MWBLOG.ORG

Virus Malware and Threat News for 20090729

RegistryEasy

- RegistryEasy at Norton Symantec

BehaviorRegistryEasy is a potentially unwanted application that is being promoted through aggressive means.
...

JS_OWCREF.A

- JS_OWCREF.A at Trend Micro

...

Troj/FakeAV-WP

- Troj/FakeAV-WP at Sophos

...

Troj/Mdrop-CEK

- Troj/Mdrop-CEK at Sophos

...

W32/AutoRun-AMZ

- W32/AutoRun-AMZ at Sophos

...

W32/Autorun-ANA

- W32/Autorun-ANA at Sophos

W32/Autorun-ANA spreads by copying itself to removable devices such as USB sticks.
W32/Autorun-ANA copies itself to the <profile> folder as a hidden file and creates the following
registry entry to run itself on system restart:
HKCU\Software\Microsoft\Windows\CurrentVers...

W32/AutoRun-ANB

- W32/AutoRun-ANB at Sophos

...

W32/Autorun-ANC

- W32/Autorun-ANC at Sophos

...

JS/Agent-KRL

- JS/Agent-KRL at Sophos

...

Troj/Agent-KRM

- Troj/Agent-KRM at Sophos

...

Troj/Clicker-FK

- Troj/Clicker-FK at Sophos

...

XM/Laroux-AP

- XM/Laroux-AP at Sophos

XM/Laroux-AP is a variant of XM/Laroux which uses the file ECSYSTEM.XLS to store itself.
...

Suspicious.Cinmeng

- Suspicious.Cinmeng at Norton Symantec

Suspicious.Cinmeng is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

AL/Utax-A

- AL/Utax-A at Sophos

AL/Utax-A arrives a the file acaddoc.fas and will attempt to load acad.reg.
...

Mal/RusDrp-A

- Mal/RusDrp-A at Sophos

...

Mal/Wintrim-B

- Mal/Wintrim-B at Sophos

...

Troj/Agent-KRR

- Troj/Agent-KRR at Sophos

...

Troj/Agent-KRS

- Troj/Agent-KRS at Sophos

...

Troj/FakeAle-OV

- Troj/FakeAle-OV at Sophos

...

Troj/FakeAle-OW

- Troj/FakeAle-OW at Sophos

...

Troj/FakeAle-OX

- Troj/FakeAle-OX at Sophos

...

W32/Autorun-ANF

- W32/Autorun-ANF at Sophos

W32/Autorun-ANF is a worm for the Windows platform. When run
W32/Autorun-ANF creates the following files: <System>\28463\svchost.001
<System>\28463\svchost.exe <System>\regsvr.exe <System>\setup.ini
<Window...