObfJS-BN at Sophos

Mal/ObfJS-BN is an obfuscated malicious JavaScript within a web page.
...

Mal/Rootkit-F

- Mal/Rootkit-F at Sophos

...

Mal/Zlob-AB

- Mal/Zlob-AB at Sophos

...

Troj/Agent-IHQ

- Troj/Agent-IHQ at Sophos

...

Troj/BrowPick-A

- Troj/BrowPick-A at Sophos

Troj/BrowPick-A is a malicious script that loads other malware based on the browser version.
...

Troj/Clicker-FD

- Troj/Clicker-FD at Sophos

...

Troj/Dldr-R

- Troj/Dldr-R at Sophos

...

Troj/FakeVir-GN

- Troj/FakeVir-GN at Sophos

...

Troj/PWSBJ-Gen

- Troj/PWSBJ-Gen at Sophos

...

0 writebacks [11/21/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081119

Spyware.CompuSpy

- Spyware.CompuSpy at Norton Symantec

BehaviorSpyware.CompuSpy is a spyware program that attempts to record keystrokes on the computer.
...

Auraax.C

- Auraax.C at Panda

Its main objective is to spread and affect as many computers as possible. In order to do so, it creates copies
of itself in all the available system drives.
...

Mal/VidHtml-B

- Mal/VidHtml-B at Sophos

Mal/VidHtml-B is a malicious script that attempts to redirect to a malicious executable file.
The script is often found in a page pretending to be YouTube or another video site. The
malicious executable often pretends to be related to a video codec or a Flash update.
...

Mal/VidHtml-C

- Mal/VidHtml-C at Sophos

Mal/VidHtml-C is a malicious script that attempts to redirect to a malicious executable file.
The script is often found in a page pretending to be YouTube or another video site. The
malicious executable often pretends to be related to a video codec or a Flash update.
...

Troj/Agent-IHM

- Troj/Agent-IHM at Sophos

...

Troj/Bdoor-AQS

- Troj/Bdoor-AQS at Sophos

Troj/Bdoor-AQS is a backdoor Trojan for the Windows platform, known to be delivered via an
exploited Microsoft Excel file. When first run, the main component of Troj/Bdoor-AQS
creates the following file: C:\WINDOWS\System32 microres.dll
This f...

Troj/CryptBox-A

- Troj/CryptBox-A at Sophos

Troj/CryptBox-A is a Trojan for the Windows platform. When run
Troj/CryptBox-A will decrypt and inject other components stored in the resource section.
...

W32/MyDoom-BY

- W32/MyDoom-BY at Sophos

W32/MyDoom-BY is a mail virus for win32 platform. Sets/modifies keys:
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
"C:\\WINDOWS\\system32\\msmg.exe"="C:\\WINDOWS\\system32\\msmg.exe:*:En...

Troj/Agent-IHH

- Troj/Agent-IHH at Sophos

...

Troj/Vapsup-AD

- Troj/Vapsup-AD at Sophos

Troj/Vapsup-AD is a plugin for Microsoft Internet Explorer, installed by Trojans in the Troj/Zlob-
family. Troj/Vapsup-AD is a DLL which is typically installed to the Windows system
folder. Troj/Vapsup-AD is registered as a COM object, creating registry entries under:
...

W32/Allaple-D

- W32/Allaple-D at Sophos

...

W32/Autorun-PP

- W32/Autorun-PP at Sophos

...

0 writebacks [11/20/2008 05:43] [] permanent link

Virus Malware and Threat News for 20081118

W32.Redlofs

- W32.Redlofs at Norton Symantec

W32.Redlofs is a worm that spreads by copying itself to the fixed, mapped and removable drives.
...

FakeAlert-BF.dr

- FakeAlert-BF.dr at McAfee

[random filename].exe on execution creates temporary files in the %TEMP% which are later deleted. It creates a
folder �Rapid Antivirus� and drops two executables at the following location(s):%PROGRAMFILES%\Rapid
Antivirus\[random filename].exe%PROGRAMFILES%\Rapid Antivirus\loader[random filename].exe<RANDOM
filename>.exe laun...

QHosts-113

- QHosts-113 at McAfee

Upon execution the Trojan modifies the hosts file at the location%System%\ drivers\etc\hostsWhere = %System%\
= C:\WINDOWS\system32The modified hosts file will contain a list of URLs redirected to local host IP 127.0.0.
1Often this is used to redirect the victims browsing to a specific website and prevent users from downloading
update...

Banbra.GDB

- Banbra.GDB at Panda

It steals confidential information related to a certain banking entity from Brazil. It uses several
messages to spread: one seems to come from the the computer crimes investigation unit and the other uses the
subject of friendship.
...

Wow.VM

- Wow.VM at Panda

It steals confidential information related to a certain online games such as World of Warcraft. It reaches the
computer in a file that, when it is run, displays a picture of a girl with Asian features.
...

W32/Rbot-GXF

- W32/Rbot-GXF at Sophos

W32/Rbot-GXF is a network worm for the Windows platform.
...

Mal/Bofang-A

- Mal/Bofang-A at Sophos

...

Mal/Refpron-A

- Mal/Refpron-A at Sophos

...

Troj/BHO-IG

- Troj/BHO-IG at Sophos

...

Troj/CoreFloo-N

- Troj/CoreFloo-N at Sophos

...

W32/Autorun-PH

- W32/Autorun-PH at Sophos

...

W32/Chir-B

- W32/Chir-B at Sophos

W32/Chir-B is an email worm, an EXE file infector and an HTM/HTML file infector.The worm component of the
virus attempts to spread via email by sendingitself to email addresses found in the Windows address book, plus
addressfound in files matching:*.ADC*R.DB*.DOC*.XLSThe email will have the following characteristics:From:
<usernam...

Troj/Agent-IHG

- Troj/Agent-IHG at Sophos

...

Troj/Dloadr-CAF

- Troj/Dloadr-CAF at Sophos

...

Troj/FakeAV-GT

- Troj/FakeAV-GT at Sophos

...

0 writebacks [11/19/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081117

Rscan

- Rscan at McAfee

Upon execution Rscan.gen launches an internet explorer process with a parameter that attempts to take
advantage of un-patched versions of iexplore.exe resulting in possible further exploitation of the browser for
purposes of downloading additional malware.The presence of the following registry keys have been observed in
association w...

TROJ_PIDIEF.DE

- TROJ_PIDIEF.DE at Trend Micro

This Trojan can be downloaded from malicious Web sites.This is Trend Micro detection for specially-crafted PDF
file that exploits a known vulnerability in Adobe Reader versions 8.1.2 and earlier. This vulnerability may
cause the said application to crash and may also allow a remote malicious user to take control over an
affected syst...

Ecran.A

- Ecran.A at Panda

It is designed to prevent the websites using Visual Basic Script from working properly. It does not spread
automatically by its own means.
...

Troj/Agent-IGY

- Troj/Agent-IGY at Sophos

...

Troj/Buzus-Y

- Troj/Buzus-Y at Sophos

...

Troj/Dloadr-CAA

- Troj/Dloadr-CAA at Sophos

...

Troj/FakeVir-HN

- Troj/FakeVir-HN at Sophos

...

Troj/Dloadr-BZX

- Troj/Dloadr-BZX at Sophos

Troj/Dloadr-BZX is a Trojan for the Windows platform. Troj/Dloadr-BZX
downloads and installs malware detected as Mal/FakeAV-I.
...

Troj/Dloadr-BZY

- Troj/Dloadr-BZY at Sophos

Troj/Dloadr-BZY is a Trojan for the Windows platform. When first run,
Troj/Dloadr-BZY creates the following files: <Windows>\wiaserviv.log
<System>\msansspc.dll The file msansspc.dll is detected as Troj/Dloadr-BZY. The
other file i...

Troj/Dloadr-BZZ

- Troj/Dloadr-BZZ at Sophos

...

Troj/Rustok-L

- Troj/Rustok-L at Sophos

Troj/Rustok-L is a Trojan for the Windows platform. Troj/Rustok-L includes
functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Rustok-L is installed it creates the rootkit file <System>\drivers\<random>.sys.
...

W32/Autorun-PF

- W32/Autorun-PF at Sophos

W32/Autorun-PF copies itself to <System>\wntfy.exe. W32/Autorun-PF
drops the file <System>\kdll.exe which is detected as Mal/Dropper-W.
W32/Autorun-PF creates the registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Quernt ...

0 writebacks [11/18/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081116

Troj/Agent-IFY

- Troj/Agent-IFY at Sophos

...

Troj/Agent-IFZ

- Troj/Agent-IFZ at Sophos

...

Troj/Agent-IGR

- Troj/Agent-IGR at Sophos

...

Troj/FakeAV-GP

- Troj/FakeAV-GP at Sophos

...

W32/Autorun-PB

- W32/Autorun-PB at Sophos

...

Mal/TDSS-A

- Mal/TDSS-A at Sophos

Mal/TDSS-A is a program which exhibits characteristics unique to malware that typically drop a
rootkit driver in <System>\drivers\tdss<letters>.sys.
...

Troj/Banker-EOJ

- Troj/Banker-EOJ at Sophos

...

Troj/SkinTrim-E

- Troj/SkinTrim-E at Sophos

...

Troj/Banker-EOI

- Troj/Banker-EOI at Sophos

...

0 writebacks [11/17/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081115

Troj/BHO-IE

- Troj/BHO-IE at Sophos

...

Troj/Dloadr-BZT

- Troj/Dloadr-BZT at Sophos

...

Troj/Dloadr-BZU

- Troj/Dloadr-BZU at Sophos

...

Troj/Keylog-KW

- Troj/Keylog-KW at Sophos

...

Troj/Agent-IGQ

- Troj/Agent-IGQ at Sophos

...

Troj/Keygen-CR

- Troj/Keygen-CR at Sophos

Troj/Keygen-CR is a key generator for SuperAntispyware Professional 4.15.10.
...

Troj/Agent-IGO

- Troj/Agent-IGO at Sophos

Troj/Agent-IGO contains functionality to send email messages.
...

Troj/Agent-IGP

- Troj/Agent-IGP at Sophos

...

Troj/Dloadr-BZR

- Troj/Dloadr-BZR at Sophos

...

Troj/Dloadr-BZS

- Troj/Dloadr-BZS at Sophos

Troj/Dloadr-BZS is a Trojan for the Windows platform. When first run
Troj/Dloadr-BZS copies itself to <System>\userinit.exe and creates the following file:
<System>\nel32.dll The file nel32.dll is detected as Troj/Agent-IGO.
...

0 writebacks [11/16/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081114

W32.Winemmem!inf

- W32.Winemmem!inf at Norton Symantec

W32.Winemmem!inf is a detection for an infected version of %System%winmm.dll.
...

PWS-Mmorpg.gen!4F4835C5

- PWS-Mmorpg.gen!4F4835C5 at McAfee

File PropertyProperty ValueFileNameff4122~1.exeMcAfee DetectionPWS-Mmorpg.genLength21,998
bytesCRC4F4835C5MD5FF412266B1C7ECEE38CECD71AACE4734SHA1179579E2D1221FE15B376EB20539572B3C73ED14Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.22854AVG (GriSoft)psw.onlinegames.
beteBitDefenderTrojan.PWS.On...

Generic Downloader.x!77429105

- Generic Downloader.x!77429105 at McAfee

File PropertyProperty ValueFileNameee86cc~1.exeMcAfee DetectionGeneric Downloader.xLength29,188
bytesCRC77429105MD5EE86CC1D42DD6E2145E7F8F162B99A0ASHA15779DAA37B89CD70AE884A59BB937250E8BBEB20Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Agent.29188.DAviraTR/Dldr.Agent.
anmhBitDefenderTrojan.Renos.NFGclamavTr...

Generic Downloader.x!484A4BCD

- Generic Downloader.x!484A4BCD at McAfee

File PropertyProperty ValueFileNameed71cc~1.exeMcAfee DetectionGeneric Downloader.xLength108,032
bytesCRC484A4BCDMD5ED71CCD9DA217577717B94D0F1D17D80SHA1F979AC43BB7CD90360852FBD132F1AA782F1D97FOther Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.FakeAlert.AXBitDefenderTrojan.Downloader.FakeAlert.
AXmicrosoftprogram:win3...

Generic Downloader.x!60143127

- Generic Downloader.x!60143127 at McAfee

File PropertyProperty ValueFileNamedeaf08~1.exeMcAfee DetectionGeneric Downloader.xLength29,700
bytesCRC60143127MD5DEAF0841E8768BF35FF7BACC3473E6B1SHA1D09745E8AA427BEA0EF736AC4793211176463341Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Small.eycDr.WebTrojan.DownLoad.
12526EsetWin32/TrojanDownloader.Agent.OLPKas...

Generic Downloader.x!97495AE7

- Generic Downloader.x!97495AE7 at McAfee

File PropertyProperty ValueFileNamedb4b4d~1.exeMcAfee DetectionGeneric Downloader.xLength30,212
bytesCRC97495AE7MD5DB4B4D84BA606ED07399D7D82671A323SHA11576FB7DF9B165FA05F3A22033E4CD3C03358E08Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Agent.antkDr.WebTrojan.DownLoad.
10030EsetWin32/TrojanDownloader.Agent.OLDFo...

FakeAlert-AB.dldr.gen.b!C39E1DE9

- FakeAlert-AB.dldr.gen.b!C39E1DE9 at McAfee

File PropertyProperty ValueFileNamed82f17~1.exeMcAfee DetectionFakeAlert-AB.dldr.gen.bLength144,896
bytesCRCC39E1DE9MD5D82F179327086322601586F1A3593DF3SHA11A325EF765035987F04DA3936E6A0A067B540884Other Common
Detection AliasesCompany NameDetection NamemicrosoftTrojanDownloader:Win32/Renos.gen!AFTrend MicroTROJ_FAKEALE.
ABSystem Changes...

FakeAlert-AB.dldr.gen.b!235FE737

- FakeAlert-AB.dldr.gen.b!235FE737 at McAfee

File PropertyProperty ValueFileNamed23e3c~1.exeMcAfee DetectionFakeAlert-AB.dldr.gen.bLength145,408
bytesCRC235FE737MD5D23E3C76C1C5901C6B15DDBC8F7A55FFSHA13306E3F35EA39B0873D88C7D0C6A785F8976BC1EOther Common
Detection AliasesCompany NameDetection NameFortiNetW32/FakeAlert_AB.B!tr.dldrmicrosoftTrojanDownloader:
Win32/Renos.gen!AFnorman...

Generic Downloader.x!DFCBAE17

- Generic Downloader.x!DFCBAE17 at McAfee

File PropertyProperty ValueFileNamed21b0e~1.exeMcAfee DetectionGeneric Downloader.xLength34,308
bytesCRCDFCBAE17MD5D21B0E3D39312253C0A2D689259578FCSHA16BCE7C5AF71B15991D236793A86FFBAD4B76A4DEOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Codecpack.34308avastWin32:Trojan-gen
{Other}AviraTR/Dldr.CodecPack.GSBi...

PWS-Mmorpg.gen!22A867D0

- PWS-Mmorpg.gen!22A867D0 at McAfee

File PropertyProperty ValueFileNamed21033~1.exeMcAfee DetectionPWS-Mmorpg.genLength23,550
bytesCRC22A867D0MD5D210332EF13583204CC1F3951D98C5FFSHA145F6AC96F62F4FAD5BE87D4CC5FF2C39573856B6Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.22854AVG (GriSoft)psw.onlinegames.
belhBitDefenderTrojan.PWS.On...

Generic Downloader.x!34729A65

- Generic Downloader.x!34729A65 at McAfee

File PropertyProperty ValueFileNamec856ef~1.exeMcAfee DetectionGeneric Downloader.xLength29,700
bytesCRC34729A65MD5C856EF699942F12D954623007B668D79SHA1846899114B5CE2CD4DECB4BE98A02276DF567721Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Small.eycDr.WebTrojan.DownLoad.
12526EsetWin32/TrojanDownloader.Agent.OLPKas...

FakeAlert-AB.dldr.gen.b!FB22286F

- FakeAlert-AB.dldr.gen.b!FB22286F at McAfee

File PropertyProperty ValueFileNamec7bdfc~1.exeMcAfee DetectionFakeAlert-AB.dldr.gen.bLength149,504
bytesCRCFB22286FMD5C7BDFCBC7D4982EFB59534B229232A39SHA1D948DD94B0F2E9E7347E52E1B10A300C09144C07Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}BitDefenderTrojan.FakeAlert.Gen.2Dr.
WebTrojan.Fakealert...

Generic.dx!538FC9E0

- Generic.dx!538FC9E0 at McAfee

File PropertyProperty ValueFileNamece4dbc~1.exeMcAfee DetectionGeneric.dxLength56,832
bytesCRC538FC9E0MD5CE4DBC7F1D6330ECC0F76F4FD31C3AC5SHA1D63EEB1A344C475485E115935DC8038A017DAB16Other Common
Detection AliasesCompany NameDetection NameBitDefenderTrojan.Downloader.JLFYeSafe (Alladin)suspicious
Trojan/Worm [101]microsoftTrojan:Win32/...

PWS-Mmorpg.gen!F3D2FD30

- PWS-Mmorpg.gen!F3D2FD30 at McAfee

File PropertyProperty ValueFileNameb87390~1.exeMcAfee DetectionPWS-Mmorpg.genLength21,717
bytesCRCF3D2FD30MD5B873900C6B8F11E85AB486A7F016BE97SHA16D60C72C8B6A3AEFAC050E9A08F1CF5A163CD869Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.21719AVG (GriSoft)psw.onlinegames.
bexrBitDefenderTrojan.PWS.On...

PWCrack-Winspy!16A6EC7B

- PWCrack-Winspy!16A6EC7B at McAfee

File PropertyProperty ValueFileNameb71da3~1.exeMcAfee DetectionPWCrack-WinspyLength112,128
bytesCRC16A6EC7BMD5B71DA387DA96D0D8BF66C08CACCCE10BSHA1B2AD99FE74680F6B8FA71DD2C4E8058FAE15C64AOther Common
Detection AliasesCompany NameDetection NameavastWin32:Downloader-BZR [Wrm]AVG (GriSoft)downloader.zlob.
afmaAviraTR/Dldr.Fraud.bbrBitDefe...

FakeAlert-AB.dldr.gen.b!620F132D

- FakeAlert-AB.dldr.gen.b!620F132D at McAfee

File PropertyProperty ValueFileNameb1f41d~1.exeMcAfee DetectionFakeAlert-AB.dldr.gen.bLength147,456
bytesCRC620F132DMD5B1F41D0C7B31FEFB84ADCD1708CE9F2ASHA197D574ECA0EE9EF3703E97C2A8AC54A6059C7680Other Common
Detection AliasesCompany NameDetection NameFortiNetW32/FakeAlert_AB.B!tr.dldrmicrosoftTrojanDownloader:
Win32/Renos.gen!AFTrend ...

TROJ_PIDIEF.DN

- TROJ_PIDIEF.DN at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user
when visiting malicious Web sites.It is the Trend Micro detection for a malicious .PDF file with embedded
JavaScript that attempts to connect to a certain remote site to download a file detected by Trend Micro as
TROJ_INJECT.N...

Troj/Dloadr-BZP

- Troj/Dloadr-BZP at Sophos

...

Troj/Dloadr-BZQ

- Troj/Dloadr-BZQ at Sophos

...

Troj/RanBHO-Gen

- Troj/RanBHO-Gen at Sophos

Troj/RanBHO-Gen is a family of Trojan BHOs for the Windows platform.
Members of Troj/RanBHO-Gen may redirect users, usually to a Russian html page within the executable file
itself that pretends that Microsoft Internet Explorer will need to be paid for, and which encourages readers
to send an SMS me...

W32/Autorun-OX

- W32/Autorun-OX at Sophos

...

W32/AutoRun-OY

- W32/AutoRun-OY at Sophos

W32/AutoRun-OY is a worm for the Windows platform. When run W32/AutoRun-OY
copies itself to <System>\kamsoft.exe and creates the files:
<System>\gasretyw0.dll - detected as Troj/Virtum-Gen <System>\gasretyw1.dll -
detected as...

Troj/FakeVir-HK

- Troj/FakeVir-HK at Sophos

...

Troj/PWS-AWC

- Troj/PWS-AWC at Sophos

...

W32/Autorun-OW

- W32/Autorun-OW at Sophos

W32/Autorun-OW is a Trojan for the Windows platform. W32/Autorun-OW
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Autorun-OW copies itself to: <Root>\ogcikeq.com
<Syste...

Troj/Agent-IGL

- Troj/Agent-IGL at Sophos

Troj/Agent-IGL is a Trojan for the Windows platform. Troj/Agent-IGL copies
itself to the <WINDOWS> folder and sets a registry entry to run itself on startup.
Troj/Agent-IGL contains the logic to access remote social networking sites.
...

Troj/Agent-IGM

- Troj/Agent-IGM at Sophos

...

0 writebacks [11/15/2008 05:45] [] permanent link

Virus Malware and Threat News for 20081113

OSX.Lamzev.A

- OSX.Lamzev.A at Norton Symantec

OSX.Lamzev.A is a Trojan horse that opens a back door on the compromised computer.
...

W32.Sigougou

- W32.Sigougou at Norton Symantec

W32.Sigougou is a worm that spreads through mapped drives and network shares protected by weak passwords. It
attempts to disable security-related processes and may download files on to the compromised computer.
...

Trojan.Fakemess

- Trojan.Fakemess at Norton Symantec

Trojan.Fakemess is a Trojan horse that displays a fake message. It also lower the security settings on the
compromised computer.
...

AntivirusPro2009

- AntivirusPro2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Bdoor-APW

- Troj/Bdoor-APW at Sophos

Troj/Bdoor-APW is a Trojan for the Windows platform. Troj/Bdoor-APW copies
itself to <SYSTEM>\iexplore.exe and sets a registry entry to run on startup.
...

Troj/DwnLdr-HKM

- Troj/DwnLdr-HKM at Sophos

Troj/DwnLdr-HKM is a downloader Trojan for the Windows platform.
...

Troj/FakeAV-BG

- Troj/FakeAV-BG at Sophos

...

Troj/JSDown-C

- Troj/JSDown-C at Sophos

Troj/JSDown-C is a malicious web page that attempts to exploit vulnerable ActiveX controls.
...

Troj/Agent-IFS

- Troj/Agent-IFS at Sophos

...

Troj/Agent-IFT

- Troj/Agent-IFT at Sophos

...

Troj/Agent-IFU

- Troj/Agent-IFU at Sophos

...

Troj/Agent-IFV

- Troj/Agent-IFV at Sophos

...

Troj/Dloadr-BZM

- Troj/Dloadr-BZM at Sophos

Troj/Dloadr-BZM is a Trojan for the Windows platform. Troj/Dloadr-BZM
downloads, installs and runs rogue anti-virus malware detected as Troj/FakeAV-GK.
...

0 writebacks [11/14/2008 05:49] [] permanent link

Virus Malware and Threat News for 20081112

LivePlayer

- LivePlayer at Norton Symantec

BehaviorLivePlayer is a potentially unwanted application that can be used as an Online Music Player
application....

Trojan.Knowedel

- Trojan.Knowedel at Norton Symantec

Trojan.Knowedel is a Trojan horse that drops other risks onto the compromised computer.
...

WinCE.Pmcryptic.A

- WinCE.Pmcryptic.A at Norton Symantec

WinCE.Pmcryptic.A is a worm that spreads by copying itself to memory cards on compromised mobile devices. It
also attempts to dial premium-rate numbers.
...

Generic Downloader.x!2CB26608

- Generic Downloader.x!2CB26608 at McAfee

File PropertyProperty ValueFileNameaeef60~1.exeMcAfee DetectionGeneric Downloader.xLength29,700
bytesCRC2CB26608MD5AEEF6091F29FF38B2899DAC5B1A933CESHA16B103EBA1969B43618E7F6403A312C47477F4840Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Small.eycDr.WebTrojan.DownLoad.
12526EsetWin32/TrojanDownloader.Agent.OLPKas...

Generic Downloader.x!F01058D7

- Generic Downloader.x!F01058D7 at McAfee

File PropertyProperty ValueFileNamea0c020~1.exeMcAfee DetectionGeneric Downloader.xLength29,188
bytesCRCF01058D7MD5A0C020BF378AE5C847DE98479E4F6E74SHA167189627251B27A0F47BAD2C36A8436C2F26370EOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Agent.29188.DAviraTR/Dldr.Agent.
anmhBitDefenderTrojan.Renos.NFGclamavTr...

Generic Downloader.x!6F3F8CF0

- Generic Downloader.x!6F3F8CF0 at McAfee

File PropertyProperty ValueFileName985453~1.exeMcAfee DetectionGeneric Downloader.xLength29,700
bytesCRC6F3F8CF0MD59854536DFFD16E596150DE17F4C66DA7SHA1C245A90FA01CEE5480BBE316CE4B67AFA43E3372Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Small.eycDr.WebTrojan.DownLoad.
12526EsetWin32/TrojanDownloader.Agent.OLPKas...

Generic.dx!A5974192

- Generic.dx!A5974192 at McAfee

File PropertyProperty ValueFileName90cea1~1.exeMcAfee DetectionGeneric.dxLength19,456
bytesCRCA5974192MD590CEA1F4BF7402802900A0727C7C21B6SHA123FA38DD1373BA80DCC1DF0A1394A7AFFBF24C85Other Common
Detection AliasesCompany NameDetection NameAviraTR/Buzus.abplFortiNetW32/Buzus.ABPL!trKasperskyTrojan.Win32.
Buzus.abplSystem ChangesThese are...

PWS-Mmorpg.gen!24C50506

- PWS-Mmorpg.gen!24C50506 at McAfee

File PropertyProperty ValueFileName966c0f~1.exeMcAfee DetectionPWS-Mmorpg.genLength20,833
bytesCRC24C50506MD5966C0FF5BD4664263AE87FB3B2861C35SHA1374B2DFC347DEBFFE440676BC5F584A84A5527DAOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.BAVG (GriSoft)PSW.OnlineGames.
BEMTAviraTR/PSW.O.tpnr.18281BitD...

Generic Downloader.ac!483EBE04

- Generic Downloader.ac!483EBE04 at McAfee

File PropertyProperty ValueFileName86ffec~1.exeMcAfee DetectionGeneric Downloader.xLength58,880
bytesCRC483EBE04MD586FFEC2B2FACB7756DD9A6D140F084E5SHA14121670A9DDE25C9A9C4AFD8E2968CFA846B92CBOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Agent.58880.DMAVG (GriSoft)Downloader.Zlob.
AFVAAviraTR/Dldr.CodecPa.CUB...

SWF_EXPLOIT.CS

- SWF_EXPLOIT.CS at Trend Micro

This malicious Adobe Flash file may be downloaded from remote sites by other malware. It may be downloaded
unknowingly by a user when visiting malicious Web sites.It takes advantage of a vulnerability in Adobe Flash
Player which allows a remote malicious user or malware to download files on the affected machine. More
information abou...

SWF_EXPLOIT.CR

- SWF_EXPLOIT.CR at Trend Micro

This malicious SWF object may be downloaded from remote site(s) by the following malware: JS_AGENT.CCCJS_AGENT.
MBCThis malware takes advantage of a vulnerability in Adobe Flash Player, which allows a remote malicious user
or malware to download files on the affected machine. More information about the said vulnerability can be
found ...

TROJ_PIDIEF.CB

- TROJ_PIDIEF.CB at Trend Micro

This Trojan may be downloaded from certain remote sites.This Trojan exploits a known vulnerability in Adobe
Reader versions 8.1.1 and earlier. This vulnerability may cause the said application to crash and may also
allow a remote malicious user to take control over an affected system when a user views a specially-crafted
PDF file.Mor...

Boface.G

- Boface.G at Panda

It is designed to spread itself via the social networks Facebook and MySpace. In order to do so, it sends all
the affected user's friends a message which contains a link to a supposed YouTube video, which is actually a
copy of the worm....

Gimmiv.C

- Gimmiv.C at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download any type of malware to the affected computer.
...

Troj/Agent-IFL

- Troj/Agent-IFL at Sophos

...

Troj/DwnLdr-HKI

- Troj/DwnLdr-HKI at Sophos

Troj/DwnLdr-HKI is a Trojan for the Windows platform.
...

Troj/FakeVir-HH

- Troj/FakeVir-HH at Sophos

...

Troj/Refpron-A

- Troj/Refpron-A at Sophos

...

Troj/Zalup-B

- Troj/Zalup-B at Sophos

Troj/Zalup-B is a Trojan for the Windows platform.
...

W32/AutoRun-OE

- W32/AutoRun-OE at Sophos

W32/AutoRun-OE is a worm for the Windows platform. When run W32/AutoRun-OE
copies itself to <Program Files>\Microsoft Common\svchost.exe and sets the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.
exe ...

W32/AutoRun-OF

- W32/AutoRun-OF at Sophos

W32/AutoRun-OF is a worm for the Windows platform. When run W32/AutoRun-OF
copies itself to <System>\amvo.exe and creates the file <System>\amvo.dll (also detected as
W32/AutoRun-OF). The following registry entry is set:
HKCU\Software\Microso...

W32/Autorun-OG

- W32/Autorun-OG at Sophos

...

Mal/AdvPatch-A

- Mal/AdvPatch-A at Sophos

Mal/AdvPatch-A is a malicious executable that attempts to modify advapi32.dll.
...

Mal/Behav-309

- Mal/Behav-309 at Sophos

Mal/Behav-309 is a program which exhibits characteristics typical of malware, eg certain
keylogging Trojans.
...

MS08-069

- MS08-069 at Panda

It is a group of critical vulnerabilities in several versions of Microsoft XML Core Services, which
allows arbitrary code to be remotely executed in the vulnerable computer and information to be disclosed.
...

MS08-068

- MS08-068 at Panda

It is an important vulnerability in the SMB protocol on Windows 2008/Vista/2003/XP/2000 computers, which
allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
...

Mal/ObfJS-BK

- Mal/ObfJS-BK at Sophos

Mal/ObfJS-BK is an obfuscated JavaScript within a web page that exploits vulnerabilities in the
browser in order to infect the victim with malware.
...

Troj/Agent-IFQ

- Troj/Agent-IFQ at Sophos

...

Troj/Bancos-BEU

- Troj/Bancos-BEU at Sophos

...

Troj/Dloadr-BZJ

- Troj/Dloadr-BZJ at Sophos

...

Troj/DwnLdr-HKK

- Troj/DwnLdr-HKK at Sophos

Troj/DwnLdr-HKK is a Trojan for the Windows platform. When first run
Troj/DwnLdr-HKK copies itself to <System>\rs32net.exe. The following registry
entry is created to run rs32net.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ...

Troj/RootKit-EC

- Troj/RootKit-EC at Sophos

...

W32/SDBot-DNK

- W32/SDBot-DNK at Sophos

...

W32/Sohanad-B

- W32/Sohanad-B at Sophos

...

Troj/Agent-IFO

- Troj/Agent-IFO at Sophos

...

Troj/Agent-IFP

- Troj/Agent-IFP at Sophos

...

Troj/Bckdr-QQI

- Troj/Bckdr-QQI at Sophos

...

Troj/Bckdr-QQJ

- Troj/Bckdr-QQJ at Sophos

...

Troj/Bckdr-QQK

- Troj/Bckdr-QQK at Sophos

...

Troj/DwnLdr-HKL

- Troj/DwnLdr-HKL at Sophos

Troj/DwnLdr-HKL is a downloader Trojan for the Windows platform.
...

Troj/VB-EBO

- Troj/VB-EBO at Sophos

...

W32/AutoRun-OM

- W32/AutoRun-OM at Sophos

W32/AutoRun-OM is a worm for the Windows platform. W32/AutoRun-OM spreads
by copying itself to the root of removable drives and creating an autorun.inf file to run itself when the
drive is mounted....

W32/Autorun-ON

- W32/Autorun-ON at Sophos

...

W32/Autorun-OO

- W32/Autorun-OO at Sophos

...

Troj/Dloadr-BZK

- Troj/Dloadr-BZK at Sophos

...

Troj/FakeVir-HI

- Troj/FakeVir-HI at Sophos

...

0 writebacks [11/13/2008 05:56] [] permanent link

Virus Malware and Threat News for 20081111

LivePlayer

- LivePlayer at Norton Symantec

BehaviorLivePlayer is a potentially unwanted application that can be used as an Online Music Player
application....

Trojan.Knowedel

- Trojan.Knowedel at Norton Symantec

Trojan.Knowedel is a Trojan horse that drops other risks onto the compromised computer.
...

WinCE.Pmcryptic.A

- WinCE.Pmcryptic.A at Norton Symantec

WinCE.Pmcryptic.A is a worm that spreads by copying itself to memory cards on compromised mobile devices. It
also attempts to dial premium-rate numbers.
...

Generic Downloader.x!2CB26608

Generic Downloader.x!F01058D7

Generic Downloader.x!6F3F8CF0

Generic.dx!A5974192

PWS-Mmorpg.gen!24C50506

Generic Downloader.ac!483EBE04

SWF_EXPLOIT.CS

SWF_EXPLOIT.CR

TROJ_PIDIEF.CB

Boface.G

Gimmiv.C

- Gimmiv.C at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download any type of malware to the affected computer.
...

Troj/Agent-IFL

- Troj/Agent-IFL at Sophos

...

Troj/DwnLdr-HKI

- Troj/DwnLdr-HKI at Sophos

Troj/DwnLdr-HKI is a Trojan for the Windows platform.
...

Troj/FakeVir-HH

- Troj/FakeVir-HH at Sophos

...

Troj/Refpron-A

- Troj/Refpron-A at Sophos

...

Troj/Zalup-B

- Troj/Zalup-B at Sophos

Troj/Zalup-B is a Trojan for the Windows platform.
...

W32/AutoRun-OE

W32/AutoRun-OF

W32/Autorun-OG

- W32/Autorun-OG at Sophos

...

Mal/AdvPatch-A

- Mal/AdvPatch-A at Sophos

Mal/AdvPatch-A is a malicious executable that attempts to modify advapi32.dll.
...

Mal/Behav-309

- Mal/Behav-309 at Sophos

Mal/Behav-309 is a program which exhibits characteristics typical of malware, eg certain
keylogging Trojans.
...

MS08-069

MS08-068

Mal/ObfJS-BK

- Mal/ObfJS-BK at Sophos

Mal/ObfJS-BK is an obfuscated JavaScript within a web page that exploits vulnerabilities in the
browser in order to infect the victim with malware.
...

Troj/Agent-IFQ

- Troj/Agent-IFQ at Sophos

...

Troj/Bancos-BEU

- Troj/Bancos-BEU at Sophos

...

Troj/Dloadr-BZJ

- Troj/Dloadr-BZJ at Sophos

...

Troj/DwnLdr-HKK

Troj/RootKit-EC

- Troj/RootKit-EC at Sophos

...

W32/SDBot-DNK

- W32/SDBot-DNK at Sophos

...

W32/Sohanad-B

- W32/Sohanad-B at Sophos

...

Troj/Agent-IFO

- Troj/Agent-IFO at Sophos

...

Troj/Agent-IFP

- Troj/Agent-IFP at Sophos

...

0 writebacks [11/12/2008 13:43] [] permanent link

Virus Malware and Threat News for 20081109

Troj/Bckdr-QQH

- Troj/Bckdr-QQH at Sophos

...

Troj/BHO-HW

- Troj/BHO-HW at Sophos

...

Troj/BHO-HX

- Troj/BHO-HX at Sophos

...

Troj/FakeAle-JT

- Troj/FakeAle-JT at Sophos

...

Troj/FakeVir-HC

- Troj/FakeVir-HC at Sophos

...

Troj/FakeVir-HD

- Troj/FakeVir-HD at Sophos

...

Troj/Zbot-AU

- Troj/Zbot-AU at Sophos

...

W32/Autorun-NY

- W32/Autorun-NY at Sophos

W32/Autorun-NY copies itself to <System>\chrome.exe and <Windows>\chrome.exe.
W32/Autorun-NY schedules itself to run every day at 9:00AM.
W32/Autorun-NY sets the following registry values:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ...

Mal/Renos-D

- Mal/Renos-D at Sophos

Mal/Renos-D is a malicious program for the Windows platform. Detection for
members of Mal/Renos-D is behavior based. It is extremely important that customers report detections of
Mal/Renos-D to Sophos and send a sample for analysis.
...

Troj/FakeAle-JS

- Troj/FakeAle-JS at Sophos

...

0 writebacks [11/10/2008 05:58] [] permanent link

Virus Malware and Threat News for 20081108

Troj/AdvHack-A

- Troj/AdvHack-A at Sophos

Troj/AdvHack-A is a Trojan for the Windows platform. Troj/AdvHack-A is a
hacked copy of advapi32.dll which allows other malware to compromise a system.
...

Troj/Agent-IEL

- Troj/Agent-IEL at Sophos

...

Troj/Agent-IEM

- Troj/Agent-IEM at Sophos

...

Troj/Bdoor-APS

- Troj/Bdoor-APS at Sophos

...

W32/Autorun-KO

- W32/Autorun-KO at Sophos

...

0 writebacks [11/09/2008 05:59] [] permanent link

Virus Malware and Threat News for 20081107

Trojan.Pidief.D

- Trojan.Pidief.D at Norton Symantec

Trojan.Pidief.D is a Trojan horse that exploits the Adobe Reader 'util.printf()' JavaScript Function Stack
Buffer Overflow Vulnerability (BID 30035) to download and execute files from the Internet.
...

Bloodhound.Exploit.213

- Bloodhound.Exploit.213 at Norton Symantec

Bloodhound.Exploit.213 is a heuristic detection for files attempting to exploit the Adobe Reader 'util.
printf()' JavaScript Function Stack Buffer Overflow Vulnerability (BID 30035).
...

W32.Gaut.A

- W32.Gaut.A at Norton Symantec

W32.Gaut.A is a worm that spreads through shared, local, and removable drives. It may also spread through
certain instant messaging applications.
...

W32/Sdbot.worm!797C016E

- W32/Sdbot.worm!797C016E at McAfee

File PropertyProperty ValueFileNamefxstal~1.exeMcAfee DetectionW32/Sdbot.wormLength48,690
bytesCRC797C016EMD56ABB6C6CFF603DC3AAAF6B2E39D2C3D9SHA154C55A36B1CA1F56D87D8C199B1A1D9E522E1D70Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AVG (GriSoft)sheur2.oeAviraWorm/IrcBot.
48690BitDefenderBackdoor.R...

Generic PUP.x!37B20B0B

- Generic PUP.x!37B20B0B at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

Generic BackDoor!B82C9FBE

- Generic BackDoor!B82C9FBE at McAfee

File PropertyProperty ValueFileNameceeec1~1.exeMcAfee DetectionGeneric BackDoorLength20,996
bytesCRCB82C9FBEMD5CEEEC1E035D57C6ADFE5629C0BD89C59SHA107D299A8C619C7DDF307DACF7C54D389247DD606Other Common
Detection AliasesCompany NameDetection NameavastWin32:Rootkit-gen [Rtk]AviraHEUR/MalwareBitDefenderDropped:
Backdoor.Generic.111690Dr.We...

Generic.dx!6B498239

- Generic.dx!6B498239 at McAfee

File PropertyProperty ValueFileNameb6635f~1.exeMcAfee DetectionGeneric.dxLength27,141
bytesCRC6B498239MD5B6635F8507898C78B0EB06B10BE573B6SHA140B7EC73D8B258AFBC20B9BE70315BCAB7B0E8FDOther Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AVG (GriSoft)Generic11.
BJRMAviraTR/Crypt.CFI.GenBitDefenderDeepScan:G...

PWS-Mmorpg.gen!DC838375

- PWS-Mmorpg.gen!DC838375 at McAfee

File PropertyProperty ValueFileName9f24a4~1.exeMcAfee DetectionPWS-Mmorpg.genLength29,696
bytesCRCDC838375MD59F24A4829123FB057707C953F2CD1984SHA115F5863C53176DF8D49369DC9983B42314AAF50EOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Downloader.29696.BIavastWin32:Spyware-gen [Trj]AVG
(GriSoft)PSW.OnlineGames.P...

Generic Downloader.x!FDCE5A61

- Generic Downloader.x!FDCE5A61 at McAfee

File PropertyProperty ValueFileName845c2c~1.exeMcAfee DetectionGeneric Downloader.xLength29,188
bytesCRCFDCE5A61MD5845C2C4BA5B23FE549523C2FCC6A9F90SHA1F6D3E0E0628F4E2121B90417BFB3DA184472A2E2Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Agent.29188.DAviraTR/Dldr.Agent.
anmhBitDefenderTrojan.Renos.NFGclamavTr...

Generic Downloader.ac!D93F7E7A

- Generic Downloader.ac!D93F7E7A at McAfee

File PropertyProperty ValueFileName7f57ce~1.exeMcAfee DetectionGeneric Downloader.xLength58,880
bytesCRCD93F7E7AMD57F57CE1D27210944DEEA5B95EC6C80A3SHA1AA24069C7B88D09CB52CB2D5EA94E877AA15CD8COther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Downloader.Zlob.AFVAAviraTR/Dldr.Agent.
alqsBitDefenderTrojan.Renos.NFBKaspe...

PWS-Mmorpg.gen!42E61F0D

- PWS-Mmorpg.gen!42E61F0D at McAfee

File PropertyProperty ValueFileName805b12~1.exeMcAfee DetectionPWS-Mmorpg.genLength22,580
bytesCRC42E61F0DMD5805B12CFDD9C354505F0B7772AD25321SHA1805A92FF4B1DEA0AD555C73470615BC4F77CCE82Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.21719AVG (GriSoft)PSW.OnlineGames.
BELLAviraTR/Spy.GenBitDefend...

Generic Downloader.x!7F1E8F3D

- Generic Downloader.x!7F1E8F3D at McAfee

File PropertyProperty ValueFileName634c7b~1.exeMcAfee DetectionGeneric Downloader.xLength56,832
bytesCRC7F1E8F3DMD5634C7BBEF4E6C6D38A8A48474435E362SHA15EA811D6917687F8044D288EB5B5E99F420069D5Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Codecpack.56832AviraTR/Dldr.CodecPack.
GJBitDefenderTrojan.Renos.NFEDr.W...

Generic.dx!F761E18D

- Generic.dx!F761E18D at McAfee

File PropertyProperty ValueFileName5f6b08~1.exeMcAfee DetectionGeneric.dxLength118,784
bytesCRCF761E18DMD55F6B089F0048E6510C78BB38A3909B9CSHA1DEA081114F1B4DB1BE9ECAAC26C73C608F82E34AOther Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AviraTR/VB.NWKBitDefenderTrojan.VB.
NWKEsetWin32/Qhost.NFOKasperskyTr...

Generic Downloader.x!04FD8993

- Generic Downloader.x!04FD8993 at McAfee

File PropertyProperty ValueFileName69c6cd~1.exeMcAfee DetectionGeneric Downloader.xLength34,308
bytesCRC04FD8993MD569C6CD1E0596ED7E671DE4767B7A98E5SHA178F429B8A0E1825252E06AC25E656D8B48B2A1DAOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)downloader.zlob.afvgAviraTR/Dldr.CodecPack.
GSBitDefenderTrojan.Fakealert.AL...

PWS-Mmorpg.gen!1926475E

- PWS-Mmorpg.gen!1926475E at McAfee

File PropertyProperty ValueFileName5a8916~1.exeMcAfee DetectionPWS-Mmorpg.genLength11,116
bytesCRC1926475EMD55A89163BA1D718D786A345FF0DCB68D3SHA13B970D6A30273869BCD9E27E6D9CD9DCA1DC186BOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.onlinegames.bexfAviraTR/Dropper.
GenBitDefenderTrojan.PWS.OnlineGames.AABKDr.W...

Generic Downloader.x!5752377A

- Generic Downloader.x!5752377A at McAfee

File PropertyProperty ValueFileName5daa06~1.exeMcAfee DetectionGeneric Downloader.xLength16,384
bytesCRC5752377AMD55DAA0657E07CD932EAAEA3516095D98BSHA13FC2EDEFC684E94DA16ABE938024C28B061C5613Other Common
Detection AliasesCompany NameDetection NameMicrosofttrojandownloader:win32/vb.cjSymantecDownloaderAvert� Labs
has observed the foll...

Generic Dropper!CC30C94E

- Generic Dropper!CC30C94E at McAfee

File PropertyProperty ValueFileName59483c~1.exeMcAfee DetectionGeneric DropperLength21,504
bytesCRCCC30C94EMD559483CACC423F657E07BB93AA7EF20E9SHA13DC23E631A288040257B1154E3624D26A9BB9F57Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AVG (GriSoft)worm/generic.
nduAviraTR/Drop.RQU.2BitDefenderTrojan...

Generic Downloader.x!88639D50

- Generic Downloader.x!88639D50 at McAfee

File PropertyProperty ValueFileName58c9da~1.exeMcAfee DetectionGeneric Downloader.xLength30,212
bytesCRC88639D50MD558C9DA468D6771F3CAA5A4388D2819DBSHA1CF0248FB6BDBFC5F4684A1B7B048F3190FC7207AOther Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Agent.antkDr.WebTrojan.DownLoad.
10030EsetWin32/TrojanDownloader.Agent.OLDFo...

PWS-Mmorpg.gen!EC0D6972

- PWS-Mmorpg.gen!EC0D6972 at McAfee

File PropertyProperty ValueFileName46c28e~1.exeMcAfee DetectionPWS-Mmorpg.genLength21,608
bytesCRCEC0D6972MD546C28E0B7E83F9BF003418372BF793E4SHA1DAC9A905ACE7308FF01C3259C54758A5B391D4DFOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.23210AVG (GriSoft)PSW.OnlineGames.
BDWZBitDefenderTrojan.PWS.On...

PWS-Mmorpg.gen!CC04AC0E

- PWS-Mmorpg.gen!CC04AC0E at McAfee

File PropertyProperty ValueFileName43533a~1.exeMcAfee DetectionPWS-Mmorpg.genLength21,969
bytesCRCCC04AC0EMD543533AD691EB4FEE6DE67217952B340BSHA123C87DA9BCD768E4BEFEB5415B992FFCF9C7FC80Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.22854AviraTR/Spy.
GenBitDefenderTrojan.PWS.OnlineGames.AABODr.W...

FakeAlert-AB.dldr.gen.b!9DDC77EF

- FakeAlert-AB.dldr.gen.b!9DDC77EF at McAfee

File PropertyProperty ValueFileName48bfb4~1.exeMcAfee DetectionFakeAlert-AB.dldr.gen.bLength140,288
bytesCRC9DDC77EFMD548BFB4FB4A29F1115F1DFD71AEF2467FSHA125F9EF05366A2763B0C137777173B86BB96E8D63Other Common
Detection AliasesCompany NameDetection NameFortiNetW32/FraudLoad.VCYM!tr.dldrKasperskyTrojan-Downloader.Win32.
FraudLoad.vcymMic...

Generic Downloader.x!0834E1F6

- Generic Downloader.x!0834E1F6 at McAfee

File PropertyProperty ValueFileName3f6d71~1.exeMcAfee DetectionGeneric Downloader.xLength29,700
bytesCRC0834E1F6MD53F6D71C92FDE6AB08AC6D9EC62A30372SHA1384C5872380EF9195F9C439C4203D034C3F20E1DOther Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Small.eycDr.WebTrojan.DownLoad.
12533EsetWin32/TrojanDownloader.Agent.OLPmic...

Generic Downloader.ac!EEFBE7F3

- Generic Downloader.ac!EEFBE7F3 at McAfee

File PropertyProperty ValueFileName31e696~1.exeMcAfee DetectionGeneric Downloader.xLength51,712
bytesCRCEEFBE7F3MD531E6960908A271991CCCA32107AD82B7SHA1D5A73615EB3A33C3BB12849AD82364AD3DAAE5E5Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Downloader.Zlob_r.DVKasperskyTrojan-Dropper.Win32.
Agent.yqlmicrosoftTrojanD...

Generic Downloader.x!230AE3B9

- Generic Downloader.x!230AE3B9 at McAfee

File PropertyProperty ValueFileName21700c~1.exeMcAfee DetectionGeneric Downloader.xLength63,488
bytesCRC230AE3B9MD521700C36F3533895ABA0710665C7689BSHA130D16C2C6954667A9B1729D54DD626D6C50620A8Other Common
Detection AliasesCompany NameDetection NameAviraTR/Dldr.Delphi.GenMicrosofttrojandownloader:win32/small.
gen!zAvert� Labs has observ...

Generic FakeAlert.d!03F2F550

- Generic FakeAlert.d!03F2F550 at McAfee

File PropertyProperty ValueFileName18027d~1.exeMcAfee DetectionGeneric.dxLength157,184
bytesCRC03F2F550MD518027D7F6B1BBB3E6C9009B53B560C51SHA1A21B1D02B4BDCF7FCB1AD64D22E2C4A08CD96D4EOther Common
Detection AliasesCompany NameDetection NameAvastWin32:Lighty-CKasperskyTrojan-Downloader.Win32.Suurch.
gbMicrosoftTrojanClicker:Win32/Hatigh....

W32/Autorun.worm.gen!6B4258EB

- W32/Autorun.worm.gen!6B4258EB at McAfee

...

Generic.dx!393BFBCB

- Generic.dx!393BFBCB at McAfee

File PropertyProperty ValueFileName080a0b~1.exeMcAfee DetectionGeneric.dxLength35,344
bytesCRC393BFBCBMD5080A0B97BAFB6A33770AA0AC34FC8C45SHA1760E0D386542BEBCAA99547519A2055B5C565D6BOther Common
Detection AliasesCompany NameDetection NameAvastWin32:Delf-LDAAVG (GriSoft)Win32/HeurBitDefenderTrojan.
Downloader.JLCAKasperskyTrojan.Win32.B...

PWS-Mmorpg.gen!73523396

- PWS-Mmorpg.gen!73523396 at McAfee

File PropertyProperty ValueFileName0d63fa~1.exeMcAfee DetectionPWS-Mmorpg.genLength22,740
bytesCRC73523396MD50D63FA5B315878B8FB5E68B5623C174ASHA1A554E9D4FD960955884A01579F4DAB14F9BC8E48Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.onlinegames.belhAviraTR/Spy.GenclamavTrojan.
Mono-9F-ProtW32/Agent.L.gen!Eldor...

Generic FakeAlert.a!E327DA8B

- Generic FakeAlert.a!E327DA8B at McAfee

File PropertyProperty ValueFileName06164b~1.exeMcAfee DetectionGeneric FakeAlert.aLength109,056
bytesCRCE327DA8BMD506164B540B6392B3DF1B5637C13A6615SHA10D067BF9CAE4114AB6BC2412DADB4650680EB0F2Other Common
Detection AliasesCompany NameDetection NameBitDefenderTrojan.FakeAlert.AKTKasperskyTrojan-Downloader.Win32.
FraudLoad.vddgmicrosoftp...

Spyforms.BQ

- Spyforms.BQ at Panda

It controls the network traffic in order to obtain passwords from ftp, icq, pop3 and imap connections. It is
being distributed in an email message informing that Barack Obama has become the 44th US president and
the first Afro-American president.
...

Mal/EncPk-FX

- Mal/EncPk-FX at Sophos

Mal/EncPk-FX is a malicious packed executable, often a member of the fake anti-virus family of
Trojans. ...

Mal/OnlineG-B

- Mal/OnlineG-B at Sophos

...

Troj/Agent-IEJ

- Troj/Agent-IEJ at Sophos

...

Troj/Agent-IEK

- Troj/Agent-IEK at Sophos

Troj/Agent-IEK starts an instance of Internet Explorer in the background and injects itself into
that process.
...

Troj/BHO-HU

- Troj/BHO-HU at Sophos

...

W32/Koobfa-Gen

- W32/Koobfa-Gen at Sophos

W32/Koobfa-Gen is a family of worms for the Windows platform that target Facebook and may attempt
to send messages to users on Facebook pointing to a copy of themselves. When first run,
members of W32/Koobfa-Gen often display an error message saying: Error
installi...

Troj/Agent-IEE

- Troj/Agent-IEE at Sophos

Troj/Agent-IEE is a Trojan for the Windows platform. Troj/Agent-IEE runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When Troj/Agent-IEE is installed the
following fil...

Troj/Agent-IEF

- Troj/Agent-IEF at Sophos

...

Troj/Agent-IEG

- Troj/Agent-IEG at Sophos

When first run, Troj/Agent-IEG creates the following registry entry to start itself when Windows
starts: HKCU\Software\Microsoft\Windows\CurrentVersion\Run GetModule27
<Path to executable> Troj/Agent-IEG silently connects to the internet, and
may ha...

0 writebacks [11/08/2008 05:56] [] permanent link

Virus Malware and Threat News for 20081106

Trojan-Spy:W32/ZBot.XF

- Trojan-Spy:W32/ZBot.XF at F-Secure

Trojan-Spy:W32/ZBot.XF is a trojan-spy. Trojan-spy applications attempt to steal online banking
login-information and other sensitive data from the infected computer. ZBot.XF also targets online poker and
gaming sites....

Trojan.Newarxy

- Trojan.Newarxy at Norton Symantec

Trojan.Newarxy is a Trojan horse that allows the compromised computer to be used as a proxy server.
...

Trojan.Farfli!SP

- Trojan.Farfli!SP at Norton Symantec

Trojan.Farfli!SP is a generic detection for variants of the Trojan.Farfli family of Trojans.
...

Trojan.Mobiregect

- Trojan.Mobiregect at Norton Symantec

Trojan.Mobiregect is a Trojan horse that downloads other risks onto the compromised computer.
...

W32.Kernelbot.A

- W32.Kernelbot.A at Norton Symantec

W32.Kernelbot.A is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (BID 31874) and through file sharing networks. It may also download files on to
the compromised computer.
...

Generic PUP.x!C6D4EB23

- Generic PUP.x!C6D4EB23 at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

Coreflood.dr!7B73B420

- Coreflood.dr!7B73B420 at McAfee

File PropertyProperty ValueFileNamewmedia106.exeMcAfee DetectionCoreflood.drLength135,168
bytesCRC7B73B420MD54D27B641939F86BD8CC7FDCD1D2815E5SHA16E5BF705075586ADC6865271144DBCF376518587Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AVG (GriSoft)Dropper.Generic.
AALVAviraTR/Pakes.karBitDefenderBack...

Generic PWS.y!6F939359

- Generic PWS.y!6F939359 at McAfee

File PropertyProperty ValueFileNameadobe_flash9.exeMcAfee DetectionGeneric PWS.yLength31,232
bytesCRC6f939359MD547C86509A78DC1EDB42F2964BEA86306SHA1d3e810f43e77d6963018eccdcbbb3b0464288b1dOther Common
Detection AliasesCompany NameDetection NameAvastWin32:Agent-LVZ [Rtk]AVG (GriSoft)Agent.AJAYAviraTR/Crypt.XDR.
GenNod32Win32/PSW.Papras...

W32/Sality.aq

- W32/Sality.aq at McAfee

W32/Sality.aq is a parasitic virus that infects Win32 PE executable files.Upon execution, it drops the
following files:%System%\drivers\[RANDOM FILE NAME].sys It creates the following mutex "Op1mutx9"Creates the
following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aic32p

HKEY_LOCAL_MACHINE\System\Con...

PWS-OnlineGames.cp!1427AB44

- PWS-OnlineGames.cp!1427AB44 at McAfee

File PropertyProperty ValueFileNamezz.exeMcAfee DetectionPWS-OnlineGames.cpLength130,308
bytesCRC1427AB44MD56DBD8BD7A8196222AF19DE5045789D16SHA1EF38202BEA5799756C6D9117348F88B348819D2FOther Common
Detection AliasesCompany NameDetection Namemicrosofttrojandropper:win32/frethogAvert® Labs has observed the
following system activities...

Generic PWS.y!516B39F3

- Generic PWS.y!516B39F3 at McAfee

Avert® Labs has observed the following system activities:ActivityRisk LevelRegisters
DLLsInformationalSystem ChangesThese are general defaults for typical path variables. (Although they may
differ, these examples are common.):%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows
NT/2000)%SystemDir% = \WINDOWS\SYSTEM (Windo...

Exploit-PDF.d

- Exploit-PDF.d at McAfee

Adobe Statement:http://www.adobe.com/support/security/bulletins/apsb08-19.
html ...

PWS-Mmorpg.gen!C5FF49FA

- PWS-Mmorpg.gen!C5FF49FA at McAfee

File PropertyProperty ValueFileNamems26.exeMcAfee DetectionPWS-Mmorpg.genLength12,800
bytesCRCC5FF49FAMD53E07781AE9145927635ACDB8878AA15FSHA19B04285C84127497DEE9F3DAAC9A4D3F72B63CE8Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AviraTR/Dropper.GenBitDefenderTrojan.
PWS.OnlineGames.ZWUDr.WebTrojan....

PWS-Mmorpg.gen!85EF504E

- PWS-Mmorpg.gen!85EF504E at McAfee

File PropertyProperty ValueFileNamems21.exeMcAfee DetectionPWS-Mmorpg.genLength13,312
bytesCRC85EF504EMD57C05C19EC7D5D1A44B87D6FDE04974BASHA1F97B9C51BDEB637DAFED2F2FD1AD02E692B263BEOther Common
Detection AliasesCompany NameDetection NameavastWin32:Spyware-gen [Trj]AVG (GriSoft)psw.onlinegames.
bfifAviraTR/Dropper.GenBitDefenderTrojan....

PWS-OnlineGames.co!B1004714

- PWS-OnlineGames.co!B1004714 at McAfee

File PropertyProperty ValueFileNamenew6.exeMcAfee DetectionPWS-OnlineGames.coLength18,233
bytesCRCB1004714MD5E9B786DDD663EEA182117255D876B87CSHA1D1546B2B75CFF86D8296AA69B23137655091C9C3Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.17049avastWin32:Trojan-gen
{Other}AviraTR/Agent.16384.5BitDefe...

PWS-Mmorpg.gen!44CDBE12

- PWS-Mmorpg.gen!44CDBE12 at McAfee

File PropertyProperty ValueFileNamenew4.exeMcAfee DetectionPWS-Mmorpg.genLength18,341
bytesCRC44CDBE12MD5B29A9E55D46E9E468AAE946CDD915D84SHA1855AC0F28CBE81998CEE901EA0CDB7E418EAD23EOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.6885avastWin32:Trojan-gen
{Other}AVG (GriSoft)psw.onlinegames.bfgt...

PWS-Mmorpg.gen!9682442B

- PWS-Mmorpg.gen!9682442B at McAfee

File PropertyProperty ValueFileNamenew30.exeMcAfee DetectionPWS-Mmorpg.genLength22,112
bytesCRC9682442BMD549417A45B779D9DE907E9529A9E753B7SHA1C75EE57FA44C9106F9CFCBFEB87E009122CB7277Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.32768.HJavastWin32:OnLineGames-FDQ
[Trj]AVG (GriSoft)Dropper.Agen...

PWS-QQGame!F795E48D

- PWS-QQGame!F795E48D at McAfee

File PropertyProperty ValueFileNamenew32.exeMcAfee DetectionPWS-QQGameLength31,854
bytesCRCF795E48DMD5166377EE20C3D2019D7A09D7577332E9SHA10697D3609FBC97F46A5EF0565415818365E403D1Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/QQPass.GenavastWin32:Delf-FZG [Trj]AVG
(GriSoft)PSW.Delf.CEDAviraTR/Spy.Agent.31854B...

PWS-Mmorpg.gen!4CAA3599

- PWS-Mmorpg.gen!4CAA3599 at McAfee

File PropertyProperty ValueFileNamenew29.exeMcAfee DetectionPWS-Mmorpg.genLength22,956
bytesCRC4CAA3599MD5B82EDFF876787FB499E6174691AF4D9BSHA119971BEA5CB51620421BF64C07F36A19A31A266EOther Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.32768.HJavastWin32:OnLineGames-FDQ
[Trj]AVG (GriSoft)Dropper.Agen...

Generic PWS.y!410A2DD3

- Generic PWS.y!410A2DD3 at McAfee

File PropertyProperty ValueFileNamenew24.exeMcAfee DetectionGeneric PWS.yLength22,910
bytesCRC410A2DD3MD595B92DAE00A207E71B1435A6E9ABC21BSHA1E79C879C4C7376376E950C13057EFCC69AE53468Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)dropper.agent.koqAviraTR/Spy.GenBitDefenderTrojan.PWS.
OnlineGames.AADADr.WebMULDROP.T...

PWS-OnlineGames.co!767E2EBD

- PWS-OnlineGames.co!767E2EBD at McAfee

File PropertyProperty ValueFileNamenew2.exeMcAfee DetectionPWS-OnlineGames.coLength16,969
bytesCRC767E2EBDMD52B9862304E3B420E8B3FC85085DF7A30SHA142693C7EDEA411D6717DE1DC719260F8671214B9Other Common
Detection AliasesCompany NameDetection NameavastWin32:Trojan-gen {Other}AVG (GriSoft)psw.onlinegames.
bfoqAviraTR/Agent.allyBitDefenderTro...

PWS-OnlineGames.co!A1FDE7D6

- PWS-OnlineGames.co!A1FDE7D6 at McAfee

File PropertyProperty ValueFileNamenew10.exeMcAfee DetectionPWS-OnlineGames.coLength17,713
bytesCRCA1FDE7D6MD5D2FDD985507503251A27629268A1B6B2SHA1AE5DEAF09D556922648BA158A9DDA1EBC1662680Other Common
Detection AliasesCompany NameDetection NameKasperskyTrojan-GameThief.Win32.Magania.gennormanw32/packed_upack.
aSymantecInfostealer.Hibik....

Generic PWS.ak!0980BF11

- Generic PWS.ak!0980BF11 at McAfee

File PropertyProperty ValueFileName0fe10e~1.exeMcAfee DetectionGeneric PWS.akLength104,448
bytesCRC0980BF11MD52434D32C5CB16CC7CF646BB48B3B1371SHA15A74F49F8AAC31F1A6BDA958CA8B7FB24EF4E8EEOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)PSW.OnlineGames_r.GAviraTR/Crypt.XPACK.GeneSafe
(Alladin)Suspicious fileFortiNet...

Uploader-R!0C56428C

- Uploader-R!0C56428C at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

Generic Downloader.ch!3C795017

- Generic Downloader.ch!3C795017 at McAfee

File PropertyProperty ValueFileNamewebcc.exeMcAfee DetectionGeneric Downloader.chLength45,056
bytesCRC3C795017MD59BB242C4FCAC47E1D5522AF3ADA819A6SHA1F24D3176EC11E34D235C28E740B0776D948DAA05Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)downloader.generic8.bcvAviraWorm/Downloader.
WOBitDefenderTrojan.Agent.AKYWEse...

RemAdm-VNC!5E730E90

- RemAdm-VNC!5E730E90 at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

W32/Sality!0E795319

- W32/Sality!0E795319 at McAfee

File PropertyProperty ValueFileNamevnfyex~1.exeMcAfee DetectionW32/SalityLength146,944
bytesCRC0E795319MD56583D593D458AF3A33BF4F587960BC5ASHA1908DDBE8667F541D0AD3EA4D7B057CB251E28FA1Other Common
Detection AliasesCompany NameDetection NameKasperskyVirus.Win32.Sality.aamicrosoftvirus:win32/sality.
amnormanw32/sality.aeSophosW32/Sality-A...

PWS-Banker!8CAC7DF6

- PWS-Banker!8CAC7DF6 at McAfee

File PropertyProperty ValueFileNamewuaucl~1.exeMcAfee DetectionPWS-BankerLength4,275,600
bytesCRC8CAC7DF6MD51A96A396F62D7ED9D92309BD9C33DCBDSHA15C8D0ABAEB453327D289212DE5EE575C2C440FB9Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.banker5.hrAviraTR/Crypt.CFI.GenEsetWin32/Spy.
Banker.PSIF-ProtW32/Downloader.X....

W32/Sality!D0F39AC8

- W32/Sality!D0F39AC8 at McAfee

File PropertyProperty ValueFileNameinstmsi.exeMcAfee DetectionW32/SalityLength1,564,160
bytesCRCD0F39AC8MD5CE09032FD5605B4B35DC7DFA63FBC4CASHA1DEAECA788F54CBEA8EC85921469575C8F5ED6A4AOther Common
Detection AliasesCompany NameDetection NameKasperskyVirus.Win32.Sality.aamicrosoftvirus:win32/sality.
amnormanw32/sality.aeSophosW32/Sality-...

Generic Downloader.x!1CDF4421

- Generic Downloader.x!1CDF4421 at McAfee

File PropertyProperty ValueFileNamea43e0c~1.exeMcAfee DetectionGeneric Downloader.xLength860,168
bytesCRC1CDF4421MD5D666153890B5CB4C89879034BBC38B6DSHA15E8C72065ED224CB47F1C16A4B8C310DEED8ADDAOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Win32/ThemidaDr.WebTrojan.Packed.650EsetWin32/Bagle.QC
wormFortiNetPossibl...

PWS-Banker!9CC05EE9

- PWS-Banker!9CC05EE9 at McAfee

File PropertyProperty ValueFileNamef7b5de~1.exeMcAfee DetectionPWS-BankerLength326,656
bytesCRC9CC05EE9MD530C3D7A1D8854221C76141336E4538D6SHA1524ACB1AC3206B95DF77B3C33473007D2193DC60Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)SHeur.CRIDAviraTR/ATRAPS.GenDr.WebBackdoor.TrojaneSafe
(Alladin)Suspicious fileKaspe...

W32/Sality!DCA4E2CF

- W32/Sality!DCA4E2CF at McAfee

File PropertyProperty ValueFileNamesetup.exeMcAfee DetectionW32/SalityLength483,840
bytesCRCDCA4E2CFMD5DFC3411F1CE82726E7D9C0675A811036SHA187FF0CC6A23CFDFF65759555EBADB3CD3F86A4A3Other Common
Detection AliasesCompany NameDetection NameKasperskyVirus.Win32.Sality.aamicrosoftvirus:win32/sality.
amnormanw32/sality.aeSophosW32/Sality-AMSy...

W32/Sality!9271B6C4

- W32/Sality!9271B6C4 at McAfee

File PropertyProperty ValueFileNamedw20.exeMcAfee DetectionW32/SalityLength683,008
bytesCRC9271B6C4MD5AAD06DF2033BE163432AA9DC75330BADSHA1F0436F427342E84A77B9F5E196BE224CFCC00DAEOther Common
Detection AliasesCompany NameDetection NameKasperskyVirus.Win32.Sality.aamicrosoftvirus:win32/sality.
amnormanw32/sality.aeSophosW32/Sality-AMSym...

Puper!FB2009B3

- Puper!FB2009B3 at McAfee

File PropertyProperty ValueFileNameiebtm.exeMcAfee DetectionPuperLength20,480
bytesCRCFB2009B3MD564D1B58FB001758657BC1DA99D52C9ADSHA1417992AC62EA9C96278B29728ADCD5968E3C2E70Other Common
Detection AliasesCompany NameDetection NameeSafe (Alladin)suspicious Trojan/Worm
[101]EsetWin32/TrojanDownloader.Zlob.CUAmicrosofttrojandownloader:wi...

FakeAlert-AB!F4811F10

- FakeAlert-AB!F4811F10 at McAfee

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this
combination.Additional Windows ME/XP removal
considerations...

TROJ_DLOADER.ISZ

- TROJ_DLOADER.ISZ at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites. A link to the said Web
site from which it is downloaded from is given in a spam email. A screenshot of a sample spam email is given
below:The spam email contains a link that connects to a Web site, supposedly showing a video. However, to view
the v...

WORM_WECORL.A

- WORM_WECORL.A at Trend Micro

This worm may be dropped or downloaded by other malware. It may also be downloaded unknowingly by a user when
visiting malicious Web site(s).It drops or downloads multiple files onto the affected system, several of which
are malicious. It also replaces the legitimate SVCHOST.EXE file with a malicious file.It makes several changes
to ...

WORM_AGENT.ARQB

- WORM_AGENT.ARQB at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded unknowingly by a user when visiting malicious Web sites.It drops copies of itself. It creates
registry entries to enable its automatic execution at every system startup. It creates registry
key(s)/entry(ies) as part ...

WORM_KERBOT.A

- WORM_KERBOT.A at Trend Micro

This worm may be dropped by other malware. It may be downloaded from certain remote sites.It drops
files/components. Trend Micro detects one of the dropped files as TROJ_DROPPER.BPO. As a result, routines of
the dropped Trojan are also exhibited on the affected system.It creates registry key(s)/entry(ies) as part of
its installation ...

Banker.LLN

- Banker.LLN at Panda

It steals confidential information related to a certain banking entity from Peru, redirecting users to a fake
website which imitates the original one. It reaches the computer in a file with the icon of the United States
flag and with the name BARACKOBAMA.EXE.
...

Downloader.UYD

- Downloader.UYD at Panda

It is designed to download many samples of malware to the affected computer from a certain website. It does
not spread automatically by its own means.
...

MSNWorm.FH

- MSNWorm.FH at Panda

It reduces considerably the protection level of the computer against other threats, as it prevents the access
to certain websites related with security. It spreads via the instant messaging program MSN Messenger.
...

PCDefender2008

- PCDefender2008 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Agent-IDS

- Troj/Agent-IDS at Sophos

...

Troj/Agent-IDT

- Troj/Agent-IDT at Sophos

...

Troj/Bancos-BES

- Troj/Bancos-BES at Sophos

...

Troj/Bdoor-APP

- Troj/Bdoor-APP at Sophos

...

Troj/Clicker-FC

- Troj/Clicker-FC at Sophos

...

Troj/Dloadr-BYR

- Troj/Dloadr-BYR at Sophos

...

Troj/PWS-AVV

- Troj/PWS-AVV at Sophos

...

Troj/Zlob-AQO

- Troj/Zlob-AQO at Sophos

Troj/Zlob-AQO is a Trojan for the Windows platform. Troj/Zlob-AQO includes
functionality to access the internet and communicate with a remote server via HTTP.
...

Troj/Dloadr-BYP

- Troj/Dloadr-BYP at Sophos

...

PWS-Mmorpg.gen!62F6A3ED

- PWS-Mmorpg.gen!62F6A3ED at McAfee

File PropertyProperty ValueFileNamenew9ex~1.exeMcAfee DetectionPWS-Mmorpg.genLength23,878
bytesCRC62F6A3EDMD54944224BA12FFB9F136000AF49F5A30BSHA11FB841DD1C18C09CD03C0DB39C2A69EF0BEE0B60Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.32768.HJavastWin32:Agent-ACMH
[Drp]AVG (GriSoft)Crypt.AIXAvira...

PWS-Mmorpg.gen!64446728

- PWS-Mmorpg.gen!64446728 at McAfee

File PropertyProperty ValueFileNamenew29e~1.exeMcAfee DetectionPWS-Mmorpg.genLength23,100
bytesCRC64446728MD52C5FEF849C5148845DCC1368F1BDA259SHA1093736663943932E5EB0BA1FA00E89BC570CB220Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/OnlineGameHack.32768.HJavastWin32:Agent-ACMHAVG
(GriSoft)Dropper.Agent.KQIAvi...

PWS-Mmorpg.gen!7A8CDA1D

- PWS-Mmorpg.gen!7A8CDA1D at McAfee

File PropertyProperty ValueFileNamenew13e~1.exeMcAfee DetectionPWS-Mmorpg.genLength11,799
bytesCRC7A8CDA1DMD54DD2B8167BAF180EBA900FC91418380DSHA193C9F722AE6DC9C49764F9A9742B019E170E6227Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)crypt.aksKasperskyTrojan.Win32.Inject.
juhnormanw32/packed_upack.hSymantecInfostea...

PWS-Mmorpg.gen!0D936576

- PWS-Mmorpg.gen!0D936576 at McAfee

File PropertyProperty ValueFileNamenew15e~1.exeMcAfee DetectionPWS-Mmorpg.genLength22,208
bytesCRC0D936576MD5CCF1E27F47EA72290F1FB6693B4B55A1SHA1B61E52C77997354A2535D6F1C37B5E940A8E59A2Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)dropper.agent.kqiKasperskyTrojan-Dropper.Win32.Agent.
yuxnormanw32/packed_upack.aS...

PWS-Mmorpg.gen!02214058

- PWS-Mmorpg.gen!02214058 at McAfee

File PropertyProperty ValueFileNamenew11e~1.exeMcAfee DetectionPWS-Mmorpg.genLength22,219
bytesCRC02214058MD5EC47FE94C168389A0DDF0CE4959EC3E2SHA15971FC68D95392AB9294D7D6D32494DC0E0B1343Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)dropper.agent.koqKasperskyTrojan-Dropper.Win32.Agent.
yuxnormanw32/packed_upack.aS...

JS/Dload-EC

- JS/Dload-EC at Sophos

...

JS/Psyme-KM

- JS/Psyme-KM at Sophos

...

Mal/Autorun-C

- Mal/Autorun-C at Sophos

Mal/Autorun-C is a malicious program which typically spreads by copying itself to removable
devices. ...

Mal/Bagle-B

- Mal/Bagle-B at Sophos

Mal/Bagle-B is a member of the Bagle family of malware.
...

Mal/Cimuz-G

- Mal/Cimuz-G at Sophos

...

Mal/EncPk-FW

- Mal/EncPk-FW at Sophos

Mal/EncPk-FW is a program that has been packed with a protection system typically used by malware
authors. ...

Troj/Agent-IDZ

- Troj/Agent-IDZ at Sophos

...

Troj/BHO-HR

- Troj/BHO-HR at Sophos

...

Troj/BHO-HS

- Troj/BHO-HS at Sophos

...

Troj/BHO-HT

- Troj/BHO-HT at Sophos

...

0 writebacks [11/07/2008 05:59] [] permanent link

Virus Malware and Threat News for 20081105

Trojan-Spy:W32/ZBot.XF

Trojan.Newarxy

- Trojan.Newarxy at Norton Symantec

Trojan.Newarxy is a Trojan horse that allows the compromised computer to be used as a proxy server.
...

Trojan.Farfli!SP

- Trojan.Farfli!SP at Norton Symantec

Trojan.Farfli!SP is a generic detection for variants of the Trojan.Farfli family of Trojans.
...

Trojan.Mobiregect

- Trojan.Mobiregect at Norton Symantec

Trojan.Mobiregect is a Trojan horse that downloads other risks onto the compromised computer.
...

W32.Kernelbot.A

Generic PUP.x!C6D4EB23

Coreflood.dr!7B73B420

Generic PWS.y!6F939359

W32/Sality.aq

PWS-OnlineGames.cp!1427AB44

Generic PWS.y!516B39F3

Exploit-PDF.d

- Exploit-PDF.d at McAfee

Adobe Statement:http://www.adobe.com/support/security/bulletins/apsb08-19.
html ...

PWS-Mmorpg.gen!C5FF49FA

PWS-Mmorpg.gen!85EF504E

PWS-OnlineGames.co!B1004714

PWS-Mmorpg.gen!44CDBE12

PWS-Mmorpg.gen!9682442B

PWS-QQGame!F795E48D

PWS-Mmorpg.gen!4CAA3599

Generic PWS.y!410A2DD3

PWS-OnlineGames.co!767E2EBD

PWS-OnlineGames.co!A1FDE7D6

Generic PWS.ak!0980BF11

Uploader-R!0C56428C

Generic Downloader.ch!3C795017

RemAdm-VNC!5E730E90

W32/Sality!0E795319

PWS-Banker!8CAC7DF6

W32/Sality!D0F39AC8

Generic Downloader.x!1CDF4421

PWS-Banker!9CC05EE9

W32/Sality!DCA4E2CF

W32/Sality!9271B6C4

Puper!FB2009B3

FakeAlert-AB!F4811F10

- FakeAlert-AB!F4811F10 at McAfee

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this
combination.Additional Windows ME/XP removal
considerations...

TROJ_DLOADER.ISZ

WORM_WECORL.A

WORM_AGENT.ARQB

WORM_KERBOT.A

Banker.LLN

Downloader.UYD

- Downloader.UYD at Panda

It is designed to download many samples of malware to the affected computer from a certain website. It does
not spread automatically by its own means.
...

MSNWorm.FH

PCDefender2008

Troj/Agent-IDS

- Troj/Agent-IDS at Sophos

...

Troj/Agent-IDT

- Troj/Agent-IDT at Sophos

...

Troj/Bancos-BES

- Troj/Bancos-BES at Sophos

...

Troj/Bdoor-APP

- Troj/Bdoor-APP at Sophos

...

Troj/Clicker-FC

- Troj/Clicker-FC at Sophos

...

Troj/Dloadr-BYR

- Troj/Dloadr-BYR at Sophos

...

Troj/PWS-AVV

- Troj/PWS-AVV at Sophos

...

Troj/Zlob-AQO

- Troj/Zlob-AQO at Sophos

Troj/Zlob-AQO is a Trojan for the Windows platform. Troj/Zlob-AQO includes
functionality to access the internet and communicate with a remote server via HTTP.
...

Troj/Dloadr-BYP

- Troj/Dloadr-BYP at Sophos

...

0 writebacks [11/06/2008 14:41] [] permanent link

Virus Malware and Threat News for 20081102

W32.Notong.A!inf

- W32.Notong.A!inf at Norton Symantec

W32.Notong.A!inf is a detection for the file infected with W32.Notong.A.
...

W32.Notong.A

- W32.Notong.A at Norton Symantec

W32.Notong.A is a virus that spreads by infecting executable files.
...

MH.Farfli.0

- MH.Farfli.0 at Norton Symantec

MH.Farfli.0 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

MH.Farfli.1

- MH.Farfli.1 at Norton Symantec

MH.Farfli.1 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

Trojan.Reglirer

- Trojan.Reglirer at Norton Symantec

Trojan.Reglirer is a Trojan horse that opens a back door on the compromised computer.
...

AH.Farfli.1

- AH.Farfli.1 at Norton Symantec

AH.Farfli.1 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

AH.Farfli.0

- AH.Farfli.0 at Norton Symantec

AH.Farfli.0 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

Spy-Agent.bv.dldr!08900510

- Spy-Agent.bv.dldr!08900510 at McAfee

File PropertyProperty ValueFileNamecard.exeMcAfee DetectionSpy-Agent.bv.dldrLength34,951
bytesCRC08900510MD5AE184659E647261193D3CF168AA39AB1SHA13491BC8E6374747256BB5A63DEDDE2C1A9CCABF3Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)sheur.crsxAviraTR/Crypt.XPACK.GeneSafe
(Alladin)suspicious Trojan/Worm [101]Kasper...

Generic PUP.x!DF4438DB

- Generic PUP.x!DF4438DB at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

Generic PUP.x!594ECEE7

- Generic PUP.x!594ECEE7 at McAfee

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...

FakeAlert-AB.gen.a!5773CCF0

- FakeAlert-AB.gen.a!5773CCF0 at McAfee

File PropertyProperty ValueFileNameav2009.exeMcAfee DetectionFakeAlert-AB.gen.aLength1,267,712
bytesCRC5773CCF0MD5AC366EA1DD68B97D39DDB767A2A96661SHA1FF18BCEEBF70DF7D94806CA47BA3D1A53908A120Other Common
Detection AliasesCompany NameDetection NamemicrosoftTrojan:Win32/FakeXPASophosMal/EncPk-CZVet (Computer
Associates)Win32/FakeAVA!gen...

Troj/BHO-HP

- Troj/BHO-HP at Sophos

...

Troj/Alpha-G

- Troj/Alpha-G at Sophos

...

Troj/Banbra-KK

- Troj/Banbra-KK at Sophos

Troj/Banbra-KK is a password stealing Trojan for the Windows platform that targets internet
banking usernames and passwords.
...

Troj/FakeAle-JH

- Troj/FakeAle-JH at Sophos

...

Troj/Puju-A

- Troj/Puju-A at Sophos

...

Troj/Tdss-A

- Troj/Tdss-A at Sophos

...

W32/Autorun-NK

- W32/Autorun-NK at Sophos

...

Troj/Banloa-FZ

- Troj/Banloa-FZ at Sophos

Troj/Banloa-FZ is a Trojan downloader for the Windows platform. When run
the Trojan will attempt to download and install more components from the internet.
Troj/Banloa-FZ will attempt to copy itself to <System>\<random_name>.exe and create the following
auto-run re...

Troj/Codebase-Z

- Troj/Codebase-Z at Sophos

Troj/Codebase-Z attempts to exploit a vulnerability in order to drop and run further malicious
code. ...

Troj/Zlob-ALO

- Troj/Zlob-ALO at Sophos

...

W32.Wecorl!inf

- W32.Wecorl!inf at Norton Symantec

W32.Wecorl!inf is a detection for files modified by W32.Wecorl.
...

W32.Wecorl

- W32.Wecorl at Norton Symantec

W32.Wecorl is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code
Execution Vulnerability (BID 31874).
...

Generic Downloader.x!22E0F50A

- Generic Downloader.x!22E0F50A at McAfee

File PropertyProperty ValueFileNamezcodec~1.exeMcAfee DetectionGeneric Downloader.xLength66,048
bytesCRC22E0F50AMD538DBB37C40A5C908D7FAA2889C644F23SHA139CA2D4E813A91E922115CE7EC5513438D195FD8Other Common
Detection AliasesCompany NameDetection NameEMSI SoftwareTrojan-Downloader.Win32.Renos.AY!IKeSafe
(Alladin)Suspicious fileKasperskyT...

Generic PWS.y!0290E353

- Generic PWS.y!0290E353 at McAfee

File PropertyProperty ValueFileNamea.exeMcAfee DetectionGeneric PWS.yLength25,193
bytesCRC0290E353MD52944D2DC8FD31B1AD486957AE05C834ASHA1248E9AD03122943E09DC1C2E1A1E7BF844802CF3Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)sheur.crwzKasperskyTrojan-PSW.Win32.Autel.
anormanW32/Packed_FSG.DTrend MicroCryp_BitsAver...

PWS-Mmorpg.gen!853448AE

- PWS-Mmorpg.gen!853448AE at McAfee

File PropertyProperty ValueFileNamexih9.exeMcAfee DetectionPWS-Mmorpg.genLength104,594
bytesCRC853448AEMD5ABF976346536FC18F68B3D190BB69AC5SHA19C3B4C063F43A246B595DE6D9129DB7A4212B699Other Common
Detection AliasesCompany NameDetection NameavastWin32:Rootkit-genAviraTR/Crypt.XPACK.GenDr.WebTrojan.PWS.
Wsgame.4983eSafe (Alladin)Suspiciou...

Spyware-SpectorKey

- Spyware-SpectorKey at McAfee

McAfee(R) AVERT� recognizes that this program may have legitimate uses in contexts where an authorized
administrator has knowingly installed this application. If you agreed to a license agreement for this,
or another bundled application, you may have legal obligations with regard to removing this software, or using
the host app...

Troj/Agent-ICW

- Troj/Agent-ICW at Sophos

...

Troj/PWS-AVO

- Troj/PWS-AVO at Sophos

...

Troj/Agent-ICV

- Troj/Agent-ICV at Sophos

...

Troj/BHO-FY

- Troj/BHO-FY at Sophos

Troj/BHO-FY is a Trojan for the Windows platform. Troj/BHO-FY has the
functionalities to: -download a file from preconfigured URL to <windows>\<9 random
characters> -read data from <windows>\<9 random characters> -delete
<windows>\<9...

Troj/PWS-AVK

- Troj/PWS-AVK at Sophos

...

Troj/PWS-AVL

- Troj/PWS-AVL at Sophos

...

Troj/Mdrop-BWO

- Troj/Mdrop-BWO at Sophos

...

Troj/Rootkit-EB

- Troj/Rootkit-EB at Sophos

...

W32/Autorun-NM

- W32/Autorun-NM at Sophos

...

0 writebacks [11/03/2008 15:45] [] permanent link

Virus Malware and Threat News for 20081101