MWBLOG.ORG

Virus Malware and Threat News for 20090429

W32.SillyFDC.BBR

- W32.SillyFDC.BBR at Norton Symantec

W32.SillyFDC.BBR is a worm that spreads by copying itself to removable drives.
...

Rimecud.B

- Rimecud.B at Panda

It obtains information from the forms stored in the Internet Explorer and Firefox browser. It
spreads itself via certain P2P programs, the MSN Messenger, through removable drives and computers with
vulnerable VNC servers or VNC servers that do not require password.
...

Mal/BHO-P

- Mal/BHO-P at Sophos

...

Mal/VB-AL

- Mal/VB-AL at Sophos

...

Troj/Agent-JRN

- Troj/Agent-JRN at Sophos

...

Troj/Bdoor-AVB

- Troj/Bdoor-AVB at Sophos

...

Troj/Dloadr-CLT

- Troj/Dloadr-CLT at Sophos

...

Troj/Dloadr-CLV

- Troj/Dloadr-CLV at Sophos

...

Troj/DownLd-AG

- Troj/DownLd-AG at Sophos

...

Troj/Mdrop-CBP

- Troj/Mdrop-CBP at Sophos

...

Troj/Mdrop-CBQ

- Troj/Mdrop-CBQ at Sophos

...

Troj/Renos-CV

- Troj/Renos-CV at Sophos

...

CoreGuardAntivirus2009

- CoreGuardAntivirus2009 at Norton Symantec

BehaviorCoreGuardAntivirus2009 is a misleading application that may give exaggerated reports of threats on the
computer....

W32.SillyFDC.BBS

- W32.SillyFDC.BBS at Norton Symantec

W32.SillyFDC.BBS is a worm that spreads by copying itself to removable drives.
...

Mal/EncPk-IF

- Mal/EncPk-IF at Sophos

...

Troj/BHO-LY

- Troj/BHO-LY at Sophos

...

Troj/Nonaco-Fam

- Troj/Nonaco-Fam at Sophos

...

Troj/Nonaco-Gen

- Troj/Nonaco-Gen at Sophos

Troj/Nonaco-Gen is a family of Trojans for the Windows platform. Members of
Troj/Nonaco-Gen typically copy themselves to the Windows or Temp folder, and set a registry entry at the
following location to run themselves at startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\...

Troj/Notify-B

- Troj/Notify-B at Sophos

...

Troj/Small-ENC

- Troj/Small-ENC at Sophos

...

Mal/Behav-144

- Mal/Behav-144 at Sophos

Mal/Behav-144 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-144 is behavior based. It is extremely important that customers report detections of
Mal/Behav-144 to Sophos and send a sample for analysis.
...

Troj/Agent-JRO

- Troj/Agent-JRO at Sophos

...

Troj/Agent-JRT

- Troj/Agent-JRT at Sophos

...

0 writebacks [04/30/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090428

EggDrop.AA

- EggDrop.AA at Panda

It connects to a server through IRC channels in order to receive instructions, such as search passwords, end
processes, and turn off or restart the computer, among others. It spreads itself via P2P file sharing programs
and the MSN Messenger.
...

Mal/EncPk-IE

- Mal/EncPk-IE at Sophos

...

Troj/Agent-JQZ

- Troj/Agent-JQZ at Sophos

...

Troj/Agent-JRA

- Troj/Agent-JRA at Sophos

...

Troj/Agent-JRB

- Troj/Agent-JRB at Sophos

...

Troj/Agent-JRC

- Troj/Agent-JRC at Sophos

...

Troj/Agent-JRD

- Troj/Agent-JRD at Sophos

...

Troj/Banker-ERM

- Troj/Banker-ERM at Sophos

...

Troj/Dloadr-CLS

- Troj/Dloadr-CLS at Sophos

...

Troj/DownLd-AE

- Troj/DownLd-AE at Sophos

...

W32.SillyFDC.BBR

- W32.SillyFDC.BBR at Norton Symantec

W32.SillyFDC.BBR is a worm that spreads by copying itself to removable drives.
...

Rimecud.B

Mal/BHO-P

- Mal/BHO-P at Sophos

...

Mal/VB-AL

- Mal/VB-AL at Sophos

...

Troj/Agent-JRN

- Troj/Agent-JRN at Sophos

...

Troj/Bdoor-AVB

- Troj/Bdoor-AVB at Sophos

...

Troj/Dloadr-CLT

- Troj/Dloadr-CLT at Sophos

...

Troj/Dloadr-CLV

- Troj/Dloadr-CLV at Sophos

...

Troj/DownLd-AG

- Troj/DownLd-AG at Sophos

...

Troj/Mdrop-CBP

- Troj/Mdrop-CBP at Sophos

...

Troj/Mdrop-CBQ

- Troj/Mdrop-CBQ at Sophos

...

Troj/Renos-CV

- Troj/Renos-CV at Sophos

...

0 writebacks [04/29/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090427

Bloodhound.PDF.11

- Bloodhound.PDF.11 at Norton Symantec

Bloodhound.PDF.11 is a heuristic detection for potentially malicious PDF files that may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

SillyBAT.A

- SillyBAT.A at Panda

It prevents the computer from working properly, as it does not allow to run the function Search
of the Start menu, applications such as the Task Managerand the Windows Explorer, and the
files with a DOC and XLS extension, among others. It spreads via the P2P file sharing programs.
...

Troj/Agent-JQR

- Troj/Agent-JQR at Sophos

...

Troj/Delf-FCA

- Troj/Delf-FCA at Sophos

...

Troj/Delf-FCB

- Troj/Delf-FCB at Sophos

...

Troj/PDFEx-AW

- Troj/PDFEx-AW at Sophos

...

Troj/Spambot-D

- Troj/Spambot-D at Sophos

...

Troj/VB-ECW

- Troj/VB-ECW at Sophos

...

Troj/Wintrim-K

- Troj/Wintrim-K at Sophos

...

W32/Autorun-AFY

- W32/Autorun-AFY at Sophos

...

Mal/ASFDldr-A

- Mal/ASFDldr-A at Sophos

...

EggDrop.AA

Mal/EncPk-IE

- Mal/EncPk-IE at Sophos

...

Troj/Agent-JQZ

- Troj/Agent-JQZ at Sophos

...

Troj/Agent-JRA

- Troj/Agent-JRA at Sophos

...

Troj/Agent-JRB

- Troj/Agent-JRB at Sophos

...

Troj/Agent-JRC

- Troj/Agent-JRC at Sophos

...

Troj/Agent-JRD

- Troj/Agent-JRD at Sophos

...

Troj/Banker-ERM

- Troj/Banker-ERM at Sophos

...

Troj/Dloadr-CLS

- Troj/Dloadr-CLS at Sophos

...

Troj/DownLd-AE

- Troj/DownLd-AE at Sophos

...

0 writebacks [04/28/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090426

W32.Mocon

- W32.Mocon at Norton Symantec

W32.Mocon is a worm that logs keystrokes and steals information from the infected computer. It spreads by
copying itself to removable drives.
...

Troj/Agent-JQL

- Troj/Agent-JQL at Sophos

...

Troj/Dloadr-CLQ

- Troj/Dloadr-CLQ at Sophos

Troj/Dloadr-CLQ is a Trojan for the Windows platform. Troj/Dloadr-CLQ
includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/Dloadr-CLQ on startup:
HKCU\Software\Mi...

Troj/Rustock-C

- Troj/Rustock-C at Sophos

Troj/Rustock-C copies itself to the Temp folder with a TMP extension and creates a
randomly named file SYS in the Windows system folder. The TMP file may be deleted after a reboot.
The SYS file is installed as a service with the same name as the file itself, excluding the SYS
extension. ...

Troj/BHO-LV

- Troj/BHO-LV at Sophos

...

Troj/Fakevir-MC

- Troj/Fakevir-MC at Sophos

...

Bloodhound.PDF.11

SillyBAT.A

Troj/Agent-JQR

- Troj/Agent-JQR at Sophos

...

Troj/Delf-FCA

- Troj/Delf-FCA at Sophos

...

Troj/Delf-FCB

- Troj/Delf-FCB at Sophos

...

Troj/PDFEx-AW

- Troj/PDFEx-AW at Sophos

...

Troj/Spambot-D

- Troj/Spambot-D at Sophos

...

Troj/VB-ECW

- Troj/VB-ECW at Sophos

...

Troj/Wintrim-K

- Troj/Wintrim-K at Sophos

...

W32/Autorun-AFY

- W32/Autorun-AFY at Sophos

...

Mal/ASFDldr-A

- Mal/ASFDldr-A at Sophos

...

0 writebacks [04/27/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090425

Troj/Agent-JQK

- Troj/Agent-JQK at Sophos

...

Troj/Bckdr-QTT

- Troj/Bckdr-QTT at Sophos

...

Troj/BHO-LS

- Troj/BHO-LS at Sophos

Troj/BHO-LS changes Internet Explorer security and privacy settings.
Troj/BHO-LS attempts to steal banking information.
...

Troj/BHO-LT

- Troj/BHO-LT at Sophos

...

Troj/BHO-LU

- Troj/BHO-LU at Sophos

...

Troj/Clicker-FI

- Troj/Clicker-FI at Sophos

...

Troj/FakeVir-MA

- Troj/FakeVir-MA at Sophos

...

Troj/FakeVir-MB

- Troj/FakeVir-MB at Sophos

...

Mal/EncPk-IB

- Mal/EncPk-IB at Sophos

...

Mal/EncPk-IC

- Mal/EncPk-IC at Sophos

...

W32.Mocon

- W32.Mocon at Norton Symantec

W32.Mocon is a worm that logs keystrokes and steals information from the infected computer. It spreads by
copying itself to removable drives.
...

Troj/Agent-JQL

- Troj/Agent-JQL at Sophos

...

Troj/Dloadr-CLQ

Troj/Rustock-C

Troj/BHO-LV

- Troj/BHO-LV at Sophos

...

Troj/Fakevir-MC

- Troj/Fakevir-MC at Sophos

...

0 writebacks [04/26/2009 21:52] [] permanent link

Virus Malware and Threat News for 20090424

Troj/Agent-JQF

- Troj/Agent-JQF at Sophos

...

Troj/Agent-JQI

- Troj/Agent-JQI at Sophos

...

Troj/Dloadr-CLP

- Troj/Dloadr-CLP at Sophos

...

Troj/FakeAv-PP

- Troj/FakeAv-PP at Sophos

...

Troj/PDFJs-AS

- Troj/PDFJs-AS at Sophos

...

Troj/Inject-GS

- Troj/Inject-GS at Sophos

...

Troj/Siggen-Gen

- Troj/Siggen-Gen at Sophos

...

W32/Anig-B

- W32/Anig-B at Sophos

W32/Anig-B is a worm that can spread by copying itself over network shares. W32/Anig-B can also be used to
steal passwords.W32/Anig-B copies itself to <Windows>\System32 using its original filename and creates
the following registry entry in order to run on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Osa3...

Exp/MS06048-A

- Exp/MS06048-A at Sophos

Exp/MS06048-A detects malicious Microsoft PowerPoint presentations that exploit CVE-2006-3590. Please refer to
Microsoft patch MS06-048 for more details.
...

Mal/FakeAV-AQ

- Mal/FakeAV-AQ at Sophos

...

Troj/Agent-JQK

- Troj/Agent-JQK at Sophos

...

Troj/Bckdr-QTT

- Troj/Bckdr-QTT at Sophos

...

Troj/BHO-LS

- Troj/BHO-LS at Sophos

Troj/BHO-LS changes Internet Explorer security and privacy settings.
Troj/BHO-LS attempts to steal banking information.
...

Troj/BHO-LT

- Troj/BHO-LT at Sophos

...

Troj/BHO-LU

- Troj/BHO-LU at Sophos

...

Troj/Clicker-FI

- Troj/Clicker-FI at Sophos

...

Troj/FakeVir-MA

- Troj/FakeVir-MA at Sophos

...

Troj/FakeVir-MB

- Troj/FakeVir-MB at Sophos

...

Mal/EncPk-IB

- Mal/EncPk-IB at Sophos

...

Mal/EncPk-IC

- Mal/EncPk-IC at Sophos

...

0 writebacks [04/25/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090423

Backdoor:W32/Ghost.gen!A

- Backdoor:W32/Ghost.gen!A at F-Secure

...

W32.Regsubdat.A!inf

- W32.Regsubdat.A!inf at Norton Symantec

W32.Regsubdat.A!inf is a detection for executable files modified by Trojan.Regsubdat.
A...

Mal/EncPk-IA

- Mal/EncPk-IA at Sophos

...

Troj/Agent-JQB

- Troj/Agent-JQB at Sophos

...

Troj/Agent-JQC

- Troj/Agent-JQC at Sophos

...

Troj/Agent-JQD

- Troj/Agent-JQD at Sophos

When Troj/Agent-JQD is installed it creates the file <System>\msddll.exe which is a copy of
iitself. The following registry entry is set, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfi...

Troj/Bdoor-AVA

- Troj/Bdoor-AVA at Sophos

...

Troj/Blocker-A

- Troj/Blocker-A at Sophos

...

Troj/Dialer-GD

- Troj/Dialer-GD at Sophos

...

Troj/ExpPPT-D

- Troj/ExpPPT-D at Sophos

Troj/ExpPPT-D is a maliciosly crafted PowerPoint presentation file that attempts to exploit a
PowerPoint vulnerability to launch executable code without requiring intervention from the user.
...

Troj/FakeVir-LZ

- Troj/FakeVir-LZ at Sophos

...

Troj/Agent-JQF

- Troj/Agent-JQF at Sophos

...

Troj/Agent-JQI

- Troj/Agent-JQI at Sophos

...

Troj/Dloadr-CLP

- Troj/Dloadr-CLP at Sophos

...

Troj/FakeAv-PP

- Troj/FakeAv-PP at Sophos

...

Troj/PDFJs-AS

- Troj/PDFJs-AS at Sophos

...

Troj/Inject-GS

- Troj/Inject-GS at Sophos

...

Troj/Siggen-Gen

- Troj/Siggen-Gen at Sophos

...

W32/Anig-B

Exp/MS06048-A

- Exp/MS06048-A at Sophos

Exp/MS06048-A detects malicious Microsoft PowerPoint presentations that exploit CVE-2006-3590. Please refer to
Microsoft patch MS06-048 for more details.
...

Mal/FakeAV-AQ

- Mal/FakeAV-AQ at Sophos

...

0 writebacks [04/24/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090422

Trojan-PSW:W32/Wowsteal

- Trojan-PSW:W32/Wowsteal at F-Secure

...

Trojan.Regsubsdat.A

- Trojan.Regsubsdat.A at Norton Symantec

Trojan.Regsubsdat.A is a Trojan horse that attempts to steal information from the compromised computer.
...

Hacktool.WFPOff

- Hacktool.WFPOff at Norton Symantec

BehaviorHacktool.WFPOff is a potentially unwanted application that allows the user to temporarily disable
Windows File Protection.
...

MalwareCleaner

- MalwareCleaner at Norton Symantec

BehaviorMalwareCleaner is a misleading application that may give exaggerated reports of threats on the
computer....

AVAntispyware

- AVAntispyware at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/Renos-G

- Mal/Renos-G at Sophos

...

Mal/Swizzor-E

- Mal/Swizzor-E at Sophos

Mal/Swizzor-E is a family of Trojans which have functionality to download and execute files from
the internet.
...

Troj/Agent-JPW

- Troj/Agent-JPW at Sophos

...

Troj/Agent-JPX

- Troj/Agent-JPX at Sophos

Troj/Agent-JPX is a Trojan for the Windows platform. When Troj/Agent-JPX is
installed the following files are created: <Current Folder>\my.dll
<System>\iebho.dll The file iebho.dll is registered as a COM object and
Brow...

Troj/Agent-JPY

- Troj/Agent-JPY at Sophos

Troj/Agent-JPY is a Trojan for the Windows platform. When Troj/Agent-JPY is
installed the following files are created: <Current Folder>\my.dll
<System>\iebho.dll The file iebho.dll is registered as a COM object and Browser
Helper Object (B...

Troj/Autoit-DT

- Troj/Autoit-DT at Sophos

...

Troj/BHO-LR

- Troj/BHO-LR at Sophos

...

Troj/Cinmus-Gen

- Troj/Cinmus-Gen at Sophos

...

Troj/DMSPatch-A

- Troj/DMSPatch-A at Sophos

...

Troj/Dwnldr-HQB

- Troj/Dwnldr-HQB at Sophos

Troj/Dwnldr-HQB is a Trojan for the Windows platform. Troj/Dwnldr-HQB
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Dwnldr-HQB is installed the following files are created:
<System>\tebujugu....

Backdoor:W32/Ghost.gen!A

- Backdoor:W32/Ghost.gen!A at F-Secure

...

W32.Regsubdat.A!inf

- W32.Regsubdat.A!inf at Norton Symantec

W32.Regsubdat.A!inf is a detection for executable files modified by Trojan.Regsubdat.
A...

Mal/EncPk-IA

- Mal/EncPk-IA at Sophos

...

Troj/Agent-JQB

- Troj/Agent-JQB at Sophos

...

Troj/Agent-JQC

- Troj/Agent-JQC at Sophos

...

Troj/Agent-JQD

Troj/Bdoor-AVA

- Troj/Bdoor-AVA at Sophos

...

Troj/Blocker-A

- Troj/Blocker-A at Sophos

...

Troj/Dialer-GD

- Troj/Dialer-GD at Sophos

...

Troj/ExpPPT-D

Troj/FakeVir-LZ

- Troj/FakeVir-LZ at Sophos

...

0 writebacks [04/23/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090421

Waledac.AX

- Waledac.AX at Panda

It sends spam messages related to pharmaceutical products. It spreads in email messages offering a fake
service which allows to read the SMS received in any mobile phone.
...

Troj/DwndLdr-A

- Troj/DwndLdr-A at Sophos

...

Troj/Dwnldr-HPZ

- Troj/Dwnldr-HPZ at Sophos

...

Troj/FakeAle-MX

- Troj/FakeAle-MX at Sophos

...

Troj/JSRedir-P

- Troj/JSRedir-P at Sophos

...

Troj/Mbroot-E

- Troj/Mbroot-E at Sophos

Troj/Mbroot-E is a malicious MBR loader installed by a member of the Troj/Sinowal family of
rootkits.
...

Troj/TDSS-AA

- Troj/TDSS-AA at Sophos

...

W32/Tvido-B

- W32/Tvido-B at Sophos

W32/Tvido-B is a virus for the Windows platform. W32/Tvido-B infects EXE
files on the C: drive and in writeable network shares.
...

Troj/FakeAV-PH

- Troj/FakeAV-PH at Sophos

...

Troj/SkimTrim-C

- Troj/SkimTrim-C at Sophos

...

Trojan-PSW:W32/Wowsteal

- Trojan-PSW:W32/Wowsteal at F-Secure

...

Trojan.Regsubsdat.A

- Trojan.Regsubsdat.A at Norton Symantec

Trojan.Regsubsdat.A is a Trojan horse that attempts to steal information from the compromised computer.
...

Hacktool.WFPOff

- Hacktool.WFPOff at Norton Symantec

BehaviorHacktool.WFPOff is a potentially unwanted application that allows the user to temporarily disable
Windows File Protection.
...

MalwareCleaner

- MalwareCleaner at Norton Symantec

BehaviorMalwareCleaner is a misleading application that may give exaggerated reports of threats on the
computer....

AVAntispyware

Mal/Renos-G

- Mal/Renos-G at Sophos

...

Mal/Swizzor-E

- Mal/Swizzor-E at Sophos

Mal/Swizzor-E is a family of Trojans which have functionality to download and execute files from
the internet.
...

Troj/Agent-JPW

- Troj/Agent-JPW at Sophos

...

Troj/Agent-JPX

Troj/Agent-JPY

Troj/Autoit-DT

- Troj/Autoit-DT at Sophos

...

Troj/BHO-LR

- Troj/BHO-LR at Sophos

...

Troj/Cinmus-Gen

- Troj/Cinmus-Gen at Sophos

...

Troj/DMSPatch-A

- Troj/DMSPatch-A at Sophos

...

Troj/Dwnldr-HQB

0 writebacks [04/22/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090420

Trojan:W32/Vundo

- Trojan:W32/Vundo at F-Secure

...

Trojan.Neprodoor

- Trojan.Neprodoor at Norton Symantec

Trojan.Neprodoor is a Trojan horse that steals information and downloads files on to the compromised computer.
...

SMSlock.A

- SMSlock.A at Panda

It is designed to affect mainly Russian speaking users and its main aim is to obtain financial gains. It locks
the affected users' computer and in order to unlock it they are required to pay a certain sum of money. It
does not spread automatically using its own means.
...

Troj/Bckdr-QTO

- Troj/Bckdr-QTO at Sophos

Troj/Bckdr-QTO is a Trojan for the Windows platform. When Troj/Bckdr-QTO is
installed the following files are created: <System>\abcedg.dll
<System>\stdole.
tbl...

Troj/Decdec-A

- Troj/Decdec-A at Sophos

Troj/Decdec-A is a JavaScript Trojan that downloads other code.
...

Troj/Dloadr-CLM

- Troj/Dloadr-CLM at Sophos

...

Troj/DownLd-E

- Troj/DownLd-E at Sophos

...

Troj/FakeAV-PE

- Troj/FakeAV-PE at Sophos

...

Troj/Iframe-O

- Troj/Iframe-O at Sophos

Troj/Iframe-O downloads and runs more malware
...

Troj/Inject-GM

- Troj/Inject-GM at Sophos

...

Troj/Katusha-A

- Troj/Katusha-A at Sophos

...

Troj/PcClien-MP

- Troj/PcClien-MP at Sophos

...

Waledac.AX

- Waledac.AX at Panda

It sends spam messages related to pharmaceutical products. It spreads in email messages offering a fake
service which allows to read the SMS received in any mobile phone.
...

Troj/DwndLdr-A

- Troj/DwndLdr-A at Sophos

...

Troj/Dwnldr-HPZ

- Troj/Dwnldr-HPZ at Sophos

...

Troj/FakeAle-MX

- Troj/FakeAle-MX at Sophos

...

Troj/JSRedir-P

- Troj/JSRedir-P at Sophos

...

Troj/Mbroot-E

- Troj/Mbroot-E at Sophos

Troj/Mbroot-E is a malicious MBR loader installed by a member of the Troj/Sinowal family of
rootkits.
...

Troj/TDSS-AA

- Troj/TDSS-AA at Sophos

...

W32/Tvido-B

- W32/Tvido-B at Sophos

W32/Tvido-B is a virus for the Windows platform. W32/Tvido-B infects EXE
files on the C: drive and in writeable network shares.
...

Troj/FakeAV-PH

- Troj/FakeAV-PH at Sophos

...

Troj/SkimTrim-C

- Troj/SkimTrim-C at Sophos

...

0 writebacks [04/21/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090419

TROJ_SINOWAL.AI

- TROJ_SINOWAL.AI at Trend Micro

Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or
both, that it possesses. Specifically, its ability to modify and infect Master Boot Record of hard disks.This
Trojan may be dropped by other malware.It looks for the bootable drive of the affected system. Once found, it
copies...

Troj/Bdoor-AUL

- Troj/Bdoor-AUL at Sophos

...

Troj/Bdoor-AUR

- Troj/Bdoor-AUR at Sophos

...

Troj/Sinowal-D

- Troj/Sinowal-D at Sophos

...

Troj/Dloadr-CLJ

- Troj/Dloadr-CLJ at Sophos

Troj/Dloadr-CLJ is a Trojan for the Windows platform. Troj/Dloadr-CLJ sets
the following registry entry to run on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Cognac <path to
detected file>
...

Troj/SkimTrim-B

- Troj/SkimTrim-B at Sophos

Troj/SkimTrim-B is a Trojan for the Windows platform. Troj/SkimTrim-B sets
a registry entry to run on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\<module_file_name>
Troj/SkimTrim-B injects malicious code into explorer.exe.
...

Troj/Agent-JPG

- Troj/Agent-JPG at Sophos

Troj/Agent-JPG connects to a remote IP address. Troj/Agent-JPG copies
itself to the following locations: <System>\reader_s.exe <User
profile>\reader_s.exe The following registry entries are created in order to run the
Trojan on sta...

Troj/Atraps-B

- Troj/Atraps-B at Sophos

...

Troj/BHO-LQ

- Troj/BHO-LQ at Sophos

...

Trojan:W32/Vundo

- Trojan:W32/Vundo at F-Secure

...

Trojan.Neprodoor

- Trojan.Neprodoor at Norton Symantec

Trojan.Neprodoor is a Trojan horse that steals information and downloads files on to the compromised computer.
...

SMSlock.A

Troj/Bckdr-QTO

- Troj/Bckdr-QTO at Sophos

Troj/Bckdr-QTO is a Trojan for the Windows platform. When Troj/Bckdr-QTO is
installed the following files are created: <System>\abcedg.dll
<System>\stdole.
tbl...

Troj/Decdec-A

- Troj/Decdec-A at Sophos

Troj/Decdec-A is a JavaScript Trojan that downloads other code.
...

Troj/Dloadr-CLM

- Troj/Dloadr-CLM at Sophos

...

Troj/DownLd-E

- Troj/DownLd-E at Sophos

...

Troj/FakeAV-PE

- Troj/FakeAV-PE at Sophos

...

Troj/Iframe-O

- Troj/Iframe-O at Sophos

Troj/Iframe-O downloads and runs more malware
...

Troj/Inject-GM

- Troj/Inject-GM at Sophos

...

Troj/Katusha-A

- Troj/Katusha-A at Sophos

...

Troj/PcClien-MP

- Troj/PcClien-MP at Sophos

...

0 writebacks [04/20/2009 21:45] [] permanent link

Virus Malware and Threat News for 20090418

W32.Sality.AM

- W32.Sality.AM at Norton Symantec

W32.Sality.AM is a virus that spreads by infecting executable files.
...

Mal/Bifrose-Q

- Mal/Bifrose-Q at Sophos

...

Mal/EncPk-HV

- Mal/EncPk-HV at Sophos

...

Mal/Inject-K

- Mal/Inject-K at Sophos

...

Mal/SinowSys-A

- Mal/SinowSys-A at Sophos

...

Troj/Agent-JPF

- Troj/Agent-JPF at Sophos

...

Troj/ASFDldr-B

- Troj/ASFDldr-B at Sophos

Troj/ASFDldr-B is an ASF file that attempts to load content from a remote website.
...

Troj/Bifrose-XG

- Troj/Bifrose-XG at Sophos

...

Troj/Dloadr-CLH

- Troj/Dloadr-CLH at Sophos

When Troj/Dloadr-CLH is installed the following files are created:
<System>\nsn2D.dll - detected as Troj/Dloadr-CLH
<System>\40c6ae71-a092-25cc-90c1-a31af01f82cd.exe - detected as Troj/Dloadr-CLH
The file nsn2D.dll is registered as a COM object and Brows...

Troj/Dloadr-CLI

- Troj/Dloadr-CLI at Sophos

...

Troj/FakeAle-MW

- Troj/FakeAle-MW at Sophos

...

TROJ_SINOWAL.AI

Troj/Bdoor-AUL

- Troj/Bdoor-AUL at Sophos

...

Troj/Bdoor-AUR

- Troj/Bdoor-AUR at Sophos

...

Troj/Sinowal-D

- Troj/Sinowal-D at Sophos

...

Troj/Dloadr-CLJ

Troj/SkimTrim-B

Troj/Agent-JPG

Troj/Atraps-B

- Troj/Atraps-B at Sophos

...

Troj/BHO-LQ

- Troj/BHO-LQ at Sophos

...

0 writebacks [04/19/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090417

FixTool

- FixTool at Norton Symantec

BehaviorFixTool is a misleading application that may give exaggerated reports of errors on the computer.
...

ErrorRepair

- ErrorRepair at Norton Symantec

BehaviorErrorRepair is a misleading application that may give exaggerated reports of threats on the computer.
...

Packed.Generic.221

- Packed.Generic.221 at Norton Symantec

Packed.Generic.221 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Suspicious.S.MH2

- Suspicious.S.MH2 at Norton Symantec

Suspicious.S.MH2 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

PersonalAntivirus

- PersonalAntivirus at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

IRCBot.CML

- IRCBot.CML at Panda

It allows a remote user to control and gain access of the computer through IRC channels and connects to an FTP
server to which it sends user's information, such as passwords. It spreads itself via the instant
messaging program MSN Messenger.
...

Mal/Proxy-B

- Mal/Proxy-B at Sophos

Mal/Proxy-B is a Trojan for the Windows platform. Once running, Mal/Proxy-B
serves as a HTTP proxy.
...

Troj/Agent-JPE

- Troj/Agent-JPE at Sophos

...

Troj/Dloadr-CLG

- Troj/Dloadr-CLG at Sophos

...

Troj/FakeAV-PB

- Troj/FakeAV-PB at Sophos

...

Troj/Feedel-D

- Troj/Feedel-D at Sophos

...

Troj/Skintrim-P

- Troj/Skintrim-P at Sophos

...

Troj/Zbot-EX

- Troj/Zbot-EX at Sophos

...

W32/Autorun-AFG

- W32/Autorun-AFG at Sophos

...

W32/Gael-A

- W32/Gael-A at Sophos

...

W32.Sality.AM

- W32.Sality.AM at Norton Symantec

W32.Sality.AM is a virus that spreads by infecting executable files.
...

Mal/Bifrose-Q

- Mal/Bifrose-Q at Sophos

...

Mal/EncPk-HV

- Mal/EncPk-HV at Sophos

...

Mal/Inject-K

- Mal/Inject-K at Sophos

...

Mal/SinowSys-A

- Mal/SinowSys-A at Sophos

...

Troj/Agent-JPF

- Troj/Agent-JPF at Sophos

...

Troj/ASFDldr-B

- Troj/ASFDldr-B at Sophos

Troj/ASFDldr-B is an ASF file that attempts to load content from a remote website.
...

Troj/Bifrose-XG

- Troj/Bifrose-XG at Sophos

...

Troj/Dloadr-CLH

Troj/Dloadr-CLI

- Troj/Dloadr-CLI at Sophos

...

Troj/FakeAle-MW

- Troj/FakeAle-MW at Sophos

...

0 writebacks [04/18/2009 21:50] [] permanent link

Virus Malware and Threat News for 20090416

MS09-016

- MS09-016 at Panda

It is a group of important vulnerabilities in ISA Server and Forefront Threat Management Gateway, which
allows denial of service attacks to be launched.
...

MS09-015

- MS09-015 at Panda

It is a moderate vulnerability on the SearchPath function on Windows 2008/Vista/2003/XP/2000
computers, which allows local privilege escalation in the vulnerable computer.
...

MS09-012

- MS09-012 at Panda

It is a group of important vulnerabilities in Windows on Windows 2008/Vista/2003/XP/2000 computers,
which allows local privilege escalation in the vulnerable computer.
...

Troj/Agent-JOM

- Troj/Agent-JOM at Sophos

...

Troj/Agent-JON

- Troj/Agent-JON at Sophos

...

Troj/Agent-JOO

- Troj/Agent-JOO at Sophos

...

Troj/Agent-JOP

- Troj/Agent-JOP at Sophos

...

Troj/FakeVir-LV

- Troj/FakeVir-LV at Sophos

...

Troj/Wintrim-J

- Troj/Wintrim-J at Sophos

...

Troj/Zbot-EW

- Troj/Zbot-EW at Sophos

...

W32/Autorun-AFC

- W32/Autorun-AFC at Sophos

...

FixTool

- FixTool at Norton Symantec

BehaviorFixTool is a misleading application that may give exaggerated reports of errors on the computer.
...

ErrorRepair

- ErrorRepair at Norton Symantec

BehaviorErrorRepair is a misleading application that may give exaggerated reports of threats on the computer.
...

Packed.Generic.221

- Packed.Generic.221 at Norton Symantec

Packed.Generic.221 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Suspicious.S.MH2

PersonalAntivirus

IRCBot.CML

Mal/Proxy-B

- Mal/Proxy-B at Sophos

Mal/Proxy-B is a Trojan for the Windows platform. Once running, Mal/Proxy-B
serves as a HTTP proxy.
...

Troj/Agent-JPE

- Troj/Agent-JPE at Sophos

...

Troj/Dloadr-CLG

- Troj/Dloadr-CLG at Sophos

...

Troj/FakeAV-PB

- Troj/FakeAV-PB at Sophos

...

Troj/Feedel-D

- Troj/Feedel-D at Sophos

...

Troj/Skintrim-P

- Troj/Skintrim-P at Sophos

...

Troj/Zbot-EX

- Troj/Zbot-EX at Sophos

...

W32/Autorun-AFG

- W32/Autorun-AFG at Sophos

...

W32/Gael-A

- W32/Gael-A at Sophos

...

0 writebacks [04/17/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090415

Trojan-Downloader:W32/FraudLoad

- Trojan-Downloader:W32/FraudLoad at F-Secure

...

Trojan.Ransomlock

- Trojan.Ransomlock at Norton Symantec

Trojan.Ransomlock is a Trojan horse that locks the desktop making the computer unusable.
...

MS09-014

- MS09-014 at Panda

It is a group of vulnerabilities in Internet Explorer versions 5.01 and 6 SP1 on Windows 2000, 6 on Windows
2003/XP computers and 7 on Windows 2008/Vista/2003/XP, which allows hackers to gain remote control of the
affected computer with the same privileges as the logged on user.
...

MS09-013

- MS09-013 at Panda

It is a group of critical vulnerabilities in Windows HTTP Services on Windows Server
2008/Vista/2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer
with the same privileges as the logged on user and spoofing.
...

MS09-011

- MS09-011 at Panda

It is a critical vulnerability in different versions of DirectX on Windows 2003/XP/2000 computers, which
allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
...

MS09-010

- MS09-010 at Panda

It is a group of critical vulnerabilities in WordPad and Office Text Converters, which allows hackers to gain
remote control of the affected computer with the same privileges as the logged-on user.
...

MS09-009

- MS09-009 at Panda

It is a group of critical vulnerabilities in certain versions of Excel, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged-on user.
...

Troj/Agent-JOH

- Troj/Agent-JOH at Sophos

...

Troj/Agent-JOI

- Troj/Agent-JOI at Sophos

...

Troj/Bancos-BFM

- Troj/Bancos-BFM at Sophos

...

Mal/ObfDrv-A

- Mal/ObfDrv-A at Sophos

Mal/ObfDrv-A is a driver that has characteristics typical of those found in malware.
...

Mal/Treemz-A

- Mal/Treemz-A at Sophos

...

Troj/Dloadr-CLE

- Troj/Dloadr-CLE at Sophos

...

Troj/FakeAV-OU

- Troj/FakeAV-OU at Sophos

...

MS09-016

- MS09-016 at Panda

It is a group of important vulnerabilities in ISA Server and Forefront Threat Management Gateway, which
allows denial of service attacks to be launched.
...

MS09-015

- MS09-015 at Panda

It is a moderate vulnerability on the SearchPath function on Windows 2008/Vista/2003/XP/2000
computers, which allows local privilege escalation in the vulnerable computer.
...

MS09-012

- MS09-012 at Panda

It is a group of important vulnerabilities in Windows on Windows 2008/Vista/2003/XP/2000 computers,
which allows local privilege escalation in the vulnerable computer.
...

Troj/Agent-JOM

- Troj/Agent-JOM at Sophos

...

Troj/Agent-JON

- Troj/Agent-JON at Sophos

...

Troj/Agent-JOO

- Troj/Agent-JOO at Sophos

...

Troj/Agent-JOP

- Troj/Agent-JOP at Sophos

...

Troj/FakeVir-LV

- Troj/FakeVir-LV at Sophos

...

Troj/Wintrim-J

- Troj/Wintrim-J at Sophos

...

Troj/Zbot-EW

- Troj/Zbot-EW at Sophos

...

W32/Autorun-AFC

- W32/Autorun-AFC at Sophos

...

0 writebacks [04/16/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090414

W32.SillyPrep

- W32.SillyPrep at Norton Symantec

W32.SillyPrep is a generic detection for file infectors that infect .exe files on the compromised computer.
...

W32.Dizan.F

- W32.Dizan.F at Norton Symantec

W32.Dizan.F is a virus that spreads by infecting executable files. It also opens a back door on the
compromised computer.
...

JS_TWETTIR.A

- JS_TWETTIR.A at Trend Micro

This malicious JavaScript may be hosted on a Web site and run when a user accesses the said Web site.It
spreads to other systems when a user visits a Twitter profile that is injected with this JavaScript. The said
script steals the user's login credentials for Twitter. It then uses the stolen credentials to post several
messages poin...

Hiloti.A

- Hiloti.A at Panda

It downloads to the affected computer the adware detected as Lop. When users access certain websites
related to search engines, they are redirected to malicious websites. It does not spread automatically by its
own means....

Troj/Agent-JOD

- Troj/Agent-JOD at Sophos

...

Troj/BHODrop-F

- Troj/BHODrop-F at Sophos

Troj/BHODrop-F is a Trojan for the Windows platform. When Troj/BHODrop-F is
installed it creates the file <Program Files>\Common\helper.dll or <Program
Files>\WinBudget\Comon\helper.dll, detected as Mal/BHO-LM.
...

Troj/ConfData-A

- Troj/ConfData-A at Sophos

Troj/ConfData-A is a data file downloaded by the Conficker family of malware.
...

Troj/Dloadr-CLA

- Troj/Dloadr-CLA at Sophos

...

Troj/DLoadr-CLB

- Troj/DLoadr-CLB at Sophos

...

Troj/DLoadr-CLC

- Troj/DLoadr-CLC at Sophos

...

Troj/Dloadr-CLD

- Troj/Dloadr-CLD at Sophos

...

Troj/PDFJs-AP

- Troj/PDFJs-AP at Sophos

Troj/PDFJs-AP is a PDF that contains malicious JavaScript.
...

Troj/ZBot-ET

- Troj/ZBot-ET at Sophos

...

Trojan-Downloader:W32/FraudLoad

- Trojan-Downloader:W32/FraudLoad at F-Secure

...

Trojan.Ransomlock

- Trojan.Ransomlock at Norton Symantec

Trojan.Ransomlock is a Trojan horse that locks the desktop making the computer unusable.
...

MS09-014

MS09-013

MS09-011

MS09-010

MS09-009

Troj/Agent-JOH

- Troj/Agent-JOH at Sophos

...

Troj/Agent-JOI

- Troj/Agent-JOI at Sophos

...

Troj/Bancos-BFM

- Troj/Bancos-BFM at Sophos

...

Mal/ObfDrv-A

- Mal/ObfDrv-A at Sophos

Mal/ObfDrv-A is a driver that has characteristics typical of those found in malware.
...

Mal/Treemz-A

- Mal/Treemz-A at Sophos

...

Troj/Dloadr-CLE

- Troj/Dloadr-CLE at Sophos

...

Troj/FakeAV-OU

- Troj/FakeAV-OU at Sophos

...

0 writebacks [04/15/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090413

Troj/FakMSA-Gen

- Troj/FakMSA-Gen at Sophos

Troj/FakMSA-Gen is a Trojan for the Windows platform. Troj/FakMSA-Gen is a
rogue security application that displays false warnings regarding malicious activity on the infected computer.
...

Troj/PDFEx-AU

- Troj/PDFEx-AU at Sophos

...

Troj/Zbot-ES

- Troj/Zbot-ES at Sophos

...

Mal/PDFEx-D

- Mal/PDFEx-D at Sophos

Mal/PDFEx-D is a malicious PDF file.
...

Troj/Agent-JNS

- Troj/Agent-JNS at Sophos

...

Troj/Bckdr-QTK

- Troj/Bckdr-QTK at Sophos

...

Troj/Dloadr-CKS

- Troj/Dloadr-CKS at Sophos

Troj/Dloadr-CKS is a downloader Trojan for the Windows platform.
...

Troj/Dloadr-CKT

- Troj/Dloadr-CKT at Sophos

Troj/Dloadr-CKT is a downloader Trojan for the Windows platform. The
following registry entries are created to run Troj/Dloadr-CKT on startup:
HKCU\software\micrsoft\windows\currentversion\ run win_drivr32 <pathname of the
Troj/Dloadr-CKT executable>...

W32.SillyPrep

- W32.SillyPrep at Norton Symantec

W32.SillyPrep is a generic detection for file infectors that infect .exe files on the compromised computer.
...

W32.Dizan.F

- W32.Dizan.F at Norton Symantec

W32.Dizan.F is a virus that spreads by infecting executable files. It also opens a back door on the
compromised computer.
...

JS_TWETTIR.A

Hiloti.A

Troj/Agent-JOD

- Troj/Agent-JOD at Sophos

...

Troj/BHODrop-F

Troj/ConfData-A

- Troj/ConfData-A at Sophos

Troj/ConfData-A is a data file downloaded by the Conficker family of malware.
...

Troj/Dloadr-CLA

- Troj/Dloadr-CLA at Sophos

...

Troj/DLoadr-CLB

- Troj/DLoadr-CLB at Sophos

...

Troj/DLoadr-CLC

- Troj/DLoadr-CLC at Sophos

...

Troj/Dloadr-CLD

- Troj/Dloadr-CLD at Sophos

...

Troj/PDFJs-AP

- Troj/PDFJs-AP at Sophos

Troj/PDFJs-AP is a PDF that contains malicious JavaScript.
...

Troj/ZBot-ET

- Troj/ZBot-ET at Sophos

...

0 writebacks [04/14/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090412

W32.Preavi!inf

- W32.Preavi!inf at Norton Symantec

W32.Preavi!inf is a detection for executable files modified by W32.Preavi.
...

JS.Twettir

- JS.Twettir at Norton Symantec

JS.Twettir is a worm that exploits a bug in the Twitter messaging client so that it can perform a cross-site
scripting attack. The worm attempts to spread by infecting user accounts.
...

W32.Preavi

- W32.Preavi at Norton Symantec

W32.Preavi is a worm that spreads through removable drives. It also infects executable files on the
compromised computer.
...

Trojan.Bankpatch.D

- Trojan.Bankpatch.D at Norton Symantec

Trojan.Bankpatch.D is a Trojan horse that modifies system files and attempts to steal information from the
compromised computer.
...

Troj/AutoIt-DK

- Troj/AutoIt-DK at Sophos

...

W32/Waled-CP

- W32/Waled-CP at Sophos

...

Troj/Agent-JNP

- Troj/Agent-JNP at Sophos

...

Troj/Dloadr-CKQ

- Troj/Dloadr-CKQ at Sophos

Troj/Dloadr-CKQ is a malicious JavaScript Trojan that attempts to load other malicous content when
the page is browsed.
...

Troj/Mdrop-CBC

- Troj/Mdrop-CBC at Sophos

...

Troj/Mdrop-CBD

- Troj/Mdrop-CBD at Sophos

...

Troj/PDFex-AR

- Troj/PDFex-AR at Sophos

...

JS/Yemik-A

- JS/Yemik-A at Sophos

JS/Yemik-A is a worm that spreads through Twitter. JS/Yemik-A exploits an
XSS vulnerability in Twitter in order to modify user profiles such that the profiles of any other users who
browse that profile are infected.
...

Mal/Inject-J

- Mal/Inject-J at Sophos

Mal/Inject-J is a malicious program for the Windows platform.
...

Mal/Sality-C

- Mal/Sality-C at Sophos

Mal/Sality-C is a virus for the Windows platform. Mal/Sality-C also spreads
by copying itself to removable devices. The malicious autorun.inf files with hidden, system and read-only
attributes are detected as Mal/AutoInf-A. Mal/Sality-C may drop another EXE which is
proactivel...

Troj/FakMSA-Gen

Troj/PDFEx-AU

- Troj/PDFEx-AU at Sophos

...

Troj/Zbot-ES

- Troj/Zbot-ES at Sophos

...

Mal/PDFEx-D

- Mal/PDFEx-D at Sophos

Mal/PDFEx-D is a malicious PDF file.
...

Troj/Agent-JNS

- Troj/Agent-JNS at Sophos

...

Troj/Bckdr-QTK

- Troj/Bckdr-QTK at Sophos

...

Troj/Dloadr-CKS

- Troj/Dloadr-CKS at Sophos

Troj/Dloadr-CKS is a downloader Trojan for the Windows platform.
...

Troj/Dloadr-CKT

0 writebacks [04/13/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090411

Troj/Agent-JNO

- Troj/Agent-JNO at Sophos

...

Troj/Pushdo-AJ

- Troj/Pushdo-AJ at Sophos

...

Troj/Agent-JNQ

- Troj/Agent-JNQ at Sophos

...

Troj/Dloadr-CKR

- Troj/Dloadr-CKR at Sophos

...

Troj/Hiloti-D

- Troj/Hiloti-D at Sophos

...

Troj/Inject-GL

- Troj/Inject-GL at Sophos

...

Troj/OnlineG-BO

- Troj/OnlineG-BO at Sophos

...

Troj/PWS-AZS

- Troj/PWS-AZS at Sophos

...

Troj/SkimTrim-D

- Troj/SkimTrim-D at Sophos

...

W32.Preavi!inf

- W32.Preavi!inf at Norton Symantec

W32.Preavi!inf is a detection for executable files modified by W32.Preavi.
...

JS.Twettir

W32.Preavi

- W32.Preavi at Norton Symantec

W32.Preavi is a worm that spreads through removable drives. It also infects executable files on the
compromised computer.
...

Trojan.Bankpatch.D

- Trojan.Bankpatch.D at Norton Symantec

Trojan.Bankpatch.D is a Trojan horse that modifies system files and attempts to steal information from the
compromised computer.
...

Troj/AutoIt-DK

- Troj/AutoIt-DK at Sophos

...

W32/Waled-CP

- W32/Waled-CP at Sophos

...

Troj/Agent-JNP

- Troj/Agent-JNP at Sophos

...

Troj/Dloadr-CKQ

- Troj/Dloadr-CKQ at Sophos

Troj/Dloadr-CKQ is a malicious JavaScript Trojan that attempts to load other malicous content when
the page is browsed.
...

Troj/Mdrop-CBC

- Troj/Mdrop-CBC at Sophos

...

Troj/Mdrop-CBD

- Troj/Mdrop-CBD at Sophos

...

Troj/PDFex-AR

- Troj/PDFex-AR at Sophos

...

JS/Yemik-A

Mal/Inject-J

- Mal/Inject-J at Sophos

Mal/Inject-J is a malicious program for the Windows platform.
...

Mal/Sality-C

0 writebacks [04/12/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090410

Suspicious.Graybird

- Suspicious.Graybird at Norton Symantec

Suspicious.Graybird is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Bloodhound.Exploit.229

- Bloodhound.Exploit.229 at Norton Symantec

Bloodhound.Exploit.229 is a heuristic detection for files attempting to exploit the Microsoft Windows Kernel
GDI EMF/WMF Remote Code Execution Vulnerability (BID 34012).
...

Bloodhound.PDF.10

- Bloodhound.PDF.10 at Norton Symantec

Bloodhound.PDF.10 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_WALEDAC.ED

- WORM_WALEDAC.ED at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may also
be downloaded unknowingly by a user when visiting malicious Web site(s).It makes multiple changes to the
Windows registry, some of which allow its automatic execution at every system startup.It propagates by sending
spam mail...

Troj/Rbot-GXT

- Troj/Rbot-GXT at Sophos

...

Troj/Agent-JNN

- Troj/Agent-JNN at Sophos

...

Troj/Dloadr-CKM

- Troj/Dloadr-CKM at Sophos

...

Troj/Dloadr-CKN

- Troj/Dloadr-CKN at Sophos

...

Troj/Dloadr-CKO

- Troj/Dloadr-CKO at Sophos

...

Troj/Banker-ERD

- Troj/Banker-ERD at Sophos

...

Troj/FakeAV-ON

- Troj/FakeAV-ON at Sophos

...

Troj/FakeAv-OO

- Troj/FakeAv-OO at Sophos

...

Troj/Hiloti-C

- Troj/Hiloti-C at Sophos

...

Mal/IRCBot-J

- Mal/IRCBot-J at Sophos

Mal/IRCBot-J runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run Mal/IRCBot-J usually copies itself to <Windows>\fxsteller.exe. The
following regist...

Troj/Agent-JNO

- Troj/Agent-JNO at Sophos

...

Troj/Pushdo-AJ

- Troj/Pushdo-AJ at Sophos

...

Troj/Agent-JNQ

- Troj/Agent-JNQ at Sophos

...

Troj/Dloadr-CKR

- Troj/Dloadr-CKR at Sophos

...

Troj/Hiloti-D

- Troj/Hiloti-D at Sophos

...

Troj/Inject-GL

- Troj/Inject-GL at Sophos

...

Troj/OnlineG-BO

- Troj/OnlineG-BO at Sophos

...

Troj/PWS-AZS

- Troj/PWS-AZS at Sophos

...

Troj/SkimTrim-D

- Troj/SkimTrim-D at Sophos

...

0 writebacks [04/11/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090409

W32.Downadup.E

- W32.Downadup.E at Norton Symantec

W32.Downadup.E is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (BID 31874). It also drops a copy of W32.Downadup.C.
...

Mal/Zbot-L

- Mal/Zbot-L at Sophos

...

Troj/Agent-JNM

- Troj/Agent-JNM at Sophos

...

Troj/ConfDr-Gen

- Troj/ConfDr-Gen at Sophos

Troj/ConfDr-Gen is a Trojan for the Windows platform. Troj/ConfDr-Gen is
associated with the Conficker malware family. Troj/ConfDr-Gen can install malware on
the host, which Sophos detects as Mal/Conficker-B.
...

Troj/PDFEx-AQ

- Troj/PDFEx-AQ at Sophos

...

Troj/ZBot-ER

- Troj/ZBot-ER at Sophos

...

Mal/ObfJS-BS

- Mal/ObfJS-BS at Sophos

Mal/ObfJS-BS is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Troj/ZBot-EQ

- Troj/ZBot-EQ at Sophos

...

Mal/Autorun-TR

- Mal/Autorun-TR at Sophos

...

Mal/Behav-310

- Mal/Behav-310 at Sophos

...

Mal/SkimTrim-A

- Mal/SkimTrim-A at Sophos

...

Suspicious.Graybird

Bloodhound.Exploit.229

Bloodhound.PDF.10

- Bloodhound.PDF.10 at Norton Symantec

Bloodhound.PDF.10 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_WALEDAC.ED

Troj/Rbot-GXT

- Troj/Rbot-GXT at Sophos

...

Troj/Agent-JNN

- Troj/Agent-JNN at Sophos

...

Troj/Dloadr-CKM

- Troj/Dloadr-CKM at Sophos

...

Troj/Dloadr-CKN

- Troj/Dloadr-CKN at Sophos

...

Troj/Dloadr-CKO

- Troj/Dloadr-CKO at Sophos

...

Troj/Banker-ERD

- Troj/Banker-ERD at Sophos

...

Troj/FakeAV-ON

- Troj/FakeAV-ON at Sophos

...

Troj/FakeAv-OO

- Troj/FakeAv-OO at Sophos

...

Troj/Hiloti-C

- Troj/Hiloti-C at Sophos

...

Mal/IRCBot-J

0 writebacks [04/10/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090408

Antivirus360

- Antivirus360 at Norton Symantec

BehaviorAntivirus360 is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.SillyFDC.BBO

- W32.SillyFDC.BBO at Norton Symantec

W32.SillyFDC.BBO is a worm that spreads by copying itself to removable drives.
...

WORM_DOWNAD.E

- WORM_DOWNAD.E at Trend Micro

This worm may be downloaded unknowingly by a user when visiting malicious Web sites.This worm creates registry
entries, and executes only after meeting certain trigger conditions. This worm propagates by taking advantage
of a vulnerability discovered in certain Microsoft operating systems that could allow remote code execution if
an ...

WORM_NEERIS.A

- WORM_NEERIS.A at Trend Micro

This worm has received attention from independent media sources and/or other security firms.It is capable of
propagating using multiple vectors: via network shares and removable drives, via software vulnerabilities to
propagate across networks, and via the instant messenger, MSN Messenger. It exploits a Server service
vulnerability t...

Banker.LSL

- Banker.LSL at Panda

...

SystemProtector

- SystemProtector at Panda

...

Mal/Behav-305

- Mal/Behav-305 at Sophos

...

Mal/Behav-311

- Mal/Behav-311 at Sophos

Mal/Behav-311 is a file that exhibits malicious behavior. Mal/Behav-311
malware typically attempts to spread by exploiting MS08-067.
...

Mal/Dloadr-K

- Mal/Dloadr-K at Sophos

...

Mal/Dropper-DL

- Mal/Dropper-DL at Sophos

...

Mal/Kouto-C

- Mal/Kouto-C at Sophos

...

Mal/QQPass-L

- Mal/QQPass-L at Sophos

...

Mal/VB-AGS

- Mal/VB-AGS at Sophos

...

Troj/Banker-ERC

- Troj/Banker-ERC at Sophos

...

Troj/FakeAV-OK

- Troj/FakeAV-OK at Sophos

...

Troj/FakeAV-OL

- Troj/FakeAV-OL at Sophos

...

W32.Downadup.E

Mal/Zbot-L

- Mal/Zbot-L at Sophos

...

Troj/Agent-JNM

- Troj/Agent-JNM at Sophos

...

Troj/ConfDr-Gen

Troj/PDFEx-AQ

- Troj/PDFEx-AQ at Sophos

...

Troj/ZBot-ER

- Troj/ZBot-ER at Sophos

...

Mal/ObfJS-BS

- Mal/ObfJS-BS at Sophos

Mal/ObfJS-BS is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Troj/ZBot-EQ

- Troj/ZBot-EQ at Sophos

...

Mal/Autorun-TR

- Mal/Autorun-TR at Sophos

...

Mal/Behav-310

- Mal/Behav-310 at Sophos

...

Mal/SkimTrim-A

- Mal/SkimTrim-A at Sophos

...

0 writebacks [04/09/2009 21:46] [] permanent link

Virus Malware and Threat News for 20090407

Bloodhound.Exploit.231

- Bloodhound.Exploit.231 at Norton Symantec

Bloodhound.Exploit.231 is a heuristic detection for files attempting to exploit the Microsoft PowerPoint File
Parsing Remote Code Execution Vulnerability (BID 34351).
...

Packed.Generic.218

- Packed.Generic.218 at Norton Symantec

Packed.Generic.218 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/ObfJS-BJ

- Mal/ObfJS-BJ at Sophos

Mal/ObfJS-BJ is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Troj/Bancos-BFL

- Troj/Bancos-BFL at Sophos

...

Troj/Banker-ERB

- Troj/Banker-ERB at Sophos

...

Troj/FakeAV-OJ

- Troj/FakeAV-OJ at Sophos

...

Troj/Meredr-Fam

- Troj/Meredr-Fam at Sophos

Troj/Meredr-Fam is a family of Trojan droppers for the Windows platform.
...

W32/Waled-CM

- W32/Waled-CM at Sophos

...

W32/Waled-CN

- W32/Waled-CN at Sophos

...

Troj/Agent-JMU

- Troj/Agent-JMU at Sophos

...

Troj/Agent-JMV

- Troj/Agent-JMV at Sophos

Troj/Agent-JMV is a Trojan for the Windows platform. Troj/Agent-JMV
disables booting in safe mode by deleting all registry entries under:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot Troj/Agent-JMV contacts
remote websites and drops additional malware...

Antivirus360

- Antivirus360 at Norton Symantec

BehaviorAntivirus360 is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.SillyFDC.BBO

- W32.SillyFDC.BBO at Norton Symantec

W32.SillyFDC.BBO is a worm that spreads by copying itself to removable drives.
...

WORM_DOWNAD.E

WORM_NEERIS.A

Banker.LSL

- Banker.LSL at Panda

...

SystemProtector

- SystemProtector at Panda

...

Mal/Behav-305

- Mal/Behav-305 at Sophos

...

Mal/Behav-311

- Mal/Behav-311 at Sophos

Mal/Behav-311 is a file that exhibits malicious behavior. Mal/Behav-311
malware typically attempts to spread by exploiting MS08-067.
...

Mal/Dloadr-K

- Mal/Dloadr-K at Sophos

...

Mal/Dropper-DL

- Mal/Dropper-DL at Sophos

...

Mal/Kouto-C

- Mal/Kouto-C at Sophos

...

Mal/QQPass-L

- Mal/QQPass-L at Sophos

...

Mal/VB-AGS

- Mal/VB-AGS at Sophos

...

Troj/Banker-ERC

- Troj/Banker-ERC at Sophos

...

Troj/FakeAV-OK

- Troj/FakeAV-OK at Sophos

...

Troj/FakeAV-OL

- Troj/FakeAV-OL at Sophos

...

0 writebacks [04/08/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090406

W32.Woospi!inf

- W32.Woospi!inf at Norton Symantec

W32.Woospi!inf is a detection for the Windows system files modified by W32.Woospi.
...

Adware.Hotbar

- Adware.Hotbar at Norton Symantec

BehaviorAdware.Hotbar adds graphical skins to Internet Explorer, Microsoft Outlook, and Outlook Express
toolbars and also adds its own toolbar and search button. These custom toolbars have keyword-targeted
advertisements built into them.
...

TROJ_PIDIEF.OE

- TROJ_PIDIEF.OE at Trend Micro

This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.It takes advantage of a vulnerability in Adobe Reader and Acrobat Reader. When exploited
successfully, the aforementioned programs crash, which may potentially allow an attacker to take control of
the affected syst...

TROJ_PPDROP.AB

- TROJ_PPDROP.AB at Trend Micro

This is the Trend Micro detection for Powerpoint files that are compromised with malicious codes.This Trojan
may be downloaded unknowingly by a user when visiting malicious Web site(s).It exploits the following zero-day
software vulnerability to allow itself to drop and execute embedded files:Microsoft Security Advisory
(969136)More ...

Mal/Mdrop-L

- Mal/Mdrop-L at Sophos

...

Troj/BHO-LK

- Troj/BHO-LK at Sophos

...

Troj/Mdrop-CBA

- Troj/Mdrop-CBA at Sophos

...

Troj/PDFJs-AO

- Troj/PDFJs-AO at Sophos

Troj/PDFJs-AO is a PDF that contains malicious JavaScript.
...

Troj/TDSS-Z

- Troj/TDSS-Z at Sophos

...

Troj/Agent-JMP

- Troj/Agent-JMP at Sophos

Troj/Agent-JMP copies itself to <System>\spools.exe. Troj/Agent-JMP
creates the registry value HKLM\OSFTWARE\Micrososft\Windows\CurrentVersion\Run
Spools Service Controller <System>\spools.exe Troj/Agent-JMP deletes
the ...

Troj/FakeVir-LU

- Troj/FakeVir-LU at Sophos

...

Troj/JSRedir-N

- Troj/JSRedir-N at Sophos

Troj/JSRedir-N attempts to download and execute more malicious code.
...

Troj/JSRedir-O

- Troj/JSRedir-O at Sophos

Troj/JSRedir-O is a Trojan that attempts to download and execute more malicious code.
...

Troj/ObfJS-J

- Troj/ObfJS-J at Sophos

Troj/ObfJS-J is a malicious JavaScript that attempts to download and execute more code.
...

Bloodhound.Exploit.231

Packed.Generic.218

- Packed.Generic.218 at Norton Symantec

Packed.Generic.218 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/ObfJS-BJ

- Mal/ObfJS-BJ at Sophos

Mal/ObfJS-BJ is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Troj/Bancos-BFL

- Troj/Bancos-BFL at Sophos

...

Troj/Banker-ERB

- Troj/Banker-ERB at Sophos

...

Troj/FakeAV-OJ

- Troj/FakeAV-OJ at Sophos

...

Troj/Meredr-Fam

- Troj/Meredr-Fam at Sophos

Troj/Meredr-Fam is a family of Trojan droppers for the Windows platform.
...

W32/Waled-CM

- W32/Waled-CM at Sophos

...

W32/Waled-CN

- W32/Waled-CN at Sophos

...

Troj/Agent-JMU

- Troj/Agent-JMU at Sophos

...

Troj/Agent-JMV

0 writebacks [04/07/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090405

W32.Woospi

- W32.Woospi at Norton Symantec

W32.Woospi is a worm that modifies certain Windows system files.
...

W32.SillyFDC.BBN

- W32.SillyFDC.BBN at Norton Symantec

W32.SillyFDC.BBN is a worm that spreads by copying itself to removable drives.
...

Troj/Agent-JMK

- Troj/Agent-JMK at Sophos

Troj/Agent-JMK is a Trojan for the Windows platform. When run
Troj/Agent-JMK copies itself to <Recycled>\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
and sets the following registry entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ...

Troj/DwnLdr-HPV

- Troj/DwnLdr-HPV at Sophos

...

W32/Autorun-AED

- W32/Autorun-AED at Sophos

When W32/Autorun-AED is installed the following files are created:
<Start Menu\Programs>\BestPlayer\Uninstall.lnk <Program Files>\BestPlayer\Uninstall.exe
<Root>\autorun.inf - detected as Mal/AutoInf-A
<Root>\RECYCLER\S-7-4-38-100004406-100016...

Troj/FakeAle-MU

- Troj/FakeAle-MU at Sophos

...

W32.Woospi!inf

- W32.Woospi!inf at Norton Symantec

W32.Woospi!inf is a detection for the Windows system files modified by W32.Woospi.
...

Adware.Hotbar

TROJ_PIDIEF.OE

TROJ_PPDROP.AB

Mal/Mdrop-L

- Mal/Mdrop-L at Sophos

...

Troj/BHO-LK

- Troj/BHO-LK at Sophos

...

Troj/Mdrop-CBA

- Troj/Mdrop-CBA at Sophos

...

Troj/PDFJs-AO

- Troj/PDFJs-AO at Sophos

Troj/PDFJs-AO is a PDF that contains malicious JavaScript.
...

Troj/TDSS-Z

- Troj/TDSS-Z at Sophos

...

Troj/Agent-JMP

Troj/FakeVir-LU

- Troj/FakeVir-LU at Sophos

...

Troj/JSRedir-N

- Troj/JSRedir-N at Sophos

Troj/JSRedir-N attempts to download and execute more malicious code.
...

Troj/JSRedir-O

- Troj/JSRedir-O at Sophos

Troj/JSRedir-O is a Trojan that attempts to download and execute more malicious code.
...

Troj/ObfJS-J

- Troj/ObfJS-J at Sophos

Troj/ObfJS-J is a malicious JavaScript that attempts to download and execute more code.
...

0 writebacks [04/06/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090404

Trojan.Adgunbe!inf

- Trojan.Adgunbe!inf at Norton Symantec

Trojan.Adgunbe!inf is a detection for infected WS2_32.dll files.
...

Trojan.Iphougo

- Trojan.Iphougo at Norton Symantec

Trojan.Iphougo is a Trojan horse that attempts to download a remote file on to the compromised computer.
...

Troj/Agent-JMH

- Troj/Agent-JMH at Sophos

...

Troj/Agent-JMI

- Troj/Agent-JMI at Sophos

...

W32/Autorun-AEB

- W32/Autorun-AEB at Sophos

...

Troj/DwnLdr-HPR

- Troj/DwnLdr-HPR at Sophos

...

Troj/FakeAle-MT

- Troj/FakeAle-MT at Sophos

...

Troj/Agent-JMG

- Troj/Agent-JMG at Sophos

...

Troj/CoreFl-Gen

- Troj/CoreFl-Gen at Sophos

Troj/CoreFl-Gen is a family of backdoor Trojans. Typically Trojans drop a
randomly named DLL file in the Temp folder. A copy of this is made in the Windows system folder with a random
filename and a DIL file extension. The Trojan also drops multiple DAT files with randomly generated names.
...

Troj/FakeAV-OF

- Troj/FakeAV-OF at Sophos

...

Troj/FakeAV-OG

- Troj/FakeAV-OG at Sophos

...

W32.Woospi

- W32.Woospi at Norton Symantec

W32.Woospi is a worm that modifies certain Windows system files.
...

W32.SillyFDC.BBN

- W32.SillyFDC.BBN at Norton Symantec

W32.SillyFDC.BBN is a worm that spreads by copying itself to removable drives.
...

Troj/Agent-JMK

Troj/DwnLdr-HPV

- Troj/DwnLdr-HPV at Sophos

...

W32/Autorun-AED

Troj/FakeAle-MU

- Troj/FakeAle-MU at Sophos

...

0 writebacks [04/05/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090403

W32.Relnek.A

- W32.Relnek.A at Norton Symantec

W32.Relnek.A is a virus that infects executable files on mapped and removable drives.
...

Trojan.PPDropper.H

- Trojan.PPDropper.H at Norton Symantec

Trojan.PPDropper.H is a Trojan that attempts to exploit the Microsoft PowerPoint File Parsing Remote Code
Execution Vulnerability (BID 34351) in order to drop more files on to the compromised computer.
...

Troj/Keygen-CX

- Troj/Keygen-CX at Sophos

...

W32/Autorun-AEA

- W32/Autorun-AEA at Sophos

W32/Autorun-AEA is a worm for the Windows platform. W32/Autorun-AEA
attempts to copy itself to files beginning "juejo" on removable drives and network shares, and create the file
autorun.inf to run them automatically. This file is detected as Mal/AutoInf-A.
W32/Autorun-AEA may...

Troj/Agent-JME

- Troj/Agent-JME at Sophos

...

Troj/Dwnldr-HPT

- Troj/Dwnldr-HPT at Sophos

...

Troj/ExpPPT-B

- Troj/ExpPPT-B at Sophos

Troj/ExpPPT-B is a malicious PowerPoint presentation that attempts to exploit Microsoft PowerPoint
vulnerability described in CVE-2009-0556.
...

Troj/Keygen-CY

- Troj/Keygen-CY at Sophos

Troj/Keygen-CY is an illegal key generator for Nero burning software
...

Troj/Poison-AU

- Troj/Poison-AU at Sophos

...

Troj/Qhosts-E

- Troj/Qhosts-E at Sophos

Troj/Qhosts-E is a Trojan for the Windows platform. Troj/Qhosts-E installs
itself to <WINDOWS>\sysguard.exe and sets the following registry entry to run on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\system tool
<WIND...

W32/Rbot-GXS

- W32/Rbot-GXS at Sophos

...

Trojan.Adgunbe!inf

- Trojan.Adgunbe!inf at Norton Symantec

Trojan.Adgunbe!inf is a detection for infected WS2_32.dll files.
...

Trojan.Iphougo

- Trojan.Iphougo at Norton Symantec

Trojan.Iphougo is a Trojan horse that attempts to download a remote file on to the compromised computer.
...

Troj/Agent-JMH

- Troj/Agent-JMH at Sophos

...

Troj/Agent-JMI

- Troj/Agent-JMI at Sophos

...

W32/Autorun-AEB

- W32/Autorun-AEB at Sophos

...

Troj/DwnLdr-HPR

- Troj/DwnLdr-HPR at Sophos

...

Troj/FakeAle-MT

- Troj/FakeAle-MT at Sophos

...

Troj/Agent-JMG

- Troj/Agent-JMG at Sophos

...

Troj/CoreFl-Gen

Troj/FakeAV-OF

- Troj/FakeAV-OF at Sophos

...

Troj/FakeAV-OG

- Troj/FakeAV-OG at Sophos

...

0 writebacks [04/04/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090402

W32.Unruy.A

- W32.Unruy.A at Norton Symantec

W32.Unruy.A is a companion virus that creates additional files in order to execute itself.
...

TROJ_MEBROOT.BD

- TROJ_MEBROOT.BD at Trend Micro

This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.Upon execution, it drops files. It overwrites the MBR (Master Boot Record) with its own code. This
routine enables it to start even before the operating system is loaded.
...

Troj/Arkdoor-C

- Troj/Arkdoor-C at Sophos

Troj/Arkdoor-C is a backdoor Trojan for Linux platforms.
...

Troj/BHODrop-E

- Troj/BHODrop-E at Sophos

Troj/BHODrop-E is a Trojan for the Windows platform. When Troj/BHODrop-E is
installed it creates the file <Program Files>\Common\helper.dll or <Program
Files>\WinBudget\Comon\helper.dll, detected as Mal/BHO-O. Troj/BHODrop-E may attempt
to delete registry entries u...

Troj/CrisCras-A

- Troj/CrisCras-A at Sophos

Troj/CrisCras-A is a Trojan for Linux platform. Troj/CrisCras-A makes use
of an old sshd crc vulnerability to provide remote root access on vulnerable systems. ( All current linux
distributions, that are up to date, are not vulnerable to this at the time of this writing.
)...

Troj/Delf-FBX

- Troj/Delf-FBX at Sophos

...

Troj/Dloadr-CKF

- Troj/Dloadr-CKF at Sophos

Troj/Dloadr-CKF is a Trojan for the Windows platform. Troj/Dloadr-CKF
copies itself to <WINDOWS>\<numbers>.exe. Troj/Dloadr-CKF also drops
additional malware which Sophos detects as Troj/Rootkit-DK.
...

Troj/Inject-GH

- Troj/Inject-GH at Sophos

Troj/Inject-GH is a Trojan for the Windows platform. Troj/Inject-GH
installs itself to the following folder C:\Documents and
Settings\<HOST>\<HOST>.exe where HOST is the host name of the computer.
Troj/Inject-GH injec...

W32/Waled-CJ

- W32/Waled-CJ at Sophos

...

W32/Waled-CK

- W32/Waled-CK at Sophos

...

W32/Waled-CL

- W32/Waled-CL at Sophos

...

Troj/Agent-JMA

- Troj/Agent-JMA at Sophos

...

W32.Relnek.A

- W32.Relnek.A at Norton Symantec

W32.Relnek.A is a virus that infects executable files on mapped and removable drives.
...

Trojan.PPDropper.H

Troj/Keygen-CX

- Troj/Keygen-CX at Sophos

...

W32/Autorun-AEA

Troj/Agent-JME

- Troj/Agent-JME at Sophos

...

Troj/Dwnldr-HPT

- Troj/Dwnldr-HPT at Sophos

...

Troj/ExpPPT-B

- Troj/ExpPPT-B at Sophos

Troj/ExpPPT-B is a malicious PowerPoint presentation that attempts to exploit Microsoft PowerPoint
vulnerability described in CVE-2009-0556.
...

Troj/Keygen-CY

- Troj/Keygen-CY at Sophos

Troj/Keygen-CY is an illegal key generator for Nero burning software
...

Troj/Poison-AU

- Troj/Poison-AU at Sophos

...

Troj/Qhosts-E

W32/Rbot-GXS

- W32/Rbot-GXS at Sophos

...

0 writebacks [04/03/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090401

Trojan-PSW:W32/Steam

- Trojan-PSW:W32/Steam at F-Secure

...

Suspicious.Skintrim

- Suspicious.Skintrim at Norton Symantec

Suspicious.Skintrim is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Suspicious.Vundo.2

- Suspicious.Vundo.2 at Norton Symantec

Suspicious.Vundo.2 is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Suspicious.Tidserv

- Suspicious.Tidserv at Norton Symantec

Suspicious.Tidserv is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Banker.LSJ

- Banker.LSJ at Panda

It reaches the computer in a phishing message indicating users that they have to update the online banking
service of a certain banking entity from Argentina. In order to do so, it uses images that imitate the
legitimate service of this banking entity, in order to steal users' banking data.
...

PrivacyCenter

- PrivacyCenter at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/TDSSPack-F

- Mal/TDSSPack-F at Sophos

...

Troj/Banker-EQV

- Troj/Banker-EQV at Sophos

...

Troj/Banker-EQW

- Troj/Banker-EQW at Sophos

...

Troj/CoreFloo-P

- Troj/CoreFloo-P at Sophos

...

Troj/RkGold-Gen

- Troj/RkGold-Gen at Sophos

...

W32/AutoRun-ADT

- W32/AutoRun-ADT at Sophos

W32/AutoRun-ADT is a worm for the Windows platform. When run,
W32/AutoRun-ADT copies itself to <System>\DarksUSB.exe and sets the following
registry entry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DUSB
<System>...

W32/Rbot-GXR

- W32/Rbot-GXR at Sophos

...

Troj/Agent-JKW

- Troj/Agent-JKW at Sophos

...

Troj/FakeAle-MS

- Troj/FakeAle-MS at Sophos

...

W32/Rbot-GXQ

- W32/Rbot-GXQ at Sophos

W32/Rbot-GXQ is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-GXQ runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. W32/Rbot-GXQ
may attempt...

W32.Unruy.A

- W32.Unruy.A at Norton Symantec

W32.Unruy.A is a companion virus that creates additional files in order to execute itself.
...

TROJ_MEBROOT.BD

Troj/Arkdoor-C

- Troj/Arkdoor-C at Sophos

Troj/Arkdoor-C is a backdoor Trojan for Linux platforms.
...

Troj/BHODrop-E

Troj/CrisCras-A

Troj/Delf-FBX

- Troj/Delf-FBX at Sophos

...

Troj/Dloadr-CKF

Troj/Inject-GH

W32/Waled-CJ

- W32/Waled-CJ at Sophos

...

W32/Waled-CK

- W32/Waled-CK at Sophos

...

W32/Waled-CL

- W32/Waled-CL at Sophos

...

Troj/Agent-JMA

- Troj/Agent-JMA at Sophos

...

0 writebacks [04/02/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090331

Trojan-Spy:W32/Banker.JAG

- Trojan-Spy:W32/Banker.JAG at F-Secure

...

Autorun.ITS

- Autorun.ITS at Panda

It is programmed to carry out plenty of modifications in the Windows Registry, which prevent the computer from
working properly. However, due to a programming error, it only disables several functions, such as Search from
the Start menu or System Restore. It spreads via the mapped, shared and removable drives.
...

Troj/Agent-JLP

- Troj/Agent-JLP at Sophos

...

Troj/Banker-EQT

- Troj/Banker-EQT at Sophos

...

Troj/DwnLdr-HPP

- Troj/DwnLdr-HPP at Sophos

...

W32/Autorun-ADQ

- W32/Autorun-ADQ at Sophos

...

W32/Autorun-ADR

- W32/Autorun-ADR at Sophos

...

W32/Spybot-OQ

- W32/Spybot-OQ at Sophos

W32/Spybot-OQ is a worm for the Windows platform. When run W32/Spybot-OQ
copies itself to <Windows>\System\svhost.exe and creates
the file <System>\drivers\sysdrv32.sys - detected as W32/Rbot-GXM
...