Archive for February, 2010
Trojan-GameThief.Win32.Magania.cjqd
Threat Name: Trojan-GameThief.Win32.Magania.cjqd
Different descriptin:Net-Worm.SillyFDC [PCTools]
W32.SillyFDC [Symantec]
Trojan-GameThief.Win32.Magania.cjqd [Kaspersky Lab]
PWS-Mmorpg!ha [McAfee]
Mal/Taterf-B, Mal/Taterf-A [Sophos]
Worm:Win32/Taterf.B [Microsoft]
Dropper/OnlineGameHack.116183 [AhnLab]
Spread Method:
Windows Vulnerability
E-Mail
detect files name: C:\nds0q.exe
%Temp%\cvasds0.dll
%Temp%\cvasds1.dll
%Temp%\cvasds2.dll
%Temp%\herss.exe
c:\nds0q.exe
c:\autorun.inf
The newly created Registry Value is:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
cdoosoft = “%Temp%\herss.exe”
Threat type:Trojan-GameThief.Win32
Trojan-GameThief.Win32.Magania.cjqd first detected:2010-02-28
Virus file known is Unkown type
File Size:587K Bytes.
Behavior:Attempted Connection to External Sites
Level of Spread:2
Level of Threat:6
Reported Path:Unkonow path
MD5:i2ttoV6YuKowIsevPh0BV7r0D45X30M1
SHA1..:5Oc08wYh1lp2kb4eq5JjxE0HlTWgRInL8q3311hi
February 28th, 2010 | Posted in NOD32, TrendMicro | No Comments
Threat Name: Trojan.Win32.Fraudpack.amau
Description as :Trojan.Win32.Fraudpack.amau in C:\Documents and Settings\Local Settings\TEMP\7.682492419092743E8.EXE. Kaspersky seems to have quarantined it the day it detected it. But the next day it pops up again multiple times, along with the following:
Trojan.Win32.FraudPack.ambs in C:\Documents and Settings\Local Settings\TEMP\2.0650159810297944E7.EXE
Trojan.Win32.FraudPack.ambs in C:\Documents and Settings\Local Settings\Application Data\av.exe
Trojan.Win32.FraudPack.ambs in C:\Documents and Settings\Local Settings\Application Data\MSASCui.exe
Trojan.Win32.FraudPack.amau in C:\Documents and [...]
February 28th, 2010 | Posted in Kaspersky | No Comments
zpharaoh.exe; s1.exe; qw6t0mpm.exe; q1.exe; kernel.dll; 4tddfwq2.dll; pwldypob.sys; xyskjxwmmfcwoikawqqgc.exe; vumczliwulgyogguoge.exe; pjf.exe; kizokvrebrlcrihune.exe; byocxhcokzsiwmkwo.exe; awx.exe; asr64_ldm.exe; ahhwcru.exe; asr64_ldm.exe; pjf.exe; awx.exe; xyskjxwmmfcwoikawqqgc.exe; xyskjxwmmfcwoikawqqgc.exe; vumczliwulgyogguoge.exe; vumczliwulgyogguoge.exe; kizokvrebrlcrihune.exe; byocxhcokzsiwmkwo.exe; byocxhcokzsiwmkwo.exe; ahhwcru.exe; winjrbp.exe; wgicyd.exe; winjfqyo.exe; ommu.exe; pjf.exe; wintbnfdt.exe; ivykf.exe; awx.exe; gxo.exe; ximox.exe; winfselyo.exe; w8a67c3.exe; gtk21.tmp; ahhwcru.exe; adnubroi.exe; ek1.exe; winnthu.exe; bqyi.exe; bbq.exe; kcxow.exe; les welch.exe; 7tbfcy86.exe; sysquery.dll;
February 28th, 2010 | Posted in Clam, Norman | 1 Comment
Threat Name: Trojan-Downloader.Java.OpenStream.af, Trojan-Downloader.Java.OpenStream.af was found in C:\Users\XX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4076ba25-6fad8488 on 2/25/2010 12:21:08
It report C:\Windows\System32\drivers\L0phtPkt.sys as the virus file, but it may not the fact.
Spread Method:
Malware Installation
Instant Message(MSN,Gtalk,QQ etc.)
Threat type:Trojan-Downloader.Java
Trojan-Downloader.Java.OpenStream.af first detected:2010-02-27
Virus file known is PE EXE file written in Basic
File Size:438K Bytes.
Behavior:Creat files in Documents and Settings\[Users]\Local Settings\Temp\
Level of Spread:4
Level of Threat:5
Reported Path:D:\Windows\System32\
MD5:e30acQjPawXFx1F0uC46sibHq5IWo4vL
SHA1..:4SD33yrx21YN21nD1KU00q3o8Vqe8U1TNbLJ4202
February 27th, 2010 | Posted in Kaspersky, Pctools | 2 Comments
Threat Name: downloader.win32.agent.dbih, it attempts to download and install other malware onto the affected system. it is a win32 downloader threat.
Spread Method:
Instant Message(MSN,Gtalk,QQ etc.)
Threat type:downloader.win32
downloader.win32.agent.dbih first detected:2010-02-27
Virus file known is PE EXE file written in Java
File Size:607K Bytes.
Behavior:Copies files to the Windows system directory
Level of Spread:6
Level of Threat:2
Reported Path:Unkonow path
MD5:B5M007CXFbqu1o830v4Ihc182JR7ePGs
SHA1..:JVu32Ddfn36vL52S38Vpp1KGNraD4xo6rE7QQL44
February 27th, 2010 | Posted in Kaspersky, VBA32 | No Comments
7__68.exe; 703.exe; 715.exe; 725.exe; 729.exe; 730.exe; 731l1.exe; 732.exe; pdhqmmkhmi.dll; _voidlbudijoghu.sys; mylife.exe; cabxd.dll; zmd0l.dll; tesourar.exe; dan1252609492.exe; uh8zqxi_gkdaovbt.dll; gsuzwej.dll; _qbotviycv.exe; fibewoze.dll; guegae.exe; membus.sys; pc6202.exe; wgh.exe; wpv881254042811.exe; wpv311253178221.exe; eh42392.dll; ow35615.dll; ih1.exe; ftr.exe; 4dw4r3tsbwkolgop.sys; 4dw4r3oxqvlhpnwt.sys; cgx.exe; qsjqaij.exe; xp-85858c9a.exe; uwkbsftav.exe; hkehsftav.exe; xp-53092866.exe; 1dcm34_x8_aj5_.dll; pcz_gn8a0coff-.dll; b-o8-yg9.dll; 2d-qw_lfc59i_.dll; 74338934.exe; 20126920.exe; 621ab4.exe; vetarisa.dll; 9d4c1e.exe; fcdlkjzq.exe; cidrive32.exe; dpcaum.exe;
February 27th, 2010 | Posted in F-Secure, Norman | No Comments
Threat Name: Backdoor.Tidserv!inf
Spread Method:
File Creation
External Storage Device (USB Device etc.)
External Storage Device (USB Device etc.)
Threat type:Backdoor
Backdoor.Tidserv!inf first detected:2010-02-26
Virus file known is PE EXE file written in Basic
File Size:417K Bytes.
Behavior:places the file shown below in the root of the disk::\autorun.inf
Level of Spread:6
Level of Threat:4
Reported Path:D:\Winnt\
MD5:BaNMI5k6OEHqCLxP3Bu75pLs71iR16Fw
SHA1..:j3VupQ6AwfJ8dt2WKj1DQ8t0EM5aL0h16JedxyBc
February 26th, 2010 | Posted in DrWeb, TrendMicro | No Comments
hazikubu.dll sample submitted on 2010-02-26 and identified as a threat.
Alias:
Threat File:hazikubu.dll
Submit time:2010-02-26
Excute time:8 min 42 sec
Level of Spread:3
Level of Threat:6
type:Rootkit.Win32.Agent
Filesize:68K Bytes
Files type
hazikubu.dll is a A dynamic-link library,which acts as a shared library of functions.
MD5:pdcOOJ5m7QFJsEnaQKC876rMu82kS17H
February 26th, 2010 | Posted in NOD32 | No Comments
Threat Name: Trojan.Win32.Agent.dile
Spread Method:
USB Disk
Download From website
Registry Value Creation
Threat type:Trojan.Win32
Trojan.Win32.Agent.dile first detected:2010-02-25
Virus file known is Unkown type
File Size:591K Bytes.
Behavior:Attempted Connection to External Sites
Level of Spread:2
Level of Threat:6
Reported Path:Trojan.Win32.Agent.dile c:\Documents and Settings\ALEJANDRA\AppData\Local\Temp\build6_318[1].exe
2/25/2010 12:45:05 AM Cannot be backed up: Trojan.Win32.Agent.dile c:\Documents and Settings\ALEJANDRA\AppData\Local\Temp\build6_318[1].exe
MD5:i2ttoV6YvKoxjsfvPh0BV7r0D45X30M1
SHA1..:5Oc08wAh1lp2kb4eq5KjxE0IlTWgRInL8q3311i3
February 25th, 2010 | Posted in Kaspersky | No Comments
Threat Name: Trojan.JS.PrygSkok.a
Spread Method:
USB Disk
Internet or website browser
Threat type:Trojan.JS
Trojan.JS.PrygSkok.a first detected:2010-02-25
Virus file known is dll file written in Basic script
Commonly reported viruse files as the type of *.jpg, *.gif or *.ico,it’s a javascript trojan,
actully it is not the true *.jpg file,it’s the java script.
File Size:479K Bytes and more.
Behavior:Unknow behavior
Level of Spread:3
Level of Threat:4
Reported Path:Unkonow [...]
February 25th, 2010 | Posted in Kaspersky, Sophos | No Comments
