MWBLOG.ORG

Virus Malware and Threat News for 20090330

Rogue:W32/WinAntiVirus

- Rogue:W32/WinAntiVirus at F-Secure

...

Trojan-Proxy:W32/Kvadr.gen!A

- Trojan-Proxy:W32/Kvadr.gen!A at F-Secure

...

Trojan-Dropper:W32/Trop.gen!A

- Trojan-Dropper:W32/Trop.gen!A at F-Secure

...

Backdoor.Ghostnet

- Backdoor.Ghostnet at Norton Symantec

Backdoor.Ghostnet is a Trojan horse that opens a back door on the compromised computer.
...

MalwareDefender2009

- MalwareDefender2009 at Norton Symantec

BehaviorMalwareDefender2009 is a misleading application that may give exaggerated reports of threats on the
computer....

W32.Xanib.A

- W32.Xanib.A at Norton Symantec

W32.Xanib.A is a virus that infects executable and multimedia files on the compromised computer.
...

W32.SillyFDC.BBM

- W32.SillyFDC.BBM at Norton Symantec

W32.SillyFDC.BBM is a worm that spreads by copying itself to removable drives.
...

Troj/DwnLdr-HPO

- Troj/DwnLdr-HPO at Sophos

...

Troj/Poison-AT

- Troj/Poison-AT at Sophos

Troj/Poison-AT is a Trojan for the Windows platform. When run
Troj/Poison-AT copies itself to <System>\Msxmlcol.exe and creates the file <System>\Msxmlcol
(which can be safely deleted). The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Active Setup\Insta...

Troj/PSW-GN

- Troj/PSW-GN at Sophos

...

W32/Autorun-ADO

- W32/Autorun-ADO at Sophos

...

W32/Tiotua-AP

- W32/Tiotua-AP at Sophos

...

Mal/VidHtml-H

- Mal/VidHtml-H at Sophos

Mal/VidHtml-H is a malicious script that attempts to redirect to a malicious executable file. The
script is often found in a page pretending to be Facebook or another site trying to access a video. The
malicious executable often pretends to be related to a video codec or a Flash update.
...

Troj/Agent-JKC

- Troj/Agent-JKC at Sophos

Troj/Agent-JKC is a Trojan for the Windows platform. When run
Troj/Agent-JKC copies itself to <System>\txflocg.dIl and sets the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\txflocg
(default) ...

Troj/Agent-JLG

- Troj/Agent-JLG at Sophos

...

Troj/Agent-JLH

- Troj/Agent-JLH at Sophos

Troj/Agent-JLH is a Trojan for the Windows platform. Troj/Agent-JLH
installs itself to <WINDOWS>\msa.exe. Troj/Agent-JLH creates scheduled tasks in
the <WINDOWS>\Tasks folder to run itself periodically.
...

Troj/Agent-JLI

- Troj/Agent-JLI at Sophos

...

Trojan-Spy:W32/Banker.JAG

- Trojan-Spy:W32/Banker.JAG at F-Secure

...

Autorun.ITS

- Autorun.ITS at Panda

It is programmed to carry out plenty of modifications in the Windows Registry, which prevent the computer from
working properly. However, due to a programming error, it only disables several functions, such as Search from
the Start menu or System Restore. It spreads via the mapped, shared and removable drives.
...

Troj/Agent-JLP

- Troj/Agent-JLP at Sophos

...

Troj/Banker-EQT

- Troj/Banker-EQT at Sophos

...

Troj/DwnLdr-HPP

- Troj/DwnLdr-HPP at Sophos

...

W32/Autorun-ADQ

- W32/Autorun-ADQ at Sophos

...

W32/Autorun-ADR

- W32/Autorun-ADR at Sophos

...

W32/Spybot-OQ

- W32/Spybot-OQ at Sophos

W32/Spybot-OQ is a worm for the Windows platform. When run W32/Spybot-OQ
copies itself to <Windows>\System\svhost.exe and creates
the file <System>\drivers\sysdrv32.sys - detected as W32/Rbot-GXM
...

W32/Waled-CG

- W32/Waled-CG at Sophos

...

Troj/Agent-JLN

- Troj/Agent-JLN at Sophos

...

Troj/Agent-JLO

- Troj/Agent-JLO at Sophos

...

Troj/BHO-LI

- Troj/BHO-LI at Sophos

...

0 writebacks [03/31/2009 21:45] [] permanent link

Virus Malware and Threat News for 20090329

W32.Fidameg.A

- W32.Fidameg.A at Norton Symantec

W32.Fidameg.A is a virus that infects executable files on the compromised computer.
...

W32.SillyFDC.BBL

- W32.SillyFDC.BBL at Norton Symantec

W32.SillyFDC.BBL is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBK

- W32.SillyFDC.BBK at Norton Symantec

W32.SillyFDC.BBK is a worm that spreads by copying itself to removable drives.
...

Troj/Agent-JKH

- Troj/Agent-JKH at Sophos

...

Troj/Agent-JKI

- Troj/Agent-JKI at Sophos

...

Troj/Dwnldr-HPK

- Troj/Dwnldr-HPK at Sophos

...

Troj/Dwnldr-HPL

- Troj/Dwnldr-HPL at Sophos

...

Troj/SwfDldr-O

- Troj/SwfDldr-O at Sophos

...

W32/Rbot-GXM

- W32/Rbot-GXM at Sophos

W32/Rbot-GXM is a worm and backdoor Trojan for the Windows platform. When
run W32/Rbot-GXM creates the files TCPZ-X86D.sys (also detected as W32/Rbot-GXM) and sets the following
registry entries under: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDDLL\
...

Troj/Dloadr-CKD

- Troj/Dloadr-CKD at Sophos

...

Troj/Dloadr-CKE

- Troj/Dloadr-CKE at Sophos

...

Troj/FakeAV-NZ

- Troj/FakeAV-NZ at Sophos

...

Troj/Hiloti-B

- Troj/Hiloti-B at Sophos

...

Rogue:W32/WinAntiVirus

- Rogue:W32/WinAntiVirus at F-Secure

...

Trojan-Proxy:W32/Kvadr.gen!A

- Trojan-Proxy:W32/Kvadr.gen!A at F-Secure

...

Trojan-Dropper:W32/Trop.gen!A

- Trojan-Dropper:W32/Trop.gen!A at F-Secure

...

Backdoor.Ghostnet

- Backdoor.Ghostnet at Norton Symantec

Backdoor.Ghostnet is a Trojan horse that opens a back door on the compromised computer.
...

MalwareDefender2009

- MalwareDefender2009 at Norton Symantec

BehaviorMalwareDefender2009 is a misleading application that may give exaggerated reports of threats on the
computer....

W32.Xanib.A

- W32.Xanib.A at Norton Symantec

W32.Xanib.A is a virus that infects executable and multimedia files on the compromised computer.
...

W32.SillyFDC.BBM

- W32.SillyFDC.BBM at Norton Symantec

W32.SillyFDC.BBM is a worm that spreads by copying itself to removable drives.
...

Troj/DwnLdr-HPO

- Troj/DwnLdr-HPO at Sophos

...

Troj/Poison-AT

Troj/PSW-GN

- Troj/PSW-GN at Sophos

...

W32/Autorun-ADO

- W32/Autorun-ADO at Sophos

...

W32/Tiotua-AP

- W32/Tiotua-AP at Sophos

...

Mal/VidHtml-H

Troj/Agent-JKC

Troj/Agent-JLG

- Troj/Agent-JLG at Sophos

...

Troj/Agent-JLH

Troj/Agent-JLI

- Troj/Agent-JLI at Sophos

...

0 writebacks [03/30/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090328

Troj/Agent-JKE

- Troj/Agent-JKE at Sophos

...

Troj/FakeAv-NY

- Troj/FakeAv-NY at Sophos

...

Troj/TDSS-U

- Troj/TDSS-U at Sophos

...

Troj/Vundrop-G

- Troj/Vundrop-G at Sophos

...

W32/Autoit-DG

- W32/Autoit-DG at Sophos

...

Mal/Helpud-A

- Mal/Helpud-A at Sophos

...

Mal/Helpud-B

- Mal/Helpud-B at Sophos

...

Mal/Tofsee-A

- Mal/Tofsee-A at Sophos

...

Troj/Agent-JKA

- Troj/Agent-JKA at Sophos

Troj/Agent-JKA is a Trojan for the Windows platform. When run
Troj/Agent-JKA copies itself to <Windows>\adobereader.exe and sets the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal
Server\Install\Software\Microsoft\Windows\CurrentVe...

Troj/Agent-JKD

- Troj/Agent-JKD at Sophos

When run Troj/Agent-JKD contacts and a remote website and modifies the HOSTS file.
...

W32.Fidameg.A

- W32.Fidameg.A at Norton Symantec

W32.Fidameg.A is a virus that infects executable files on the compromised computer.
...

W32.SillyFDC.BBL

- W32.SillyFDC.BBL at Norton Symantec

W32.SillyFDC.BBL is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBK

- W32.SillyFDC.BBK at Norton Symantec

W32.SillyFDC.BBK is a worm that spreads by copying itself to removable drives.
...

Troj/Agent-JKH

- Troj/Agent-JKH at Sophos

...

Troj/Agent-JKI

- Troj/Agent-JKI at Sophos

...

Troj/Dwnldr-HPK

- Troj/Dwnldr-HPK at Sophos

...

Troj/Dwnldr-HPL

- Troj/Dwnldr-HPL at Sophos

...

Troj/SwfDldr-O

- Troj/SwfDldr-O at Sophos

...

W32/Rbot-GXM

Troj/Dloadr-CKD

- Troj/Dloadr-CKD at Sophos

...

Troj/Dloadr-CKE

- Troj/Dloadr-CKE at Sophos

...

Troj/FakeAV-NZ

- Troj/FakeAV-NZ at Sophos

...

Troj/Hiloti-B

- Troj/Hiloti-B at Sophos

...

0 writebacks [03/29/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090327

Suspicious.Swizzor

- Suspicious.Swizzor at Norton Symantec

Suspicious.Swizzor is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Troj/Bckdr-QST

- Troj/Bckdr-QST at Sophos

...

W32/SillyFDC-DH

- W32/SillyFDC-DH at Sophos

...

Troj/Agent-JJY

- Troj/Agent-JJY at Sophos

...

Troj/ByteVeri-X

- Troj/ByteVeri-X at Sophos

Troj/ByteVeri-X is a Trojan for the Windows platform. Troj/ByteVeri-X
exploits a vulnerability in the Microsoft Java Virtual Machine to download and execute further malicious code.
...

Troj/Dloadr-CKB

- Troj/Dloadr-CKB at Sophos

...

Troj/PDFJs-AK

- Troj/PDFJs-AK at Sophos

Troj/PDFJs-AK is a PDF that contains malicious JavaScript.
...

Troj/Spy-CA

- Troj/Spy-CA at Sophos

...

Mal/Rbot-A

- Mal/Rbot-A at Sophos

Mal/Rbot-A is a malicious program for the Windows platform.
...

Troj/Agent-JJX

- Troj/Agent-JJX at Sophos

...

Troj/BadBAT-A

- Troj/BadBAT-A at Sophos

Troj/BadBAT-A is a helper BAT file which is used by malware on compromised computers.
...

Troj/Agent-JKE

- Troj/Agent-JKE at Sophos

...

Troj/FakeAv-NY

- Troj/FakeAv-NY at Sophos

...

Troj/TDSS-U

- Troj/TDSS-U at Sophos

...

Troj/Vundrop-G

- Troj/Vundrop-G at Sophos

...

W32/Autoit-DG

- W32/Autoit-DG at Sophos

...

Mal/Helpud-A

- Mal/Helpud-A at Sophos

...

Mal/Helpud-B

- Mal/Helpud-B at Sophos

...

Mal/Tofsee-A

- Mal/Tofsee-A at Sophos

...

Troj/Agent-JKA

Troj/Agent-JKD

- Troj/Agent-JKD at Sophos

When run Troj/Agent-JKD contacts and a remote website and modifies the HOSTS file.
...

0 writebacks [03/28/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090326

Worm:W32/TDSS.BU

- Worm:W32/TDSS.BU at F-Secure

...

Trojan:W32/TDSS.BR

- Trojan:W32/TDSS.BR at F-Secure

...

MSNworm.FZ

- MSNworm.FZ at Panda

Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers
as possible. It changes the Internet Explorer Start Page to another selected by the creator of
the worm....

Mal/DelpSpy-A

- Mal/DelpSpy-A at Sophos

...

Mal/Emogen-E

- Mal/Emogen-E at Sophos

Mal/Emogen-E is a malicious program for the Windows platform. Detection
for members of Mal/Emogen-E is behavior based. It is extremely important that customers report detections of
Mal/Emogen-E to Sophos and send a sample for analysis.
...

Troj/Conhook-AR

- Troj/Conhook-AR at Sophos

...

Troj/Conhook-AT

- Troj/Conhook-AT at Sophos

...

Troj/Dloadr-CKA

- Troj/Dloadr-CKA at Sophos

...

Troj/FakeAV-NT

- Troj/FakeAV-NT at Sophos

...

Troj/FakeVir-LQ

- Troj/FakeVir-LQ at Sophos

Troj/FakeVir-LQ copies itself to <Windows>\sysguard.exe.
Troj/FakeVir-LQ overwrites the local file <System>\drivers\etc\hosts.
Troj/FakeVir-LQ drops the file <System>\iehelper.dll which is detected as Troj/FakeAle-MR.
Troj/FakeVir-LQ cr...

Troj/Zbot-EK

- Troj/Zbot-EK at Sophos

...

W32/Autoit-DC

- W32/Autoit-DC at Sophos

...

W32/Waled-CE

- W32/Waled-CE at Sophos

...

Suspicious.Swizzor

Troj/Bckdr-QST

- Troj/Bckdr-QST at Sophos

...

W32/SillyFDC-DH

- W32/SillyFDC-DH at Sophos

...

Troj/Agent-JJY

- Troj/Agent-JJY at Sophos

...

Troj/ByteVeri-X

Troj/Dloadr-CKB

- Troj/Dloadr-CKB at Sophos

...

Troj/PDFJs-AK

- Troj/PDFJs-AK at Sophos

Troj/PDFJs-AK is a PDF that contains malicious JavaScript.
...

Troj/Spy-CA

- Troj/Spy-CA at Sophos

...

Mal/Rbot-A

- Mal/Rbot-A at Sophos

Mal/Rbot-A is a malicious program for the Windows platform.
...

Troj/Agent-JJX

- Troj/Agent-JJX at Sophos

...

Troj/BadBAT-A

- Troj/BadBAT-A at Sophos

Troj/BadBAT-A is a helper BAT file which is used by malware on compromised computers.
...

0 writebacks [03/27/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090325

Trojan:W32/PasswordsPro

- Trojan:W32/PasswordsPro at F-Secure

...

JS_DLOADER.XBG

- JS_DLOADER.XBG at Trend Micro

This JavaScript (JS) malware contains encrypted code that enables it to connect to a certain URL to possibly
download malicious files.
...

JS_DLOADER.XBF

- JS_DLOADER.XBF at Trend Micro

This JavaScript (JS) malware contains encrypted code that allows it to connect to a certain URL to possibly
download malicious files on the affected system.
...

Troj/Agent-JIV

- Troj/Agent-JIV at Sophos

...

Troj/Agent-JIW

- Troj/Agent-JIW at Sophos

...

Troj/Agent-JIY

- Troj/Agent-JIY at Sophos

...

Troj/BHO-LB

- Troj/BHO-LB at Sophos

Troj/BHO-LB is a Trojan for the Windows platform. When run Troj/BHO-LB
creates the files: <Program Files>\pcas\pcas.dll - detected as Troj/BHO-LB
<Program Files>\pcas\upcas.exe - detected as Troj/BHO-LB The following
registry entri...

Troj/Dloadr-CJY

- Troj/Dloadr-CJY at Sophos

...

Troj/PWS-AZL

- Troj/PWS-AZL at Sophos

...

W32/Autoit-DA

- W32/Autoit-DA at Sophos

...

Mal/EncPk-HP

- Mal/EncPk-HP at Sophos

...

Troj/Agent-JIR

- Troj/Agent-JIR at Sophos

...

Troj/Agent-JIS

- Troj/Agent-JIS at Sophos

...

Worm:W32/TDSS.BU

- Worm:W32/TDSS.BU at F-Secure

...

Trojan:W32/TDSS.BR

- Trojan:W32/TDSS.BR at F-Secure

...

MSNworm.FZ

Mal/DelpSpy-A

- Mal/DelpSpy-A at Sophos

...

Mal/Emogen-E

Troj/Conhook-AR

- Troj/Conhook-AR at Sophos

...

Troj/Conhook-AT

- Troj/Conhook-AT at Sophos

...

Troj/Dloadr-CKA

- Troj/Dloadr-CKA at Sophos

...

Troj/FakeAV-NT

- Troj/FakeAV-NT at Sophos

...

Troj/FakeVir-LQ

Troj/Zbot-EK

- Troj/Zbot-EK at Sophos

...

W32/Autoit-DC

- W32/Autoit-DC at Sophos

...

W32/Waled-CE

- W32/Waled-CE at Sophos

...

0 writebacks [03/26/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090324

Backdoor:W32/Agent.ADQB

- Backdoor:W32/Agent.ADQB at F-Secure

...

Bloodhound.PDF.9

- Bloodhound.PDF.9 at Norton Symantec

Bloodhound.PDF.9 is a heuristic detection for potentially malicious PDF files that may exploit Foxit Reader
PDF Handling Multiple Remote Vulnerabilities (BID 34035) in order to perform further malicious actions.
...

W32.SillyFDC.BBI

- W32.SillyFDC.BBI at Norton Symantec

W32.SillyFDC.BBI is a worm that spreads by copying itself to removable drives.
...

Nabload.DLU

- Nabload.DLU at Panda

It downloads to the affected computer the Trojan detected as Banker.LRX, designed to steal confidential
information from the user related to several Spanish banking entities. It reaches the computer in a file which
has the icon of an envelope.
...

Mal/TDSSPack-B

- Mal/TDSSPack-B at Sophos

...

Troj/Banker-EQK

- Troj/Banker-EQK at Sophos

...

Troj/IrcBot-AEA

- Troj/IrcBot-AEA at Sophos

...

Troj/Mdrop-CAL

- Troj/Mdrop-CAL at Sophos

Troj/Mdrop-CAL drops the file <System>\wsontfy.exe which is detected as Troj/IRCBot-AEA
...

Troj/MDrop-CAM

- Troj/MDrop-CAM at Sophos

...

Troj/Sdbot-DOJ

- Troj/Sdbot-DOJ at Sophos

Troj/Sdbot-DOJ is a Trojan for the Windows platform. Troj/Sdbot-DOJ copies
itself to <WINDOWS>\fxsteller.exe and sets the following registry entry to run on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center
<WINDOWS>\...

Troj/VBSpy-J

- Troj/VBSpy-J at Sophos

...

W32/Autorun-ACV

- W32/Autorun-ACV at Sophos

...

W32/Inject-FV

- W32/Inject-FV at Sophos

W32/Inject-FV is a worm for the Windows platform. W32/Inject-FV sets the
following registry entry to run on startup: HKLM\SOFTWARE\Microsoft\Active
Setup\Installed Components\{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}\StubPath <path to
infected executable&...

Trojan:W32/PasswordsPro

- Trojan:W32/PasswordsPro at F-Secure

...

JS_DLOADER.XBG

- JS_DLOADER.XBG at Trend Micro

This JavaScript (JS) malware contains encrypted code that enables it to connect to a certain URL to possibly
download malicious files.
...

JS_DLOADER.XBF

- JS_DLOADER.XBF at Trend Micro

This JavaScript (JS) malware contains encrypted code that allows it to connect to a certain URL to possibly
download malicious files on the affected system.
...

Troj/Agent-JIV

- Troj/Agent-JIV at Sophos

...

Troj/Agent-JIW

- Troj/Agent-JIW at Sophos

...

Troj/Agent-JIY

- Troj/Agent-JIY at Sophos

...

Troj/BHO-LB

Troj/Dloadr-CJY

- Troj/Dloadr-CJY at Sophos

...

Troj/PWS-AZL

- Troj/PWS-AZL at Sophos

...

W32/Autoit-DA

- W32/Autoit-DA at Sophos

...

Mal/EncPk-HP

- Mal/EncPk-HP at Sophos

...

Troj/Agent-JIR

- Troj/Agent-JIR at Sophos

...

Troj/Agent-JIS

- Troj/Agent-JIS at Sophos

...

0 writebacks [03/25/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090323

Rogue:W32/IEDefender

- Rogue:W32/IEDefender at F-Secure

...

Trojan-Downloader:W32/WinFixer

- Trojan-Downloader:W32/WinFixer at F-Secure

...

Monitoring-Tool:W32/Ardamax

- Monitoring-Tool:W32/Ardamax at F-Secure

...

P2P-Worm:W32/Nugg

- P2P-Worm:W32/Nugg at F-Secure

...

Linux.Psybot

- Linux.Psybot at Norton Symantec

Linux.Psybot is a worm that spreads through routers and DSL modems.
...

W32.SillyFDC.BBJ

- W32.SillyFDC.BBJ at Norton Symantec

W32.SillyFDC.BBJ is a worm that spreads by copying itself to removable drives.
...

Renus2008

- Renus2008 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/TDSSPack-A

- Mal/TDSSPack-A at Sophos

...

Troj/AdClick-FM

- Troj/AdClick-FM at Sophos

...

Troj/Agent-JHO

- Troj/Agent-JHO at Sophos

...

Troj/Agent-JHP

- Troj/Agent-JHP at Sophos

...

Troj/Agent-JHQ

- Troj/Agent-JHQ at Sophos

...

Troj/Bdoor-ATW

- Troj/Bdoor-ATW at Sophos

...

Troj/Dloadr-CJL

- Troj/Dloadr-CJL at Sophos

...

Troj/PHPBdoor-B

- Troj/PHPBdoor-B at Sophos

...

Troj/PWS-AZK

- Troj/PWS-AZK at Sophos

...

W32/Autorun-ACP

- W32/Autorun-ACP at Sophos

...

Backdoor:W32/Agent.ADQB

- Backdoor:W32/Agent.ADQB at F-Secure

...

Bloodhound.PDF.9

W32.SillyFDC.BBI

- W32.SillyFDC.BBI at Norton Symantec

W32.SillyFDC.BBI is a worm that spreads by copying itself to removable drives.
...

Nabload.DLU

Mal/TDSSPack-B

- Mal/TDSSPack-B at Sophos

...

Troj/Banker-EQK

- Troj/Banker-EQK at Sophos

...

Troj/IrcBot-AEA

- Troj/IrcBot-AEA at Sophos

...

Troj/Mdrop-CAL

- Troj/Mdrop-CAL at Sophos

Troj/Mdrop-CAL drops the file <System>\wsontfy.exe which is detected as Troj/IRCBot-AEA
...

Troj/MDrop-CAM

- Troj/MDrop-CAM at Sophos

...

Troj/Sdbot-DOJ

Troj/VBSpy-J

- Troj/VBSpy-J at Sophos

...

W32/Autorun-ACV

- W32/Autorun-ACV at Sophos

...

W32/Inject-FV

0 writebacks [03/24/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090322

W32.Tidserv.G

- W32.Tidserv.G at Norton Symantec

W32.Tidserv.G is a worm that spreads by copying itself to removable drives. It may also simulate a fake DHCP
server and download potentially malicious files on to the compromised computer.
...

FileFixProfessional

- FileFixProfessional at Norton Symantec

BehaviorFileFixProfessional is a misleading application that may give reports of corrupted files on the
computer....

Trojan.Xrupter

- Trojan.Xrupter at Norton Symantec

Trojan.Xrupter is a Trojan horse that encrypts files on the compromised computer.
...

Troj/Agent-JHF

- Troj/Agent-JHF at Sophos

...

Troj/Banker-EQG

- Troj/Banker-EQG at Sophos

...

Troj/Bckdr-QSL

- Troj/Bckdr-QSL at Sophos

...

Mal/Dorf-F

- Mal/Dorf-F at Sophos

...

Troj/Delf-FBS

- Troj/Delf-FBS at Sophos

Troj/Delf-FBS is a Trojan for the Windows platform. When Troj/Delf-FBS is
installed the following files are created: <Windows>\regsvr32.exe
<System>\OLE32Init.exe The following registry entry is created to run OLE32Init.
exe on star...

Troj/Dload-FT

- Troj/Dload-FT at Sophos

...

Troj/Keygen-CW

- Troj/Keygen-CW at Sophos

Troj/Keygen-CW is a serial key generator for Adobe software. Troj/Keygen-CW
may also block access to activate.adobe.com by modifying the Windows hosts file at
<system>\drivers\etc\hosts
...

Troj/Zbot-EF

- Troj/Zbot-EF at Sophos

...

Troj/Agent-JHE

- Troj/Agent-JHE at Sophos

...

Troj/Banker-EQE

- Troj/Banker-EQE at Sophos

...

Rogue:W32/IEDefender

- Rogue:W32/IEDefender at F-Secure

...

Trojan-Downloader:W32/WinFixer

- Trojan-Downloader:W32/WinFixer at F-Secure

...

Monitoring-Tool:W32/Ardamax

- Monitoring-Tool:W32/Ardamax at F-Secure

...

P2P-Worm:W32/Nugg

- P2P-Worm:W32/Nugg at F-Secure

...

Linux.Psybot

- Linux.Psybot at Norton Symantec

Linux.Psybot is a worm that spreads through routers and DSL modems.
...

W32.SillyFDC.BBJ

- W32.SillyFDC.BBJ at Norton Symantec

W32.SillyFDC.BBJ is a worm that spreads by copying itself to removable drives.
...

Renus2008

Mal/TDSSPack-A

- Mal/TDSSPack-A at Sophos

...

Troj/AdClick-FM

- Troj/AdClick-FM at Sophos

...

Troj/Agent-JHO

- Troj/Agent-JHO at Sophos

...

Troj/Agent-JHP

- Troj/Agent-JHP at Sophos

...

Troj/Agent-JHQ

- Troj/Agent-JHQ at Sophos

...

Troj/Bdoor-ATW

- Troj/Bdoor-ATW at Sophos

...

Troj/Dloadr-CJL

- Troj/Dloadr-CJL at Sophos

...

Troj/PHPBdoor-B

- Troj/PHPBdoor-B at Sophos

...

Troj/PWS-AZK

- Troj/PWS-AZK at Sophos

...

W32/Autorun-ACP

- W32/Autorun-ACP at Sophos

...

0 writebacks [03/23/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090321

TROJ_FAKEALE.BG

- TROJ_FAKEALE.BG at Trend Micro

TROJ_FAKEALE.BG is a form of ransomware, which requires the user to buy the product in order to restore files
that it claims have been corrupted. In reality, the said files have been encrypted by the Trojan itself.Once
users buy the product, the said program can then be used to decrypt the encrypted files.The purchase of the
program ...

Troj/Bdoor-ATO

- Troj/Bdoor-ATO at Sophos

...

Troj/Bdoor-ATS

- Troj/Bdoor-ATS at Sophos

...

Troj/Dloadr-CJI

- Troj/Dloadr-CJI at Sophos

...

Troj/Dloadr-CJJ

- Troj/Dloadr-CJJ at Sophos

...

Troj/Dloadr-CJK

- Troj/Dloadr-CJK at Sophos

...

Troj/Killav-FL

- Troj/Killav-FL at Sophos

...

Troj/Hupig-H

- Troj/Hupig-H at Sophos

...

Troj/Zapchas-EK

- Troj/Zapchas-EK at Sophos

...

Troj/Inject-FT

- Troj/Inject-FT at Sophos

...

Troj/LdPinch-SC

- Troj/LdPinch-SC at Sophos

...

W32.Tidserv.G

FileFixProfessional

- FileFixProfessional at Norton Symantec

BehaviorFileFixProfessional is a misleading application that may give reports of corrupted files on the
computer....

Trojan.Xrupter

- Trojan.Xrupter at Norton Symantec

Trojan.Xrupter is a Trojan horse that encrypts files on the compromised computer.
...

Troj/Agent-JHF

- Troj/Agent-JHF at Sophos

...

Troj/Banker-EQG

- Troj/Banker-EQG at Sophos

...

Troj/Bckdr-QSL

- Troj/Bckdr-QSL at Sophos

...

Mal/Dorf-F

- Mal/Dorf-F at Sophos

...

Troj/Delf-FBS

Troj/Dload-FT

- Troj/Dload-FT at Sophos

...

Troj/Keygen-CW

Troj/Zbot-EF

- Troj/Zbot-EF at Sophos

...

Troj/Agent-JHE

- Troj/Agent-JHE at Sophos

...

Troj/Banker-EQE

- Troj/Banker-EQE at Sophos

...

0 writebacks [03/22/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090320

W32.SillyFDC.BBE

- W32.SillyFDC.BBE at Norton Symantec

W32.SillyFDC.BBE is a worm that spreads by copying itself to removable drives.
...

Bancos.TZ

- Bancos.TZ at Panda

It steals confidential information from the user related to several banking entities. Then, it sends this
information to its creator. It is designed to send It is designed to send email messages to the user's contacs
in order to distribute the Trojan.
...

Troj/Agent-JHA

- Troj/Agent-JHA at Sophos

...

Troj/Agent-JHB

- Troj/Agent-JHB at Sophos

...

Troj/Agent-JHC

- Troj/Agent-JHC at Sophos

...

Troj/Agent-JHD

- Troj/Agent-JHD at Sophos

...

Troj/FakeAV-NK

- Troj/FakeAV-NK at Sophos

...

W32/Autorun-ACH

- W32/Autorun-ACH at Sophos

W32/Autorun-ACH is a worm for the Windows platform. When first run the worm
copies itself to : <System>\systime.exe W32/Autorun-ACH will also copy
itself to removable media as: systime.exe and create the following file:
...

W32/Autorun-ACI

- W32/Autorun-ACI at Sophos

...

W32/Autorun-ACJ

- W32/Autorun-ACJ at Sophos

...

W32/Scribble-B

- W32/Scribble-B at Sophos

W32/Scribble-B is a family of polymorphic viruses for the Windows platform.
Members of W32/Scribble-B allow a remote attacker to gain access and control over the infected computer
through IRC channels. Members of W32/Scribble-B infect files with the EXE and SCR
extensions when...

Mal/Dazza-A

- Mal/Dazza-A at Sophos

...

TROJ_FAKEALE.BG

Troj/Bdoor-ATO

- Troj/Bdoor-ATO at Sophos

...

Troj/Bdoor-ATS

- Troj/Bdoor-ATS at Sophos

...

Troj/Dloadr-CJI

- Troj/Dloadr-CJI at Sophos

...

Troj/Dloadr-CJJ

- Troj/Dloadr-CJJ at Sophos

...

Troj/Dloadr-CJK

- Troj/Dloadr-CJK at Sophos

...

Troj/Killav-FL

- Troj/Killav-FL at Sophos

...

Troj/Hupig-H

- Troj/Hupig-H at Sophos

...

Troj/Zapchas-EK

- Troj/Zapchas-EK at Sophos

...

Troj/Inject-FT

- Troj/Inject-FT at Sophos

...

Troj/LdPinch-SC

- Troj/LdPinch-SC at Sophos

...

0 writebacks [03/21/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090319

Trojan.Skimer

- Trojan.Skimer at Norton Symantec

Trojan.Skimer is a Trojan horse that opens a back door and steals information from compromised Automated
Teller Machines (ATMs).
...

WORM_AUTORUN.DMI

- WORM_AUTORUN.DMI at Trend Micro

...

Mal/DelpBckdr-A

- Mal/DelpBckdr-A at Sophos

...

Mal/EncPk-BU

- Mal/EncPk-BU at Sophos

Mal/EncPk-BU is a program that has been packed with a protection system typically used by malware
authors. ...

Mal/EncPk-HK

- Mal/EncPk-HK at Sophos

Mal/EncPk-HK is a malicious packed executable file.
...

Mal/FakeAv-AI

- Mal/FakeAv-AI at Sophos

...

Mal/FakeGina-A

- Mal/FakeGina-A at Sophos

Mal/FakeGina-A is a malicious file that attempts to log information.
Mal/FakeGina-A typically sets a registry entry at the following location to run itself automatically instead
of the default Microsoft msgina.dll: HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Gin...

Mal/PoiIvy-A

- Mal/PoiIvy-A at Sophos

...

Troj/Agent-JGQ

- Troj/Agent-JGQ at Sophos

...

Troj/Agent-JGT

- Troj/Agent-JGT at Sophos

...

Troj/Bckdr-QSK

- Troj/Bckdr-QSK at Sophos

...

W32.SillyFDC.BBE

- W32.SillyFDC.BBE at Norton Symantec

W32.SillyFDC.BBE is a worm that spreads by copying itself to removable drives.
...

Bancos.TZ

Troj/Agent-JHA

- Troj/Agent-JHA at Sophos

...

Troj/Agent-JHB

- Troj/Agent-JHB at Sophos

...

Troj/Agent-JHC

- Troj/Agent-JHC at Sophos

...

Troj/Agent-JHD

- Troj/Agent-JHD at Sophos

...

Troj/FakeAV-NK

- Troj/FakeAV-NK at Sophos

...

W32/Autorun-ACH

W32/Autorun-ACI

- W32/Autorun-ACI at Sophos

...

W32/Autorun-ACJ

- W32/Autorun-ACJ at Sophos

...

W32/Scribble-B

Mal/Dazza-A

- Mal/Dazza-A at Sophos

...

0 writebacks [03/20/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090318

W32.Shoren

- W32.Shoren at Norton Symantec

W32.Shoren is a virus that spreads by infecting executable files.
...

Trojan.Initfakeav

- Trojan.Initfakeav at Norton Symantec

Trojan.Initfakeav is a Trojan horse that displays false antivirus alerts and lowers security settings on the
compromised computer.
...

W32.SillyFDC.BBH

- W32.SillyFDC.BBH at Norton Symantec

W32.SillyFDC.BBH is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBG

- W32.SillyFDC.BBG at Norton Symantec

W32.SillyFDC.BBG is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBF

- W32.SillyFDC.BBF at Norton Symantec

W32.SillyFDC.BBF is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BBD

- W32.SillyFDC.BBD at Norton Symantec

W32.SillyFDC.BBD is a worm that spreads by copying itself to removable drives.
...

TROJ_DROPAD.KAX

- TROJ_DROPAD.KAX at Trend Micro

...

TROJ_DROPAD.AD

- TROJ_DROPAD.AD at Trend Micro

This Trojan may be downloaded from remote site(s) by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web site(s).It drops a copy of itself. It checks
the date and the Operating System version of the affected system. If the year on the affected system is 2009
and be...

P2PWorm.AF

- P2PWorm.AF at Panda

Its main aim is to spread through P2P file sharing programs, like Kazaa, using names of programs and
games in order to deceive users.
...

Mal/DelpDldr-G

- Mal/DelpDldr-G at Sophos

...

Mal/EncPk-HL

- Mal/EncPk-HL at Sophos

...

Troj/Agent-JGJ

- Troj/Agent-JGJ at Sophos

...

Troj/Agent-JGK

- Troj/Agent-JGK at Sophos

...

Troj/Banker-EPZ

- Troj/Banker-EPZ at Sophos

...

Troj/Banker-EQA

- Troj/Banker-EQA at Sophos

...

Troj/BHO-KU

- Troj/BHO-KU at Sophos

...

Troj/Comsa-E

- Troj/Comsa-E at Sophos

Troj/Comsa-E connects to a remote computer via the internet. Troj/Comsa-E
drops the file <Temp>\mta<random number>.dll which is a clean version of urlmon.dll.
Troj/Comsa-E changes Internet Explorer security settings.
...

Troj/Dloadr-CJA

- Troj/Dloadr-CJA at Sophos

...

Troj/DwnLdr-HPD

- Troj/DwnLdr-HPD at Sophos

...

Trojan.Skimer

- Trojan.Skimer at Norton Symantec

Trojan.Skimer is a Trojan horse that opens a back door and steals information from compromised Automated
Teller Machines (ATMs).
...

WORM_AUTORUN.DMI

- WORM_AUTORUN.DMI at Trend Micro

...

Mal/DelpBckdr-A

- Mal/DelpBckdr-A at Sophos

...

Mal/EncPk-BU

- Mal/EncPk-BU at Sophos

Mal/EncPk-BU is a program that has been packed with a protection system typically used by malware
authors. ...

Mal/EncPk-HK

- Mal/EncPk-HK at Sophos

Mal/EncPk-HK is a malicious packed executable file.
...

Mal/FakeAv-AI

- Mal/FakeAv-AI at Sophos

...

Mal/FakeGina-A

Mal/PoiIvy-A

- Mal/PoiIvy-A at Sophos

...

Troj/Agent-JGQ

- Troj/Agent-JGQ at Sophos

...

Troj/Agent-JGT

- Troj/Agent-JGT at Sophos

...

Troj/Bckdr-QSK

- Troj/Bckdr-QSK at Sophos

...

0 writebacks [03/19/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090317

Trojan.Qhosts.G

- Trojan.Qhosts.G at Norton Symantec

Trojan.Qhosts.G is a Trojan horse that lowers security settings by modifying the hosts file on the compromised
computer....

W32.SillyFDC.BBC

- W32.SillyFDC.BBC at Norton Symantec

W32.SillyFDC.BBC is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBB

- W32.SillyFDC.BBB at Norton Symantec

W32.SillyFDC.BBB is a worm that spreads by copying itself to removable drives.
...

WORM_WALEDAC.NYS

- WORM_WALEDAC.NYS at Trend Micro

...

PHP_AKSPY.A

- PHP_AKSPY.A at Trend Micro

This malicious PHP script may be installed manually by a user. It may also be downloaded unknowingly by a user
when visiting malicious Web site(s).It may be used by malicious user(s) to gain access and control of a Web
server. It may allow an attacker to upload files through the browser and execute them.
...

Spyforms.BZ

- Spyforms.BZ at Panda

It controls the network traffic in order to obtain passwords from ftp, icq, pop3 and imap connections. It
steals information from services, such as Outlook Express, MSN Explorer and the Autocomplete function. It does
not spread automatically using its own means.
...

Troj/Agent-JGF

- Troj/Agent-JGF at Sophos

...

Troj/Agent-JGG

- Troj/Agent-JGG at Sophos

...

Troj/Agent-JGH

- Troj/Agent-JGH at Sophos

...

Troj/FakeVir-LL

- Troj/FakeVir-LL at Sophos

...

Troj/Mdrop-CAH

- Troj/Mdrop-CAH at Sophos

Troj/Mdrop-CAH is a Trojan for the Windows platform. Troj/Mdrop-CAH drops
more malware on the infected computer, which Sophos detects as Mal/GamePSW-C and Troj/PWS-AZH.
...

Troj/PWS-AZH

- Troj/PWS-AZH at Sophos

...

W32/Autorun-ABS

- W32/Autorun-ABS at Sophos

...

W32/Autorun-ABT

- W32/Autorun-ABT at Sophos

...

W32/Confick-H

- W32/Confick-H at Sophos

W32/Confick-H is a worm for the Windows platform. W32/Confick-H is part of
the Conficker malware family. Check the following link for more information:
http://www.sophos.com/security/analyses/viruses-and-spyware/malconfickerb.
html...

W32.Shoren

- W32.Shoren at Norton Symantec

W32.Shoren is a virus that spreads by infecting executable files.
...

Trojan.Initfakeav

- Trojan.Initfakeav at Norton Symantec

Trojan.Initfakeav is a Trojan horse that displays false antivirus alerts and lowers security settings on the
compromised computer.
...

W32.SillyFDC.BBH

- W32.SillyFDC.BBH at Norton Symantec

W32.SillyFDC.BBH is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBG

- W32.SillyFDC.BBG at Norton Symantec

W32.SillyFDC.BBG is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBF

- W32.SillyFDC.BBF at Norton Symantec

W32.SillyFDC.BBF is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BBD

- W32.SillyFDC.BBD at Norton Symantec

W32.SillyFDC.BBD is a worm that spreads by copying itself to removable drives.
...

TROJ_DROPAD.KAX

- TROJ_DROPAD.KAX at Trend Micro

...

TROJ_DROPAD.AD

P2PWorm.AF

- P2PWorm.AF at Panda

Its main aim is to spread through P2P file sharing programs, like Kazaa, using names of programs and
games in order to deceive users.
...

Mal/DelpDldr-G

- Mal/DelpDldr-G at Sophos

...

Mal/EncPk-HL

- Mal/EncPk-HL at Sophos

...

Troj/Agent-JGJ

- Troj/Agent-JGJ at Sophos

...

Troj/Agent-JGK

- Troj/Agent-JGK at Sophos

...

Troj/Banker-EPZ

- Troj/Banker-EPZ at Sophos

...

Troj/Banker-EQA

- Troj/Banker-EQA at Sophos

...

Troj/BHO-KU

- Troj/BHO-KU at Sophos

...

Troj/Comsa-E

Troj/Dloadr-CJA

- Troj/Dloadr-CJA at Sophos

...

Troj/DwnLdr-HPD

- Troj/DwnLdr-HPD at Sophos

...

0 writebacks [03/18/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090316

Trojan.Tarodrop.H

- Trojan.Tarodrop.H at Norton Symantec

Trojan.Tarodrop.H is a Trojan horse that drops more files on to the compromised computer by exploiting a
vulnerability in the Justsystem Ichitaro Office Suite.
...

WORM_WALEDAC.CRV

- WORM_WALEDAC.CRV at Trend Micro

...

TROJ_AGENT.APY

- TROJ_AGENT.APY at Trend Micro

This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.It can be used to detect process errors for possible vulnerabilities, particularly access violation
and buffer overrun. However, it requires its main component to perform its intended routine.
...

TROJ_RANSOM.AQWA

- TROJ_RANSOM.AQWA at Trend Micro

This Trojan may be dropped by WORM_RANSOM variants. It may arrive bundled with malware packages as a malware
component.It drops the a non-malicious configuration file using a certain file name.It creates registry
entries to enable its automatic execution at every system startup.
...

TROJ_RANSOM.BG

- TROJ_RANSOM.BG at Trend Micro

This Trojan arrives as a component file of WORM_RANSOM variants.Once executed, it creates and opens a certain
log file where a list of file names can be found. It then attempts to encrypt all files listed in the log file.
However, this Trojan need other components to create the said log file.
...

Mal/Behav-271

- Mal/Behav-271 at Sophos

...

Mal/EncJS-A

- Mal/EncJS-A at Sophos

Mal/EncJS-A is a malicious JavaScript embedded in a web page.
...

Mal/ExpJS-I

- Mal/ExpJS-I at Sophos

Mal/ExpJS-I is a malicious Javascript embedded in a web page that attempts to exploit a recent
vulnerability in Internet Explorer 7 (MS09-002).
...

Mal/FakeAV-AH

- Mal/FakeAV-AH at Sophos

...

Mal/IRCBot-I

- Mal/IRCBot-I at Sophos

Mal/IRCBot-I is a malicious program.
...

Mal/Zlob-AH

- Mal/Zlob-AH at Sophos

...

Troj/Agent-JFS

- Troj/Agent-JFS at Sophos

...

Troj/Agent-JFT

- Troj/Agent-JFT at Sophos

...

Troj/Agent-JFU

- Troj/Agent-JFU at Sophos

...

Troj/BHO-KT

- Troj/BHO-KT at Sophos

...

Trojan.Qhosts.G

- Trojan.Qhosts.G at Norton Symantec

Trojan.Qhosts.G is a Trojan horse that lowers security settings by modifying the hosts file on the compromised
computer....

W32.SillyFDC.BBC

- W32.SillyFDC.BBC at Norton Symantec

W32.SillyFDC.BBC is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BBB

- W32.SillyFDC.BBB at Norton Symantec

W32.SillyFDC.BBB is a worm that spreads by copying itself to removable drives.
...

WORM_WALEDAC.NYS

- WORM_WALEDAC.NYS at Trend Micro

...

PHP_AKSPY.A

Spyforms.BZ

Troj/Agent-JGF

- Troj/Agent-JGF at Sophos

...

Troj/Agent-JGG

- Troj/Agent-JGG at Sophos

...

Troj/Agent-JGH

- Troj/Agent-JGH at Sophos

...

Troj/FakeVir-LL

- Troj/FakeVir-LL at Sophos

...

Troj/Mdrop-CAH

Troj/PWS-AZH

- Troj/PWS-AZH at Sophos

...

W32/Autorun-ABS

- W32/Autorun-ABS at Sophos

...

W32/Autorun-ABT

- W32/Autorun-ABT at Sophos

...

W32/Confick-H

0 writebacks [03/17/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090315

Troj/Agent-JFM

- Troj/Agent-JFM at Sophos

...

Troj/Agent-JFN

- Troj/Agent-JFN at Sophos

...

Troj/Agent-JFO

- Troj/Agent-JFO at Sophos

...

Troj/BHO-KQ

- Troj/BHO-KQ at Sophos

...

Troj/Crack-R

- Troj/Crack-R at Sophos

...

Troj/Dloadr-CIU

- Troj/Dloadr-CIU at Sophos

...

Troj/FakeVir-LG

- Troj/FakeVir-LG at Sophos

...

Troj/MalHost-C

- Troj/MalHost-C at Sophos

...

Troj/Spy-BZ

- Troj/Spy-BZ at Sophos

...

Troj/Dloadr-CIV

- Troj/Dloadr-CIV at Sophos

...

Trojan.Tarodrop.H

WORM_WALEDAC.CRV

- WORM_WALEDAC.CRV at Trend Micro

...

TROJ_AGENT.APY

TROJ_RANSOM.AQWA

TROJ_RANSOM.BG

Mal/Behav-271

- Mal/Behav-271 at Sophos

...

Mal/EncJS-A

- Mal/EncJS-A at Sophos

Mal/EncJS-A is a malicious JavaScript embedded in a web page.
...

Mal/ExpJS-I

- Mal/ExpJS-I at Sophos

Mal/ExpJS-I is a malicious Javascript embedded in a web page that attempts to exploit a recent
vulnerability in Internet Explorer 7 (MS09-002).
...

Mal/FakeAV-AH

- Mal/FakeAV-AH at Sophos

...

Mal/IRCBot-I

- Mal/IRCBot-I at Sophos

Mal/IRCBot-I is a malicious program.
...

Mal/Zlob-AH

- Mal/Zlob-AH at Sophos

...

Troj/Agent-JFS

- Troj/Agent-JFS at Sophos

...

Troj/Agent-JFT

- Troj/Agent-JFT at Sophos

...

Troj/Agent-JFU

- Troj/Agent-JFU at Sophos

...

Troj/BHO-KT

- Troj/BHO-KT at Sophos

...

0 writebacks [03/16/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090314

Troj/Agent-JFG

- Troj/Agent-JFG at Sophos

...

Troj/Hosts-G

- Troj/Hosts-G at Sophos

Troj/Hosts-G is a Trojan for the Windows platform. Troj/Hosts-G may modify
the Windows hosts file to prevent many anti-virus websites from being available.
...

Troj/ObfJS-I

- Troj/ObfJS-I at Sophos

...

Troj/VB-MIC

- Troj/VB-MIC at Sophos

Troj/VB-MIC is a Trojan for the Windows platform. Upon installation
Troj/VB-MIC copies itself to the <System>\svchost.exe file and sets the following registry entry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft <System>\svchost.
exe ...

Troj/Agent-JFF

- Troj/Agent-JFF at Sophos

...

Troj/Zbot-DW

- Troj/Zbot-DW at Sophos

...

W32/Agent-JFE

- W32/Agent-JFE at Sophos

...

Troj/Agent-JFD

- Troj/Agent-JFD at Sophos

...

Troj/JSRedir-L

- Troj/JSRedir-L at Sophos

...

Troj/Agent-JFM

- Troj/Agent-JFM at Sophos

...

Troj/Agent-JFN

- Troj/Agent-JFN at Sophos

...

Troj/Agent-JFO

- Troj/Agent-JFO at Sophos

...

Troj/BHO-KQ

- Troj/BHO-KQ at Sophos

...

Troj/Crack-R

- Troj/Crack-R at Sophos

...

Troj/Dloadr-CIU

- Troj/Dloadr-CIU at Sophos

...

Troj/FakeVir-LG

- Troj/FakeVir-LG at Sophos

...

Troj/MalHost-C

- Troj/MalHost-C at Sophos

...

Troj/Spy-BZ

- Troj/Spy-BZ at Sophos

...

Troj/Dloadr-CIV

- Troj/Dloadr-CIV at Sophos

...

0 writebacks [03/15/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090313

SystemGuard2009

- SystemGuard2009 at Norton Symantec

BehaviorSystemGuard2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Conficker.D

- Conficker.D at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself. It also
spreads through mapped, shared and removable drives. It reduces considerably the protection level of the
computer and attempts to download another type of malware to the affected computer.
...

Mal/EncPk-HJ

- Mal/EncPk-HJ at Sophos

...

Mal/FakeAV-AF

- Mal/FakeAV-AF at Sophos

...

Mal/FakeVir-G

- Mal/FakeVir-G at Sophos

Mal/FakeVir-G is a malicious file that pretends to be a legitimate security application.
...

Mal/WaledPak-D

- Mal/WaledPak-D at Sophos

Mal/WaledPak-D is a family of worms for the Windows platform.
Mal/WaledPak-D includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Mal/WaledPak-D on startup:
HKLM\SOFTW...

Troj/Refpron-F

- Troj/Refpron-F at Sophos

...

Troj/Toksteal-A

- Troj/Toksteal-A at Sophos

Troj/Toksteal-A is a program that allows the attacker to hijack the SYSTEM security token and
elevate security privileges of the process. Troj/Toksteal-A launches a reverse command
shell that allows the attacker to take control over the target system from a remote network location.
...

Troj/Toksteal-B

- Troj/Toksteal-B at Sophos

Troj/Toksteal-B is a program that allows the attacker to hijack the SYSTEM security token and
elevate security privileges of the process. Troj/Toksteal-B launches a reverse command
shell that allows the attacker to take control over the target system from a remote network location.
...

W32/Autorun-ABH

- W32/Autorun-ABH at Sophos

W32/Autorun-ABH is a Trojan for the Windows platform which can spreads via email.
W32/Autorun-ABH includes functionality to access the internet and communicate with a remote server via
HTTP. When first run W32/Autorun-ABH copies itself to <System>\jucshed.exe and
creates...

Troj/Agent-JFG

- Troj/Agent-JFG at Sophos

...

Troj/Hosts-G

- Troj/Hosts-G at Sophos

Troj/Hosts-G is a Trojan for the Windows platform. Troj/Hosts-G may modify
the Windows hosts file to prevent many anti-virus websites from being available.
...

Troj/ObfJS-I

- Troj/ObfJS-I at Sophos

...

Troj/VB-MIC

Troj/Agent-JFF

- Troj/Agent-JFF at Sophos

...

Troj/Zbot-DW

- Troj/Zbot-DW at Sophos

...

W32/Agent-JFE

- W32/Agent-JFE at Sophos

...

Troj/Agent-JFD

- Troj/Agent-JFD at Sophos

...

Troj/JSRedir-L

- Troj/JSRedir-L at Sophos

...

0 writebacks [03/14/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090312

Net-Worm:W32/Koobface.gen

- Net-Worm:W32/Koobface.gen at F-Secure

...

MS09-008

- MS09-008 at Panda

It is a group of important vulnerabilities in DNS and WINS server which allows an attacking user to
redirect Internet traffic.
...

BadGorve.H

- BadGorve.H at Panda

It deletes the files with certain extensions (JPG and WMV, among others) from several
directories of the affected computer, causing an important information loss for the user. It does not
spread automatically by its own means.
...

Troj/Buzus-AF

- Troj/Buzus-AF at Sophos

Troj/Buzus-AF is a Trojan for the Windows platform. When run Troj/Buzus-AF
copies itself to: <System>\xccef090305.exe <System>\inf\xccefb090305.scr
and creates the files: <Windows>\xccdf16_090305a.dll -
detected as...

Troj/KeyGen-CV

- Troj/KeyGen-CV at Sophos

...

Mal/Autorun-G

- Mal/Autorun-G at Sophos

...

Mal/FakeAV-AD

- Mal/FakeAV-AD at Sophos

Mal/FakeAV-AD is malicious behavior for the Windows platform.
Mal/FakeAV-AD is typically associated with rogue security software.
...

Troj/Dloadr-CIP

- Troj/Dloadr-CIP at Sophos

...

Troj/Agent-JES

- Troj/Agent-JES at Sophos

...

Troj/Agent-JET

- Troj/Agent-JET at Sophos

Troj/Agent-JET changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Security\ Troj/Agent-JET
changes the following registry settings: HKCU\Software\Microsoft\Internet
Explorer\Desktop ...

Troj/Agent-JEU

- Troj/Agent-JEU at Sophos

...

Troj/Bdoor-ATJ

- Troj/Bdoor-ATJ at Sophos

Troj/Bdoor-ATJ copies itself to <WindowsXP.exe>. The following
registry entry is set, disabling system software:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr
0x00000001...

Troj/BHO-KO

- Troj/BHO-KO at Sophos

...

SystemGuard2009

- SystemGuard2009 at Norton Symantec

BehaviorSystemGuard2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Conficker.D

Mal/EncPk-HJ

- Mal/EncPk-HJ at Sophos

...

Mal/FakeAV-AF

- Mal/FakeAV-AF at Sophos

...

Mal/FakeVir-G

- Mal/FakeVir-G at Sophos

Mal/FakeVir-G is a malicious file that pretends to be a legitimate security application.
...

Mal/WaledPak-D

Troj/Refpron-F

- Troj/Refpron-F at Sophos

...

Troj/Toksteal-A

Troj/Toksteal-B

W32/Autorun-ABH

0 writebacks [03/13/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090311

VirusMelt

- VirusMelt at Norton Symantec

BehaviorVirusMelt is a misleading application that may give exaggerated reports of threats on the computer.
...

TROJ_DLOADR.ACG

- TROJ_DLOADR.ACG at Trend Micro

This Trojan may be dropped or downloaded by other malware.It drops a memory-resident copy of itself in the
Windows system folder. It also drops a non-malicious text file. It terminates the initially executed copy and
executes the dropped copy.It registers itself as a system service to ensure its automatic execution at every
system st...

MS09-007

- MS09-007 at Panda

It is an important vulnerability in the Windows SChannel on Windows Server 2008/Vista/2003/XP/2000
computers which allows spoofing.
...

MS09-006

- MS09-006 at Panda

It is a group of critical vulnerabilities in Windows Kernel on Windows Server 2008/Vista/2003/XP/2000
computers, which allows hackers to gain remote control of the affected computer with the same privileges
as the logged on user and to gain local privilege escalation.
...

Troj/Capper-Gen

- Troj/Capper-Gen at Sophos

Troj/Capper-Gen is a family of Trojans that load messages with a "captcha" and warn the user that
their computer will shut down in a given time.
...

Troj/FakeAV-MT

- Troj/FakeAV-MT at Sophos

...

Troj/Masigy-Gen

- Troj/Masigy-Gen at Sophos

Troj/Masigy-Gen is a family of Trojans for the Windows platform.
Troj/Masigy-Gen may attempt to drop the following file, also detected as Troj/Masigy-Gen:
<System>\dll32.dll Troj/Masigy-Gen may attempt to set the Windows firewall to
allow this dll,...

Troj/Agent-JEK

- Troj/Agent-JEK at Sophos

...

Troj/Inject-FK

- Troj/Inject-FK at Sophos

...

Troj/MDrop-CAD

- Troj/MDrop-CAD at Sophos

...

Troj/Rootkit-FD

- Troj/Rootkit-FD at Sophos

...

Troj/Banker-EPU

- Troj/Banker-EPU at Sophos

...

Troj/Banker-EPV

- Troj/Banker-EPV at Sophos

...

Net-Worm:W32/Koobface.gen

- Net-Worm:W32/Koobface.gen at F-Secure

...

MS09-008

- MS09-008 at Panda

It is a group of important vulnerabilities in DNS and WINS server which allows an attacking user to
redirect Internet traffic.
...

BadGorve.H

Troj/Buzus-AF

Troj/KeyGen-CV

- Troj/KeyGen-CV at Sophos

...

Mal/Autorun-G

- Mal/Autorun-G at Sophos

...

Mal/FakeAV-AD

- Mal/FakeAV-AD at Sophos

Mal/FakeAV-AD is malicious behavior for the Windows platform.
Mal/FakeAV-AD is typically associated with rogue security software.
...

Troj/Dloadr-CIP

- Troj/Dloadr-CIP at Sophos

...

Troj/Agent-JES

- Troj/Agent-JES at Sophos

...

Troj/Agent-JET

Troj/Agent-JEU

- Troj/Agent-JEU at Sophos

...

Troj/Bdoor-ATJ

Troj/BHO-KO

- Troj/BHO-KO at Sophos

...

0 writebacks [03/12/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090310

Worm:W32/Downadup.DY

- Worm:W32/Downadup.DY at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

MalwareDefender2009

- MalwareDefender2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Comsa-D

- Troj/Comsa-D at Sophos

...

Troj/FakeVir-LA

- Troj/FakeVir-LA at Sophos

...

Mal/FakeAV-AA

- Mal/FakeAV-AA at Sophos

...

Mal/Inject-F

- Mal/Inject-F at Sophos

Mal/Inject-F is a malicious program for the Windows platform.
...

Mal/Sparow-A

- Mal/Sparow-A at Sophos

...

Troj/BadRef-A

- Troj/BadRef-A at Sophos

Troj/BadRef-A is a malicious html page that attempts to redirect the browser to more malware.
...

Troj/FakeAV-MO

- Troj/FakeAV-MO at Sophos

...

Troj/FakeAV-MP

- Troj/FakeAV-MP at Sophos

...

Troj/FakeVir-KZ

- Troj/FakeVir-KZ at Sophos

...

Troj/IRCBot-ADT

- Troj/IRCBot-ADT at Sophos

Troj/IRCBot-ADT is a Trojan for the Windows platform. Troj/IRCBot-ADT runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/IRCBot-ADT copies
itself to ...

VirusMelt

- VirusMelt at Norton Symantec

BehaviorVirusMelt is a misleading application that may give exaggerated reports of threats on the computer.
...

TROJ_DLOADR.ACG

MS09-007

- MS09-007 at Panda

It is an important vulnerability in the Windows SChannel on Windows Server 2008/Vista/2003/XP/2000
computers which allows spoofing.
...

MS09-006

Troj/Capper-Gen

- Troj/Capper-Gen at Sophos

Troj/Capper-Gen is a family of Trojans that load messages with a "captcha" and warn the user that
their computer will shut down in a given time.
...

Troj/FakeAV-MT

- Troj/FakeAV-MT at Sophos

...

Troj/Masigy-Gen

Troj/Agent-JEK

- Troj/Agent-JEK at Sophos

...

Troj/Inject-FK

- Troj/Inject-FK at Sophos

...

Troj/MDrop-CAD

- Troj/MDrop-CAD at Sophos

...

Troj/Rootkit-FD

- Troj/Rootkit-FD at Sophos

...

Troj/Banker-EPU

- Troj/Banker-EPU at Sophos

...

Troj/Banker-EPV

- Troj/Banker-EPV at Sophos

...

0 writebacks [03/11/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090309

Dialer:W32/AdultBrowser

- Dialer:W32/AdultBrowser at F-Secure

A program that connects the computer to the Internet via a telephone line and modem. Malicious dialers connect
the computer to premium-rate lines, greatly increasing the usage charges payable by the user.
...

Adware:W32/Agent

- Adware:W32/Agent at F-Secure

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is
combined with spyware or trackware.
...

Riskware:W32/ServU

- Riskware:W32/ServU at F-Secure

Useful, legitimate software which could possibly be misused for malicious purposes.
...

Adware:W32/BHO

- Adware:W32/BHO at F-Secure

This program delivers advertising content to the user in a manner or context that may be unexpected and/or
unwanted. It is usually annoying but harmless, unless it is combined with spyware or trackware.
...

Suspicious.Farfli.2

- Suspicious.Farfli.2 at Norton Symantec

Suspicious.Farfli.2 is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Firepass

- Firepass at Norton Symantec

BehaviorFirepass is a security assessment tool that may be used to decrypt saved passwords from FireFox
Password Manager....

Packed.Generic.217

- Packed.Generic.217 at Norton Symantec

Packed.Generic.217 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_SOHANAD.JH

- WORM_SOHANAD.JH at Trend Micro

This worm may be dropped by WORM_AUTORUN.DIO.It may be downloaded from certain remote sites.It sends copies of
itself to target recipients using certain instant messaging applications.It sends message(s) via the instant
messaging application Yahoo! Messenger.It accesses Web sites to download files detected as WORM_AUTORUN.DIO
and TRO...

WORM_DOWNAD.KK

- WORM_DOWNAD.KK at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be
downloaded unknowingly by a user when visiting malicious Web sites.This worm drops a copy set to allow
restricted access with FILE_EXECUTE for user Everyone. It then registers itself as a system service to ensure
its automati...

Troj/Comsa-C

- Troj/Comsa-C at Sophos

...

Troj/Dloadr-CII

- Troj/Dloadr-CII at Sophos

...

Mal/Behav-263

- Mal/Behav-263 at Sophos

...

Troj/Swizzor-PM

- Troj/Swizzor-PM at Sophos

...

Troj/Swizzor-PN

- Troj/Swizzor-PN at Sophos

...

Troj/Agent-JDZ

- Troj/Agent-JDZ at Sophos

...

Troj/Inject-FG

- Troj/Inject-FG at Sophos

...

Mal/Behav-261

- Mal/Behav-261 at Sophos

Mal/Behav-261 is a file that contains malicious functionality.
...

Mal/Conficker-B

- Mal/Conficker-B at Sophos

Mal/Conficker-B is a worm for the Windows platform. Mal/Conficker-B spreads
by exploting the MS08-67 Windows Server service vulnerability and as an HTTP download initiated by other
variants of the Conficker family. When running Mal/Conficker-B patches the computer
against furt...

Worm:W32/Downadup.DY

MalwareDefender2009

Troj/Comsa-D

- Troj/Comsa-D at Sophos

...

Troj/FakeVir-LA

- Troj/FakeVir-LA at Sophos

...

Mal/FakeAV-AA

- Mal/FakeAV-AA at Sophos

...

Mal/Inject-F

- Mal/Inject-F at Sophos

Mal/Inject-F is a malicious program for the Windows platform.
...

Mal/Sparow-A

- Mal/Sparow-A at Sophos

...

Troj/BadRef-A

- Troj/BadRef-A at Sophos

Troj/BadRef-A is a malicious html page that attempts to redirect the browser to more malware.
...

Troj/FakeAV-MO

- Troj/FakeAV-MO at Sophos

...

Troj/FakeAV-MP

- Troj/FakeAV-MP at Sophos

...

Troj/FakeVir-KZ

- Troj/FakeVir-KZ at Sophos

...

Troj/IRCBot-ADT

0 writebacks [03/10/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090308

Troj/Swizzor-PD

- Troj/Swizzor-PD at Sophos

...

Troj/Swizzor-PE

- Troj/Swizzor-PE at Sophos

...

Troj/Swizzor-PF

- Troj/Swizzor-PF at Sophos

...

Troj/Swizzor-PG

- Troj/Swizzor-PG at Sophos

...

Troj/Swizzor-PH

- Troj/Swizzor-PH at Sophos

...

Troj/Swizzor-PI

- Troj/Swizzor-PI at Sophos

...

Troj/Swizzor-PJ

- Troj/Swizzor-PJ at Sophos

...

Troj/Swizzor-PK

- Troj/Swizzor-PK at Sophos

...

Troj/Swizzor-PL

- Troj/Swizzor-PL at Sophos

...

Troj/Agent-JDM

- Troj/Agent-JDM at Sophos

...

Dialer:W32/AdultBrowser

Adware:W32/Agent

- Adware:W32/Agent at F-Secure

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is
combined with spyware or trackware.
...

Riskware:W32/ServU

- Riskware:W32/ServU at F-Secure

Useful, legitimate software which could possibly be misused for malicious purposes.
...

Adware:W32/BHO

Suspicious.Farfli.2

Firepass

- Firepass at Norton Symantec

BehaviorFirepass is a security assessment tool that may be used to decrypt saved passwords from FireFox
Password Manager....

Packed.Generic.217

- Packed.Generic.217 at Norton Symantec

Packed.Generic.217 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_SOHANAD.JH

WORM_DOWNAD.KK

Troj/Comsa-C

- Troj/Comsa-C at Sophos

...

Troj/Dloadr-CII

- Troj/Dloadr-CII at Sophos

...

Mal/Behav-263

- Mal/Behav-263 at Sophos

...

Troj/Swizzor-PM

- Troj/Swizzor-PM at Sophos

...

Troj/Swizzor-PN

- Troj/Swizzor-PN at Sophos

...

Troj/Agent-JDZ

- Troj/Agent-JDZ at Sophos

...

Troj/Inject-FG

- Troj/Inject-FG at Sophos

...

Mal/Behav-261

- Mal/Behav-261 at Sophos

Mal/Behav-261 is a file that contains malicious functionality.
...

Mal/Conficker-B

0 writebacks [03/09/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090307

Trojan.Wincod

- Trojan.Wincod at Norton Symantec

Trojan.Wincod is a Trojan horse that displays message boxes and modifies settings on the compromised computer.
...

Troj/Agent-JDJ

- Troj/Agent-JDJ at Sophos

...

Troj/BotFtp-B

- Troj/BotFtp-B at Sophos

Troj/BotFtp-B is a downloader Trojan typically associated with an IRCBot worm.
When run Troj/BotFtp-B attempts to perform a file download from a remote location.
...

Troj/DownLd-AB

- Troj/DownLd-AB at Sophos

Troj/DownLd-AB is a Trojan for the Windows platform. Troj/DownLd-AB
includes functionality to download, install and run new software.
...

Troj/FakeAv-ME

- Troj/FakeAv-ME at Sophos

Troj/FakeAv-ME is a fake anti-virus application for the Windows platform.
...

W32/Autorun-AAS

- W32/Autorun-AAS at Sophos

...

Troj/BHO-KK

- Troj/BHO-KK at Sophos

Troj/BHO-KK is a Trojan for the Windows platform. The Troj/BHO-KK DLL is
registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry
entries under: HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\Int...

Troj/Zbot-DI

- Troj/Zbot-DI at Sophos

Troj/Zbot-DI is a password stealing Trojan for the Windows platform. When
first run Troj/Zbot-DI copies itself to <System>\twex.exe and creates the following folder and files:
<System>\twain32\ <System>\twain32\user.ds
<...

Troj/Agent-JDI

- Troj/Agent-JDI at Sophos

...

Troj/FakeAV-MB

- Troj/FakeAV-MB at Sophos

...

Troj/Swizzor-PD

- Troj/Swizzor-PD at Sophos

...

Troj/Swizzor-PE

- Troj/Swizzor-PE at Sophos

...

Troj/Swizzor-PF

- Troj/Swizzor-PF at Sophos

...

Troj/Swizzor-PG

- Troj/Swizzor-PG at Sophos

...

Troj/Swizzor-PH

- Troj/Swizzor-PH at Sophos

...

Troj/Swizzor-PI

- Troj/Swizzor-PI at Sophos

...

Troj/Swizzor-PJ

- Troj/Swizzor-PJ at Sophos

...

Troj/Swizzor-PK

- Troj/Swizzor-PK at Sophos

...

Troj/Swizzor-PL

- Troj/Swizzor-PL at Sophos

...

Troj/Agent-JDM

- Troj/Agent-JDM at Sophos

...

0 writebacks [03/08/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090306

Rogue:W32/DrAntiSpy

- Rogue:W32/DrAntiSpy at F-Secure

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's
computer, or by pretending the computer is infected.
...

W32.Downadup.C

- W32.Downadup.C at Norton Symantec

W32.Downadup.C is a security risk that is downloaded on to the compromised computer by the W32.Downadup family
of worms....

TROJ_DROPPER.EAA

- TROJ_DROPPER.EAA at Trend Micro

This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.Upon execution, it creates registry entries to enable its automatic execution at every system
startup. It also creates registry key(s)/entry(ies) as part of its installation routine.It then executes the
dropped fil...

TROJ_ILOMO.B

- TROJ_ILOMO.B at Trend Micro

...

TROJ_DLOADR.ACI

- TROJ_DLOADR.ACI at Trend Micro

This Trojan may be dropped by the following malware: TROJ_DROPPER.EAAIt also arrives as dropped file in the
current user's Application Data folder using several file names.The intended routine of this Trojan is to
download other malicious files from the Internet. However, due to errors in its code, it fails to perform its
intended ro...

Mal/FakeAvHm-A

- Mal/FakeAvHm-A at Sophos

Mal/FakeAvHm-A is a malicious html page. The page is typically displayed by other malware
when an infected computer attempts to access the internet, telling the reader that the computer is infected
and providing a link to download more malicious fake anti-virus software.
...

Mal/Mixmal-A

- Mal/Mixmal-A at Sophos

...

Symb/Disabler-A

- Symb/Disabler-A at Sophos

Symb/Disabler-A is a Trojan designed to run on Symbian operating systems and mobile phones
compatible with Nokia Series 60 specifications. Symb/Disabler-A attempts to to
disable third party file managers by overwriting some system files.
...

Troj/Poison-VB

- Troj/Poison-VB at Sophos

...

Troj/Dload-FO

- Troj/Dload-FO at Sophos

...

Troj/Dloadr-CIA

- Troj/Dloadr-CIA at Sophos

Troj/Dloadr-CIA is a Trojan for the Windows platform. Troj/Dloadr-CIA
attempts communicate with a remote server. When first run Troj/Dloadr-CIA creates the
following files: <System>\acXKtYTVX.exe <System>\acXKtYTVX.RRR
&...

Troj/FakeAV-MA

- Troj/FakeAV-MA at Sophos

...

Troj/Zlob-ASA

- Troj/Zlob-ASA at Sophos

...

W32/Autorun-ZY

- W32/Autorun-ZY at Sophos

...

W32/Undertake-B

- W32/Undertake-B at Sophos

W32/Undertake-B is a polymorphic virus for the Windows platform.
...

Trojan.Wincod

- Trojan.Wincod at Norton Symantec

Trojan.Wincod is a Trojan horse that displays message boxes and modifies settings on the compromised computer.
...

Troj/Agent-JDJ

- Troj/Agent-JDJ at Sophos

...

Troj/BotFtp-B

- Troj/BotFtp-B at Sophos

Troj/BotFtp-B is a downloader Trojan typically associated with an IRCBot worm.
When run Troj/BotFtp-B attempts to perform a file download from a remote location.
...

Troj/DownLd-AB

- Troj/DownLd-AB at Sophos

Troj/DownLd-AB is a Trojan for the Windows platform. Troj/DownLd-AB
includes functionality to download, install and run new software.
...

Troj/FakeAv-ME

- Troj/FakeAv-ME at Sophos

Troj/FakeAv-ME is a fake anti-virus application for the Windows platform.
...

W32/Autorun-AAS

- W32/Autorun-AAS at Sophos

...

Troj/BHO-KK

Troj/Zbot-DI

Troj/Agent-JDI

- Troj/Agent-JDI at Sophos

...

Troj/FakeAV-MB

- Troj/FakeAV-MB at Sophos

...

0 writebacks [03/07/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090305

TROJ_DLOADER.ACI

- TROJ_DLOADER.ACI at Trend Micro

This Trojan may be dropped by the following malware: TROJ_DROPPER.EAAIt also arrives as dropped file in
%Application Data% folder using several filenames.The intended routine of this Trojan is to download other
malicious files from the Internet. However, due to errors in its code, it fails to perform its intended
routine....

TROJ_DLOADER.ACG

- TROJ_DLOADER.ACG at Trend Micro

This Trojan may be dropped or downloaded by other malware.This Trojan drops a memory-resident copy of itself
in the Windows system folder. It also drops a non-malicious text file. It terminates the initially executed
copy and executes the dropped copy.It registers itself as a system service to ensure its automatic execution
at every ...

TROJ_DROPPER.EAT

- TROJ_DROPPER.EAT at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web site(s).Upon execution, it
drops a file detected by Trend Micro as TROJ_ILOMO.K. It chooses the file name of the dropped file from a
certain list. The said file is dropped in a specific folder.It creates registry entry(ies) to enable its
automatic executi...

Troj/Dloadr-CHZ

- Troj/Dloadr-CHZ at Sophos

Troj/Dloadr-CHZ is a Trojan for the Windows platform. When run,
Troj/Dloadr-CHZ installs itself as <SYSTEM>\48751.dll and opens a link to a remote website.
...

Troj/DwnLdr-HOY

- Troj/DwnLdr-HOY at Sophos

Troj/DwnLdr-HOY is a DLL helper Trojan component for the Windows platform.
...

Troj/FakeAle-MJ

- Troj/FakeAle-MJ at Sophos

...

Troj/FakeAV-LW

- Troj/FakeAV-LW at Sophos

Troj/FakeAV-LW is a Trojan for the Windows platform. When run for the
first time Troj/FakeAV-LW replaces <System>\userinit.exe with itself.
...

Troj/Inject-FD

- Troj/Inject-FD at Sophos

...

Troj/Musor-Gen

- Troj/Musor-Gen at Sophos

...

Troj/Spy-BT

- Troj/Spy-BT at Sophos

...

Mal/BHO-XPP

- Mal/BHO-XPP at Sophos

Mal/BHO-XPP is a malicious Browser Helper Object.
...

Rogue:W32/DrAntiSpy

- Rogue:W32/DrAntiSpy at F-Secure

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's
computer, or by pretending the computer is infected.
...

W32.Downadup.C

- W32.Downadup.C at Norton Symantec

W32.Downadup.C is a security risk that is downloaded on to the compromised computer by the W32.Downadup family
of worms....

TROJ_DROPPER.EAA

TROJ_ILOMO.B

- TROJ_ILOMO.B at Trend Micro

...

TROJ_DLOADR.ACI

Mal/FakeAvHm-A

Mal/Mixmal-A

- Mal/Mixmal-A at Sophos

...

Symb/Disabler-A

Troj/Poison-VB

- Troj/Poison-VB at Sophos

...

Troj/Dload-FO

- Troj/Dload-FO at Sophos

...

Troj/Dloadr-CIA

Troj/FakeAV-MA

- Troj/FakeAV-MA at Sophos

...

Troj/Zlob-ASA

- Troj/Zlob-ASA at Sophos

...

W32/Autorun-ZY

- W32/Autorun-ZY at Sophos

...

W32/Undertake-B

- W32/Undertake-B at Sophos

W32/Undertake-B is a polymorphic virus for the Windows platform.
...

0 writebacks [03/06/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090304

Trojan:W32/DNSChanger

- Trojan:W32/DNSChanger at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

Net-Worm:W32/Koobface.ES

- Net-Worm:W32/Koobface.ES at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

Trojan:SymbOS/PbBLister.A

- Trojan:SymbOS/PbBLister.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

Bloodhound.Exploit.225

- Bloodhound.Exploit.225 at Norton Symantec

Bloodhound.Exploit.225 is a heuristic detection for files which exploit the Microsoft Internet Explorer
Uninitialized Memory Remote Code Execution Vulnerability (BID 33627).
...

W32.SillyFDC.BBA

- W32.SillyFDC.BBA at Norton Symantec

W32.SillyFDC.BBA is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAZ

- W32.SillyFDC.BAZ at Norton Symantec

W32.SillyFDC.BAZ is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAY

- W32.SillyFDC.BAY at Norton Symantec

W32.SillyFDC.BAY is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BAX

- W32.SillyFDC.BAX at Norton Symantec

W32.SillyFDC.BAX is a worm that spreads by copying itself to removable drives.
...

TROJ_SMALLTR.OZ

- TROJ_SMALLTR.OZ at Trend Micro

This Trojan may be dropped by the following malware: TROJ_FAKEALRT.RCIt accesses URLs to display pop-up
advertisements on the affected system.
...

Bankolimb.CH

- Bankolimb.CH at Panda

It is designed to obtain confidential information from the user, downloads the Trojan Agent.KKI to the
computer and adds itself to the list of applications authorized by the firewall. It does not spread
automatically by its own means.
...

Troj/Agent-JAA

- Troj/Agent-JAA at Sophos

...

Troj/Dloadr-CHV

- Troj/Dloadr-CHV at Sophos

At the time of this writing, Troj/Dloadr-CHV downloads a file detected as Mal/Basine-C.
Troj/Dloadr-CHV copies itself to <Profile>\<Username>.exe.
Troj/Dloadr-CHV creates the registry entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ...

Mal/FakeAv-Z

- Mal/FakeAv-Z at Sophos

Mal/FakeAv-Z is malicious behavior for the Windows platform. Files
detected as Mal/FakeAv-Z are frequently fraudulent security programs.
...

Mal/Musor-A

- Mal/Musor-A at Sophos

...

Troj/Banker-EPP

- Troj/Banker-EPP at Sophos

...

Troj/Banker-EPQ

- Troj/Banker-EPQ at Sophos

...

Troj/Dload-FN

- Troj/Dload-FN at Sophos

...

Troj/Dloadr-CHU

- Troj/Dloadr-CHU at Sophos

...

Troj/FakeAle-MI

- Troj/FakeAle-MI at Sophos

When Troj/FakeAle-MI is installed the following files are created:
<System>\frmwrk32.exe - copy of Troj/FakeAle-MI <System>\uniq.tll - clean text file
The following registry entry is created to run frmwrk32.exe on startup:
HKLM\SOF...

Troj/Lolyda-B

- Troj/Lolyda-B at Sophos

Troj/Lolyda-B is a password stealing Trojan for the Windows platform. The
Trojan targets usernames and passwords related to on-line gaming. When Troj/Lolyda-B is
installed it creates the file <System>\SOULDebug.log. The following registry
entry is ...

TROJ_DLOADER.ACI

TROJ_DLOADER.ACG

TROJ_DROPPER.EAT

Troj/Dloadr-CHZ

- Troj/Dloadr-CHZ at Sophos

Troj/Dloadr-CHZ is a Trojan for the Windows platform. When run,
Troj/Dloadr-CHZ installs itself as <SYSTEM>\48751.dll and opens a link to a remote website.
...

Troj/DwnLdr-HOY

- Troj/DwnLdr-HOY at Sophos

Troj/DwnLdr-HOY is a DLL helper Trojan component for the Windows platform.
...

Troj/FakeAle-MJ

- Troj/FakeAle-MJ at Sophos

...

Troj/FakeAV-LW

- Troj/FakeAV-LW at Sophos

Troj/FakeAV-LW is a Trojan for the Windows platform. When run for the
first time Troj/FakeAV-LW replaces <System>\userinit.exe with itself.
...

Troj/Inject-FD

- Troj/Inject-FD at Sophos

...

Troj/Musor-Gen

- Troj/Musor-Gen at Sophos

...

Troj/Spy-BT

- Troj/Spy-BT at Sophos

...

Mal/BHO-XPP

- Mal/BHO-XPP at Sophos

Mal/BHO-XPP is a malicious Browser Helper Object.
...

0 writebacks [03/05/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090303

Infostealer.Dunfyter

- Infostealer.Dunfyter at Norton Symantec

Infostealer.Dunfyter is a generic detection for Trojan horses that attempt to steal information related to the
online game Dungeon & Fighter (DNF).
...

Whizz.A

- Whizz.A at Panda

It prevents the user from working with the computer properly, as the computer starts beeping through the
internal speaker and the mouse and the keyboard cannot be properly used, among other actions. It does not
spread automatically by its own means.
...

Mal/Clomp-A

- Mal/Clomp-A at Sophos

Mal/Clomp-A is a program that has been packed with a protection system typically used by malware
authors. ...

Troj/Agent-JCP

- Troj/Agent-JCP at Sophos

...

Troj/Agent-JCR

- Troj/Agent-JCR at Sophos

...

Troj/Clomp-D

- Troj/Clomp-D at Sophos

Troj/Clomp-D is a Trojan for the Windows platform. Files detected as
Troj/Clomp-D are likely corrupt files of the Troj/Clomp malware family.
...

W32/Agent-JCJ

- W32/Agent-JCJ at Sophos

...

W32/AutoIt-CB

- W32/AutoIt-CB at Sophos

...

W32/Autorun-AAB

- W32/Autorun-AAB at Sophos

...

W32/Waled-BF

- W32/Waled-BF at Sophos

...

Mal/ZbotTemp-A

- Mal/ZbotTemp-A at Sophos

Mal/ZbotTemp-A is a component of the Mal/Zbot family of Trojans.
Mal/ZbotTemp-A is typically used to download and install new malware.
...

Trojan:W32/DNSChanger

Net-Worm:W32/Koobface.ES

- Net-Worm:W32/Koobface.ES at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

Trojan:SymbOS/PbBLister.A

Bloodhound.Exploit.225

W32.SillyFDC.BBA

- W32.SillyFDC.BBA at Norton Symantec

W32.SillyFDC.BBA is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAZ

- W32.SillyFDC.BAZ at Norton Symantec

W32.SillyFDC.BAZ is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAY

- W32.SillyFDC.BAY at Norton Symantec

W32.SillyFDC.BAY is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BAX

- W32.SillyFDC.BAX at Norton Symantec

W32.SillyFDC.BAX is a worm that spreads by copying itself to removable drives.
...

TROJ_SMALLTR.OZ

- TROJ_SMALLTR.OZ at Trend Micro

This Trojan may be dropped by the following malware: TROJ_FAKEALRT.RCIt accesses URLs to display pop-up
advertisements on the affected system.
...

Bankolimb.CH

Troj/Agent-JAA

- Troj/Agent-JAA at Sophos

...

Troj/Dloadr-CHV

Mal/FakeAv-Z

- Mal/FakeAv-Z at Sophos

Mal/FakeAv-Z is malicious behavior for the Windows platform. Files
detected as Mal/FakeAv-Z are frequently fraudulent security programs.
...

Mal/Musor-A

- Mal/Musor-A at Sophos

...

Troj/Banker-EPP

- Troj/Banker-EPP at Sophos

...

Troj/Banker-EPQ

- Troj/Banker-EPQ at Sophos

...

Troj/Dload-FN

- Troj/Dload-FN at Sophos

...

Troj/Dloadr-CHU

- Troj/Dloadr-CHU at Sophos

...

Troj/FakeAle-MI

Troj/Lolyda-B

0 writebacks [03/04/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090302

Rogue:W32/XPAntivirus

- Rogue:W32/XPAntivirus at F-Secure

Fake antivirus or antispyware software that tricks users into buying or installing it by pretending the
computer is infected.
...

Trojan:SymbOS/KBlock.A

- Trojan:SymbOS/KBlock.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

Trojan.Neprodoor!inf

- Trojan.Neprodoor!inf at Norton Symantec

Trojan.Neprodoor!inf is a detection for infected ndis.sys driver files.
...

W32.SillyFDC.BAW

- W32.SillyFDC.BAW at Norton Symantec

W32.SillyFDC.BAW is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAU

- W32.SillyFDC.BAU at Norton Symantec

W32.SillyFDC.BAU is a worm that spreads by copying itself to removable drives.
...

Antispyware3000

- Antispyware3000 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Agent-JCB

- Troj/Agent-JCB at Sophos

...

Troj/Bdoor-ATH

- Troj/Bdoor-ATH at Sophos

...

Troj/Agent-JBY

- Troj/Agent-JBY at Sophos

...

Troj/Agent-JBZ

- Troj/Agent-JBZ at Sophos

...

Troj/Agent-JCA

- Troj/Agent-JCA at Sophos

...

Troj/FakeAle-MG

- Troj/FakeAle-MG at Sophos

Troj/FakeAle-MG is a Trojan for the Windows platform. Troj/FakeAle-MG is a
rogue security application that displays false warnings regarding malicious software on the infected computer.
Troj/FakeAle-MG copies itself to <WINDOWS>\sysguard.exe.
Troj...

Troj/FakeAle-MH

- Troj/FakeAle-MH at Sophos

...

Troj/Inject-FA

- Troj/Inject-FA at Sophos

...

W32/Waled-BE

- W32/Waled-BE at Sophos

...

Mal/Zbot-I

- Mal/Zbot-I at Sophos

...

Infostealer.Dunfyter

- Infostealer.Dunfyter at Norton Symantec

Infostealer.Dunfyter is a generic detection for Trojan horses that attempt to steal information related to the
online game Dungeon & Fighter (DNF).
...

Whizz.A

Mal/Clomp-A

- Mal/Clomp-A at Sophos

Mal/Clomp-A is a program that has been packed with a protection system typically used by malware
authors. ...

Troj/Agent-JCP

- Troj/Agent-JCP at Sophos

...

Troj/Agent-JCR

- Troj/Agent-JCR at Sophos

...

Troj/Clomp-D

- Troj/Clomp-D at Sophos

Troj/Clomp-D is a Trojan for the Windows platform. Files detected as
Troj/Clomp-D are likely corrupt files of the Troj/Clomp malware family.
...

W32/Agent-JCJ

- W32/Agent-JCJ at Sophos

...

W32/AutoIt-CB

- W32/AutoIt-CB at Sophos

...

W32/Autorun-AAB

- W32/Autorun-AAB at Sophos

...

W32/Waled-BF

- W32/Waled-BF at Sophos

...

Mal/ZbotTemp-A

- Mal/ZbotTemp-A at Sophos

Mal/ZbotTemp-A is a component of the Mal/Zbot family of Trojans.
Mal/ZbotTemp-A is typically used to download and install new malware.
...

0 writebacks [03/03/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090301

WORM_KOOBFACE.AZ

- WORM_KOOBFACE.AZ at Trend Micro

This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious
Web sites.Upon execution, it searches for cookies created by social networking Web sites. It then makes a DNS
query to check IP addresses that corresponds to remote domains. The said servers can send and receive
information a...

Troj/Agent-IYV

- Troj/Agent-IYV at Sophos

...

Troj/BHO-KF

- Troj/BHO-KF at Sophos

...

Troj/Inject-EX

- Troj/Inject-EX at Sophos

...

Troj/Pushdo-AH

- Troj/Pushdo-AH at Sophos

...

Troj/PWSDlg-Gen

- Troj/PWSDlg-Gen at Sophos

...

Troj/Rootkit-FA

- Troj/Rootkit-FA at Sophos

...

W32/AutoRun-ZP

- W32/AutoRun-ZP at Sophos

W32/AutoRun-ZP is a worm for the Windows platform. When run W32/AutoRun-ZP
copies itself to <Root>\RECYCLER\<User>\win32.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed
Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612 ...

Troj/FakeAV-LS

- Troj/FakeAV-LS at Sophos

...

Troj/FakeAV-LT

- Troj/FakeAV-LT at Sophos

...

Troj/Inject-EW

- Troj/Inject-EW at Sophos

Troj/Inject-EW is a Trojan for the Windows platform. When first run,
Troj/Inject-EW copies itself to: <System32>\twex.exe And alters the
following registry entries: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
<S...

Rogue:W32/XPAntivirus

- Rogue:W32/XPAntivirus at F-Secure

Fake antivirus or antispyware software that tricks users into buying or installing it by pretending the
computer is infected.
...

Trojan:SymbOS/KBlock.A

Trojan.Neprodoor!inf

- Trojan.Neprodoor!inf at Norton Symantec

Trojan.Neprodoor!inf is a detection for infected ndis.sys driver files.
...

W32.SillyFDC.BAW

- W32.SillyFDC.BAW at Norton Symantec

W32.SillyFDC.BAW is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BAU

- W32.SillyFDC.BAU at Norton Symantec

W32.SillyFDC.BAU is a worm that spreads by copying itself to removable drives.
...

Antispyware3000

Troj/Agent-JCB

- Troj/Agent-JCB at Sophos

...

Troj/Bdoor-ATH

- Troj/Bdoor-ATH at Sophos

...

Troj/Agent-JBY

- Troj/Agent-JBY at Sophos

...

Troj/Agent-JBZ

- Troj/Agent-JBZ at Sophos

...

Troj/Agent-JCA

- Troj/Agent-JCA at Sophos

...

Troj/FakeAle-MG

Troj/FakeAle-MH

- Troj/FakeAle-MH at Sophos

...

Troj/Inject-FA

- Troj/Inject-FA at Sophos

...

W32/Waled-BE

- W32/Waled-BE at Sophos

...

Mal/Zbot-I

- Mal/Zbot-I at Sophos

...

0 writebacks [03/02/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090228

Troj/Clomp-B

- Troj/Clomp-B at Sophos

Troj/Clomp-B is a Trojan for the Windows platform. Troj/Clomp-B includes
functionality to access the internet and communicate with a remote server via HTTP, injecting code into
Internet Explorer. When Troj/Clomp-B is installed it may copy itself to uninstall.exe
in all Startup...

Troj/Dloadr-CHN

- Troj/Dloadr-CHN at Sophos

...

W32/Delf-FBQ

- W32/Delf-FBQ at Sophos

...

Troj/Agent-IYN

- Troj/Agent-IYN at Sophos

...

Troj/Agent-JBP

- Troj/Agent-JBP at Sophos

...

Troj/Buzus-AE

- Troj/Buzus-AE at Sophos

...

Troj/Agent-JBN

- Troj/Agent-JBN at Sophos

...

Troj/Agent-JBO

- Troj/Agent-JBO at Sophos

Troj/Agent-JBO is a Trojan for the Windows platform. Troj/Agent-JBO
includes functionality to access the internet and communicate with a remote server via HTTP, injecting code
into Internet Explorer. When Troj/Agent-JBO is installed it may copy itself to
uninstall.exe in all S...