MWBLOG.ORG

Virus Malware and Threat News for 20090109

W32.Grenail.D!inf

- W32.Grenail.D!inf at Norton Symantec

W32.Grenail.D!inf is a detection for files infected to run other threats when executed.
...

W32.Grenail.C!inf

- W32.Grenail.C!inf at Norton Symantec

W32.Grenail.C!inf is a detection for files infected to run other threats when executed.
...

W32/Conficker.worm.gen.b

- W32/Conficker.worm.gen.b at McAfee

When executed, the worm copies itself using a random name to the %Sysdir% folder.(Where %Sysdir% is the
Windows system folder; e.g. C:\Windows\System32)It modifies the following registry key to create a
randomly-named service on the affected syetem:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\ServiceD...

TROJ_DLOADR.QK

- TROJ_DLOADR.QK at Trend Micro

This Trojan may arrive on a system as attachment to spammed email messages.Upon execution, it downloads and
executes a malicious file from a certain URL. The downloaded file is detected by Trend Micro as TROJ_INJECT.ZZ.
As a result, routines of the related Trojan may also be exhibited on the affected system.
...

WORM_IRCBOT.CAV

- WORM_IRCBOT.CAV at Trend Micro

This worm may be dropped by other malware. It creates folders and drops several copies of itself. It then
creates registry entries to enable its automatic execution at every system startup.It modifies registry
entires to disable automatic Windows Update, various Security Center functions, and firewall settings; to hide
files with bot...

TROJ_KRYPTIK.YN

- TROJ_KRYPTIK.YN at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.It drops
a copy of itself. It creates registry entries to enable its automatic execution at every system startup. It
deletes itself after execution.
...

TROJ_INJECT.JMO

- TROJ_INJECT.JMO at Trend Micro

This Trojan may be downloaded from remote sites by other malware.It drops files on the affected system,
including a copy of itself. It stays resident in the affected system's memory and injects code.It makes
multiple changes to the Windows registry. One of these changes allows it to run at every system startup.It
logs keystrokes ente...

WORM_AUTORUN.KY

- WORM_AUTORUN.KY at Trend Micro

This worm may be dropped or downloaded by other malware.It drops copies of itself on the affected system.It
registers itself as a system service to ensure its automatic execution at every system startup. It does this
by creating several registry entries.It drops a copy of itself in all physical and removable drives. It also
drops an ...

TROJ_DLOAD.ML

- TROJ_DLOAD.ML at Trend Micro

...

Conficker.C

- Conficker.C at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download a copy of itself to the affected computer. Additionally, it attempts to download another type of
malware, which might be a fake antimalware program.
...

ExpressAntivirus2009

- ExpressAntivirus2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/Sality-B

- Mal/Sality-B at Sophos

Mal/Sality-B is a file infected by the Sality family of viruses.
...

Troj/Agent-IOM

- Troj/Agent-IOM at Sophos

Troj/Agent-IOM is a Trojan for the Windows platform. Troj/Agent-IOM drops
the following files: <System>\<random letters>.dll (also detected as
Troj/Agent-IOM) <System>\<random letters>.exe (clean uninstall file)
Troj/Ag...

Troj/FakeVir-JE

- Troj/FakeVir-JE at Sophos

...

Troj/MultPs-Gen

- Troj/MultPs-Gen at Sophos

...

Troj/PcCli-C

- Troj/PcCli-C at Sophos

...

W32/Sdbot-DNR

- W32/Sdbot-DNR at Sophos

...

Mal/Banker-F

- Mal/Banker-F at Sophos

...

Mal/FakeAV-R

- Mal/FakeAV-R at Sophos

...

Mal/IRCBot-H

- Mal/IRCBot-H at Sophos

...

Mal/TinyDL-X

- Mal/TinyDL-X at Sophos

Mal/TinyDL-X is a malicious program for the Windows platform.
...

Worm:W32/Downadup.gen

- Worm:W32/Downadup.gen at F-Secure

Downadup is a worm. A standalone malicious program which uses computer or network resources to make complete
copies of itself. May include code or other malware to damage both the system and the network.
...

WiniGuard

- WiniGuard at Norton Symantec

BehaviorWiniGuard is a misleading application that may give exaggerated reports of threats on the computer.
...

Exploit-MSWord.j

- Exploit-MSWord.j at McAfee

Upon opening the word document the embedded ActiveX control with the following classid is instantiated and
executed. * {AE24FDAE-03C6-11D1-8B76-0080C744F389}This control stores configuration data for
the policy setting Microsoft Scriptlet Component.The control then makes a request to the following webpage*
hxxp://61...

TROJ_INJECT.ZZ

- TROJ_INJECT.ZZ at Trend Micro

...

PasswordStealer.BJ

- PasswordStealer.BJ at Panda

It steals confidential information from the user, such as passwords, and uses a rootkit in order to make its
detection more difficult. It reaches the computer passing itself off as a Christmas greeting.
...

Troj/MDrop-BXS

- Troj/MDrop-BXS at Sophos

When run Troj/MDrop-BXS drops <Temp>\3005593.exe detected as Mal/Generic-A
...

Troj/Agent-IOQ

- Troj/Agent-IOQ at Sophos

...

Mal/Behav-148

- Mal/Behav-148 at Sophos

...

Mal/FearDoor-A

- Mal/FearDoor-A at Sophos

...

Mal/OnlineG-C

- Mal/OnlineG-C at Sophos

...

Mal/Renos-F

- Mal/Renos-F at Sophos

...

Troj/Agent-IOP

- Troj/Agent-IOP at Sophos

Troj/Agent-IOP is a Trojan for the Windows platform. Troj/Agent-IOP is
registered as a new system driver service named "Wuausurv", with a display name of "Wuausurv" and a startup
type of automatic, so that it is started automatically during system startup. Registry entries are created
under: ...

Troj/Bifrose-VI

- Troj/Bifrose-VI at Sophos

Troj/Bifrose-VI is a Trojan for the Windows platform. Troj/Bifrose-VI
copies itself to msddll.exe in the Windows system folder and registers itself as a service process with a
start type of "Automatic". If run with sufficient rights Troj/Bifrose-VI will install
itself as an ap...