| Recent Posts |
|
| Free Scanners |
|
|
| How to Prevent Spyware |
| Spyware and other unwanted software can invade your privacy, bombard you with
pop-up windows, slow down your computer, and even make your computer crash. Here
are several ways you can help protect your computer against spyware and other
unwanted software.
more >> |
| Microsoft Security Updates |
| As part of Microsoft's routine, monthly security update cycle, today we
released two new security updates.
more >> |
| Protecting Your Computer |
| Here are 4 basic steps to protect your computer against attacks and threats.
more >> |
| Minimizing the Risk
|
| Using Internet communication tools such as chat rooms, e-mail, and instant
messaging can put children at potential risk of encountering online predators.
more>> |
|
|
| Saturday, July 21, 2007 |
New Malware.fi is a heuristic detection which may detect either viruses or trojans. If a sample is detected as New Malware.fi then it is likely that the system is currently infected and has virus or trojan processes running.
Symptoms:
Symptoms of malware vary greatly. Some common symptoms which may be observed in the case of New Malware.fi detections are as follows.
- Unknown processes are running.
- Unknown ports are open.
- Reduced system performance
How to Remove New Malware.fi:
Please use the Typical Threat Removal. Click here
|
posted by hitech-leiza @ Saturday, July 21, 2007  |
|
|
|
|
|
Shavr copies itself to the root of the system drive and to the system folder. An autorun.inf file is also created in the root of the system drive. This causes a double-click on the drive letter in Windows Explorer to launch another instance of the Trojan.
Symptoms:
Forced shutdown occurs between 14:00 and 15:00 local system time. Unable to launch Task Manager or Registry Editor.
How to Remove Shavr:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
W32/Bagle.fm.dldr is a virus downloader detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Symptoms:
Once executed the trojan, it will pretend to be the software crack and pops up the window with title "Select file to crack"
How to Remove W32/Bagle.fm.dldr:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
Downloader-BDC can download additional threat from a remote website.
Symptoms:
The computer will try to contact http://s2.bestmanage.org. Some files with a name generated as explained previously may be found in the temp folder
How to Remove Downloader-BDC:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
GPCoder.h is a detection for a ransomware trojan. It encrypts files on the harddrive, creates a text-file indicating what has happened, and gives email addresses to send the ransom money to.
Symptoms:
File types mentioned previously, overwritten with "garbage" (encrypted data). Presence of aforementioned read_me.txt files.
How to Remove GPCoder.h:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
WinCE/Exploit-SMIL is an exploit for a vulnerability in the MMS client on Windoes CE 4.2 devices.
Symptoms:
The Exploit attempts to display a message box on the display with the following message:
“MMS g0t Y0u 0WnD!!Y0U got 0WND”
How to Remove WinCE/Exploit-SMIL:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
J2ME/Backdoor.client is a client for a trojan named Generic Backdoor. It is capable of running on devices that are MIDP 2.0 and CLDC 1.1compatible. Such devices include many Smartphones.
Symptoms:
J2ME/Backdoor.client does not have a mobile payload. It is instead used to perform actions on the targeted computer.
How to Remove J2ME/Backdoor.client:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
Exploit-IEFF is likely to be delivered when viewing a website hosting the malicious code.
How to Remove Exploit-IEFF:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
PWS-Banker.gen.ac has been spammed via an email which purports to be information on the recent Brazilian airplane crash. The email contains a link which, when clicked, goes to a bank password stealer.
Symptoms:
The Trojan is running in the process list. Mails may be sent using Outlook in some instances, or network traffic on port 25, connecting to a remote SMTP (mail) server to send email data to the malware author. Infected user might be prompted to enter their online banking credentials after running the malware.
How to Remove PWS-Banker.gen.ac:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
|
W32/Mytob.gen@MM self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Symptoms:
The Sdbot functionality in the worm is designed to contact the IRC server named, irc.blackcarder.net , join a specified channel, and wait for further instructions. This bot can accept commands to download and execute other programs. The bot also contains code to spread via the LSASS exploit
How to Remove W32/Mytob.gen@MM:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Saturday, July 21, 2007 |
|
|
|
|
| Friday, July 20, 2007 |
JS/Downloader-AUD spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Symptoms:
Upon execution, the trojan attempts to download files from www.dougansss.com
How to Remove JS/Downloader-AUD:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
W32/Stration.gen.dldr is a downloader that are designed to pull files from a remote website and execute the files that have been downloaded.
Symptoms:
Many of these Downloaders install other malware including viruses as well as other Trojans.
Additionally many of them are used to remotely install Adware packages onto the affected host machine for the purposes of gaining referral revenue from the Adware software vendor.
How to Remove W32/Stration.gen.dldr:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
Downloader-BAI is a trojan that is delivered via a spammed email message. This downloader is designed to download files from websites controlled by the malware author.
Symptoms:
Comes in email with the following subject:
Subject: Love for Granted
Subject: Most Beautiful Girl
Subject: Puppy Love
Subject: Search for One
Subject: Magic of Flowers
Subject: Dinner Coupon
How to Remove Downloader-BAI!M711:
Please use the Typical Threat Removal. Click here
|
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
Exploit-ANIfile.c covers detection of ANI files that attempt to exploit a recent ANI file format handling vulnerability. AVERT has confirmed that the exploit affects at least systems running Microsoft Internet Explorer 6 & 7 on Windows XP SP2.
Symptoms:
This exploit runs silently without showing any obvious symptoms. This exploit is simply a transport mechanism for other malicious code; whatever the attack chooses to include.
How to Remove Exploit-ANIfile.c:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
W32/Fujacks.aa is a copied variant of the W32/Fujacks worm that infects PE and possibly HTML files with malicious hyperlinks of Windows ANI 0-day exploit; and spreads over floppy drive and possibly other removable devices. It will also download additional malware on the infected machine.
Symptoms:
PE files increase in file sizes between 10k to 100k or more. HTML files may be appeneded with the mentioned hyperlinks. Unexpected connection to the mentioned server(s).
How to Remove W32/Fujacks.aa:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
Phish-BuyPhony is an Internet Explorer Browser Helper Object (BHO) maliciously designed to hijack well known websites to steal money by masquerading Apple's iPhone on-line shop. When successful, the victim is brought to a fake site where payment is made to the crooks via Western Union or MoneyGram.
Symptoms:
Loading of phishing website instead of the official vendor website from www.iphone.com.Loading of phishing website instead of the official vendor website from www.iphone.com.
How to Remove Phish-BuyPhony:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
|
W32/Autorun.worm.g is a worm which attempts to spread to removable drives by creating an Autorun.inf file, which will run the worm automatically, if systems which use the removable drive are set to Autorun.
Symptoms:
The infected system becomes drastically changed, with references to Harry Potter. User profiles, as mentioned previously, appearing unexpectedly
How to Remove W32/Autorun.worm.g:
Please use the Typical Threat Removal. Click here |
| posted by hitech-leiza @ Friday, July 20, 2007 |
|
|
|
|
| Free Stuff |
|
| Ads |
|
Sidebar
|
| Archives |
|
|
| Powered by |
 |
|
