Malware Descriptions

Archived Posts from this Category

Safety Tips& Best Software& Adware and Spyware Software& spyware remove& trojan& Malware Descriptions04 Jul 2007 01:29 pm

Trojan.Win32.Agent.aev

Detection added      Feb 01 2007 19:34 GMT
Update released       Feb 01 2007 21:45 GMT
Description added    May 31 2007
Behavior                 Trojan

Technical details:
This Trojan is a Windows PE EXE file. The file is 61 440 bytes in size.
Payload:
During installation, the Trojan creates a file and saves its configuration to this file:
%WinDir%\cchost.ini
This Trojan is designed to send spam from a victim machine. When launched, it attempts to download, in encrypted form, the spam that will be sent:
http://www.smalltool.net/remotewatch/send_****.php
It also downloads a list of email addresses from the following address:
http://www.smalltool.net/remotewatch/user****.php
The Trojan will then send the spam it downloaded to the addresses on the list.
Removal instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Use Task Manager to terminate the Trojan process.
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following file:
%WinDir%\cchost.ini
Update your antivirus databases and perform a full scan of the computer (download a new version of Panda Internet Security 2007).

No Comments Yet
Safety Tips& Product News& Adware and Spyware Software& spyware remove& trojan& antivirus& Malware Descriptions19 Jun 2007 02:08 pm

Trojan-PSW.Win32.Kuang.d

Aliases:
Trojan-PSW.Win32.Kuang.d (Kaspersky Lab) is also known as: Trojan.PSW.Kuang.d (Kaspersky Lab), PWS-BP (McAfee),   Trojan Horse (Symantec),   Trojan.Kuang (Doctor Web),   Troj/Kuang-G (Sophos),   Backdoor:Win32/Kuang.D (RAV),   TROJ_PSW_RING0.B (Trend Micro),   TR/KuanggA.Srv (H+BEDV),   W32/Trojan.Kuang.A (FRISK),   Win32:Kuang (ALWIL),   W95/Weird (Grisoft),   Trojan.Kuang.A (SOFTWIN),   Trojan.DUNpws.Bp (ClamAV),   Trj/PSW.Kuang.D (Panda),   PSW.Kuang.D (Eset)

Description added    Mar 30 2007
Behavior                 PSW Trojan
Technical details:
This Trojan is designed to steal confidential data. It is a Windows PE EXE file. The file is 7,680 bytes in size. It is not packed in any way. It is written in C++.
Installation:
When launched, the Trojan copies itself to the Windows system directory:
%System%/ .exe
It then creates a file in the same place called .cfg.
The Trojan also adds the following parameter to the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
” .task” = “%System%/ .exe”
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
Payload:
This Trojan tracks the user’s actions on the victim machine.
It can:
log keystrokes;
record windows opened;
provides the option to indicate a specific window within which activity will be tracked.
The Trojan opens a random TCP port. It will attempt to connect to a mail server and send the harvested data.
Removal instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Use Task Manager to terminate the Trojan process.
Delete the following files:
%System%/ .exe
%System%/ .cfg
Delete the following registry value:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
” .task”
Update your antivirus databases and perform a full scan of the computer (download a new version of Panda Internet Security 2007).

No Comments Yet
Safety Tips& Best Software& Product News& Adware and Spyware Software& worm& spyware remove& trojan& Malware Descriptions12 Jun 2007 02:32 pm

Trojan-Clicker.Win32.Bitdefener

Aliases:
Trojan-Clicker.Win32.Bitdefener (Kaspersky Lab) is also known as: TrojanClicker.Win32.Bitdefener (Kaspersky Lab), Crackerbox (McAfee),   Trojan Horse (Symantec),   Trojan.CrackBox.109 (Doctor Web),   Troj/Crackerb (Sophos),   Trojan:Win32/Fender (RAV),   TROJ_FENDER.A (Trend Micro),   TR/Bitdefener (H+BEDV),   Win32:Trojan-gen. (ALWIL),   Trojan Horse (Panda),   Win32/TrojanClicker.Bitdefener (Eset)

Description added    Feb 16 2007
Behavior                 TrojanClicker

Technical details:
This Trojan opens a variety of links without the knowledge or consent of the user. It is a Windows PE EXE file. It is 40,960 bytes in size. It is written in Visual Basic.

Payload:
Once launched, the Trojan will periodically open the following links without the user’s knowledge or consent:

http://www.mp3.com/****seuq
http://artists.mp3s.com/artist_stats/239/****seuq.html
http://artists.mp3s.com/artist_calendar/239/23****.html
http://play.mp3.com/cgi-bin/play/play.cgi/****

Removal instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1.Use Task Manager to terminate the Trojan process:
2.Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3.Update your antivirus databases and perform a full scan of the computer (download a new version of Panda Internet Security 2007). 
 

No Comments Yet

Next Page »