Virus:BAT/Winroot.A
- Listed as Severe as the malware infects the BAT files. No other information has been released on this.
W32Colowneda:
- A worm is a type of computer virus that generally spreads without user action and that distributes
complete copies (possibly modified) of itself across networks (such as the Internet). Generally known
as "Blaster," this new worm exploits the vulnerability that was addressed by Microsoft Security Bulletin
MS03-026 (823980) to spread itself over networks by using open Remote Procedure Call (RPC) ports
on computers that are running.
W32.Widoom:
- This worm uses removable drives to grow rapidly, it also opens a back door on the affected machine
by connecting to the specific website. This worm will replicate itself, it will change the registry in order
to boot whenever you start your computer. W32.Widoom connects to an IRC server and awaits for
commands that permit it to fulfill harmful activities that involve downloading and executing remote files.
W3i.IQ5.fraud:
- W3i.IQ5.fraud is supposed to be the legit 7zip or other freeware installer. Instead it is a netinstaller
which tries to fool the user via unusual graphical user interface to install adware. W3i is also trying to
make it look like 7zip and other free software is their own product which is practically theft.
- WebTrendsLive is a tracking cookie. These cookies monitor your internet habits and gathers personal
information about you as you surf the net.
WildTangent:
- Wild Tangent is a video game software company specializing in online games. It has even made a
partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section.
The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet.
Although its not technically considered spyware it does have built in components to update itself and
gather information about the computer system including: Operating System Version, CPU Type and
Speed, Memory Amount, Video Card type and Driver Version, Sound Card type and Driver Version,
DirectX Version, Location that the Web Driver was installed from. Although the program does not
pose a great threat, any sending of collected information can be compromised and additional
information collected and sent as well.
Win32.BHO.ACW:
- The trojan installs a .dll file into the system directory which is registered as a browser helper object.
It creates several registry entries. Any Trojan should be completely removed and all registry holes
repaired as soon as possible.
Win32.ClickPotatoLite:
- Adware:Win32/ClickPotato is a program that displays pop-up and notification-style advertisements
based on the user's browsing habits.
Win32.Delf.UV:
- This threat is classified as a trojan downloader. A downloader trojan accesses remote websites in
an attempt to download and install malicious or potentially unwanted software. Some downloader
trojans target specific files on remote websites while others may target a specific URL that points to
a website containing exploit code that may allow the site to automatically download and execute
software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus
engine. Technical details are not currently available
Win32.KillAV.KQ:
- is a Trojan. This is a security risk and you should remove this threat immediately. Otherwise it may cause
data loss or other misbehavior including performance degradation.
Win32.Netsky.AB:
- Win32/Netsky.AB@mm is a mass-mailing worm that targets computers running certain versions of
Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer.
The worm is activated when a user opens an e-mail attachment that contains the worm.
Win32.OnLineGames:
- Win32/OnLineGames is a family of trojans that may inject malware DLL files into various processes,
register malware Browser Helper Objects (BHO), collect user keystrokes, and other activities to steal
login information related to popular online games.
Win32.Ramnit.C:
- Win32.Ramnit.C is a very malicious item that designed to allow remote access to your computer to
largely occupy precious system resource, trace your Internet habits to record/steal your personal
information. Generic detection for a DLL component dropped by other malware. It is used to load
another malware.
Win32/WISHO:
- This adware contains malicious code that allows remote access to your computer. Hackers can occupy
your system to perform malicious work using your IP Address, they can trace your Internet habits and
steal your personal information.
Win32.Worm.Zimuse:
- The Virus known as Win32.Worm.Zimuse which is spreading in two variants Win32.Worm.Zimuse.A
and Win32.Worm.Zimuse.B. This virus has the ability to destroy Windows System files as well as
personal document files. The Virus originated in Slovakia as a prank but has spread across computers
in the United States, Thailand, and Italy. Both variants of the virus work by creating copies of itself
before installing a rootkit. The worm then alters system registry strings. Once infestation is complete
no one can save the data on your hard drive and sometimes not even the hard drive itself. If the infection
is eradicated early the hard drive may be salvageable as long as all the worms "eggs" are
wiped out. If the worm was able to overwrite the Master Boot Record, you will receive a fatal error: No
bootable medium found. At this point you may need a new hard drive. Be sure to disconnect your unit
from your network and the internet to keep the worm quarantined to your computer. Any flash drives or
portable drive may be infected as well. If you are not computer savvy, contact your local computer
technician and explain the virus/worm you have.
Zedo:
- A privately-held company founded in 1999. The company works with publishers who sell space on their
web pages to online advertisers. Zedo builds software technology that allows publishers to manage all
the ads on their web pages. Zedo uses an HTTP cookie to track users' browsing history resulting in
targeted pop-up ads. The cookie is often flagged by spyware and adware removal programs.
Toolbar.Facemood:
- This PUP installs a toolbar in Internet Explorer and in Mozilla Firefox. It changes the start page of both
browsers and changes the default searchbar in the browser. Additionally it displays advertisement
and offers the possibility to add fun icons to mails. If the user installs Toolbar.Facemood he has to
agree that CPU und bandwidth can be used by Toolbar.Facemood and personal information like used
browsers, language, operating system and IP-Address get stored.
Trojan.Agent:
- Trojan Agent is a malicious program, or malware, that typically uses fake threats to entice and mislead
you to download or purchase a rogue anti-spyware program. Trojans are different than other malware,
such as worms or viruses, because they cannot multiply themselves.
Trojan:Agent.Gen:
- Agent.Gen is a generic detection for variants of the Agent Trojan family. Agent.Gen is a backdoor
Trojan, infects the user when visiting malicious web sites. It is also bundled with ad ware and spyware
programs. Few variants of agent use vulnerability in Internet explorer and installs automatically without
user's knowledge. It registers the DLL files as Browser Helping Objects (BHO) for Internet explorer
and tries to download more malicious programs including startpage Trojan in the infected system. It
adds the EXE type files in the registry run section to load automatically on the next startup. Agent
contains backdoor ability. Using this, hackers can steal data from the infected systems. This threat
is also known as Backdoor.Agent.gen, TROJ_AGENT.AC, Troj/Agent.BX, Agent.E, Backdoor-CFB.
TrojanAgent_r.BGP:
- The TrojanAgent_r.BGP (aka) TrojanHorseAgent_r.BGP will shut down your firewall and security
system upon activating its malicious code. This horse agent has been circulating the globe and has
damaged thousands of computers during its life. The initial symptom may be your internet browser
redirecting your searches to irrelevant sites, but this method is also used by numerous other viruses
and malware programs as well. The program can generate ads on the affected computer in order to
scam the user into making a purchase. This trojan is more than capable of stealing sensitive
information such as passwords, address books, user names and other information.
Trojan.Alexa:
- This is a commercial toolbar that latches onto your internet browser and collects information about
your browsing habits. It has been reported that the toolbar does not always uninstall using the
conventional Windows Uninstaller. The program is listed as Trojan Virus / Spyware.
Trojan.Banker:
- Trojan.Banker belongs to the Win32/Banker and Spyware.Banker, and is a family of data-stealing
Trojans. When installed on a computer, it can capture banking credentials such as account numbers
and passwords from the user. The Trojan can then send the captured information to the attacker by
various means. Many variants of this malicious program may appear as greeting card software. Most
of these Banker variants target customers of Brazilian banks.
Trojan.BHO:
- A BHO trojan refers to a trojan that disguises itself as a legitimate Browser Help Object. For example:
Adware.MediaBack, SmartEnhancer, Internet Speed Monitor, HyperBar, and WinTools are BHO
trojans. BHO trojans generally change your Internet settings. For example, your Internet homepage
may change or your Internet searches may be redirected to random websites. In addition, BHO
trojans generally slow your computer and may generate pop-up advertisements.
Trojan.Blugger!gen1:
- This Trojan virus will download additional Trojan viruses from a remote server. Anti-virus program will
tend to miss this malicious program during a “Quick Scan”, however, most anti-virus programs will
catch it during a full scan. This particular virus will run in the background and disguise itself as a
system process. A symptom of infection is a sudden slowing of the computer system and frequent
freeze ups. As many things may cause these symptoms, it is advisable to perform a full virus scan
and malware scan. This virus needs to be removed immediately or it may cause permanent damage
to the infected computer.
TrojanCrypt.AQLW:
- Crypt.AQLW (aka) TrojanHorseCrypt.AQLW exploits vulnerabilities in Windows programs. The code
package delivered to the unit is aimed at opening channels to the outside in order to download
additional malicious software packages, while seeking confirmation from its creator to see if any
information is needed from the newly infected machine. This virus can make using the computer almost
impossible and can easily remove your personal data from the unit by removing it and sending it to its
creator, or simply overwriting the information to gain additional disk space for future use. This virus
should be removed immediately. Start by removing your ethernet cable from the unit or shutting down
your wireless router to stop any additional corruption and to stop your data from being stolen.
Trojan.DNSchanger:
- This Trojan cripples computer speed. It will take over your internet browser and redirect searches to
websites of its choice. It may block out websites that it finds as a danger to itself, so it will not allow
you to sites that advertise anti-virus software, or repair sites unless it is a site that contains Rogue
programs. This program changes key elements in the registry, so if you plan on trying to fix this
yourself, be sure to back up the system, create a restore point and backup the registry files first.
TrojanDropper.MSIL/AINSLOT.A:
- This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains
malicious or potentially unwanted software which it ‘drops’ and installs on the affected system.
Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected
systems. This backdoor may then be used by remote attackers to upload and install further malicious
or potentially unwanted software on the system.
TrojanDropper.PE4:
- This trojan needs to be removed immediately or it may cause a total computer crash. Although it is
listed as a Trojan Virus, it is comprised of: Adware, Spyware, Randomware, Malware and is in the
Rootkit family of damaging viruses. The most common warning is the sudden change of your desktop
and and various fake security messages. The program has been known to promote adult sex-sites and
other websites of questionable material. This virus will spread throughout your system and worm itself
into System Restore Points. Anti-Virus programs that attempt to extract the virus may inadvertently
damage the system beyond normal user repair. This virus requires manual extraction from a computer
specialist. If you know you have this virus you should backup your personal documents, photos and
other information on a flash drive that contains no other backups as the virus may "seed" the flash
drive. After the virus is removed you can perform a scan and clean on the flash drive.
TrojanDownloader.Generic12.BPNF:
- This Trojan can be contracted by visiting an unsafe website, viewing an unsafe picture or video and
can be coded into shared music files. The code of this virus is written in a way to bypass the initial
security scan used by your anti-virus program. Once the package is delivered it explodes. The virus
acts swiftly. Shutting down your anti-virus program, attacking windows updating capabilities and opens
doorways in the security system to allow other hackers in. If you discover this virus in your system you
need to immediately disconnect from the Internet, as this virus is used by cyber criminals in order to
steal your identity, passwords, banking information and other personal information. Additionally, it may
permanently erase your data from the computer. This virus can also seed itself to make replicas in the
event the main code is removed.
TrojanDownloader:Java/Rexec.B
- TrojanDownloader:Java/Rexec.B is a trojan Java applet that could allow the downloading and execution
of arbitrary files. TrojanDownloader:Java/Rexec.B may be invoked by a malicious website as a
Java.JAR archive. The applet is invoked from an HTML page by referencing the "a0ee3d65141.class"
stored in the .JAR file. In the wild, we have observed the .JAR file containing malicious files that are all
detected as TrojanDownloader:Java/Rexec.B
TrojanDownloader:JS/BlacoleRef.AM:
- This threat is classified as a trojan downloader. A downloader trojan accesses remote websites in
an attempt to download and install malicious or potentially unwanted software. Some downloader
trojans target specific files on remote websites while others may target a specific URL that points to
a website containing exploit code that may allow the site to automatically download and execute
software or malicious code on vulnerable systems.
TrojanDownloader:Win32/Dofoil.D:
- This is a Windows trojan horse that downloads files from predefined remote webpages and ftp
servers to the infected computer.TrojanDownloader:Win32/Dofoil.D secretly installs other spywares
without user’s knowledge or authorization. TrojanDownloader:Win32/Dofoil.D spreads to other
computers via spam email attachment that allures other users to open and execute its files.
TrojanDownloader:Win32/Dofoil.D is variable and changes its files on different systems. It’s better to
use manual solution to detect and remove all the stuff of TrojanDownloader:Win32/Dofoil.D from the
infected computer before it downloads more trojan horse to the compromised system.
TrojanDownloader:Win32/Waledac.C:
- TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files. There
are no obvious symptoms that indicate the presence of this malware on an affected computer. The
trojan has been seen to download variants of the following families of malware: Win32/Waledac - a
family of trojans that is generally used to send spam. They also has the ability to download and execute
arbitrary files, harvest email addresses from the local machine, perform denial of service attacks, proxy
network traffic and sniff passwords. Win32/Winwebsec - a family of programs that claim to scan for
malware and display fake warnings of “malicious programs and viruses”. They then inform the user that
they need to pay money to register the software in order to remove these non-existent threats.
Win32/Winwebsec has been distributed with several different names. The user interface varies to
reflect each variant’s individual branding.
Trojan.ExeShell.Gen:
- This malicious software is an aggressive program that gives a hacker access to your computer. Once
installed and activated, the hacker can obtain full control of your computer, its files and its operation.
One of the main features of this Trojan Horse is its ability to deny the User (you) access to executable
files and programs. This mean you cannot double-click on a program and have it open. Instead you
find that the computer cannot find the associated program file. This Trojan will also delete and alter
registry codes to make it nearly impossible for you to remove the infection. Thus, your computer will
run slow or become unresponsive to your wishes. Once this Virus is embedded in your system all of
your privacy items, such as passwords and account information may be stolen. It is highly advisable
that you disconnect the unit from the Internet and bring the unit to your local repair shop. It IS possible
to repair the unit without reinstalling the operating system, but not in all cases.
Trojan.Exploit.Drop:
- An exploit virus, exploits weaknesses and vulnerabilities in computer systems to gain unauthorized
access to applications and files, and to generally wreak havoc. If you've been noticing strange and
sudden pop-ups, programs crashing, system rebooting without prompting or other problematic
behavior, it is conceivable that an exploit virus is the cause. Although the term "exploit virus" refers
to a broad class of viruses, known and identified exploit viruses.
Trojan.FakeHDD:
- This is a Trojan/Rogue program that was designed in order to scare the user into purchasing the
product. When the program is first executed it will pop-up a window which pretends to run a diagnostic
scan on your hard drive. This will display numerous errors for you to review and then ask if you wish to
repair the problems. Upon its false repair it will inform you that you have major errors remaining but
need to pay for the full version in order to complete the repairs. This whole process is a scam, that is
the Rogue Program part. On the Trojan side, the program is placing malicious code in your system in
order to retrieve your personal information.
Trojan.FakeAlert:
- Trojan.FakeAlert is a Trojan that may install rogue anti-spyware onto your computer. I can manipulate
the computer's registry and install fake spyware files to create false positives when your computer is
scanned by rogue anti-spyware programs. The fake spyware is downloaded in hopes that you will be
tricked into buying the rogue anti-spyware program. This Trojan virus can leave holes open in your
security, leaving you open to attack.
Trojan:Java/Mesdeh:
- Trojan:Java/Mesdeh is the detection for a data file that is used by malware to exploit a vulnerability in
the Java Runtime Environment (JRE) discussed in CVE-2010-0094. Successful exploitation of the
affected computer allows attackers to bypass Java sandbox restrictions and gain read and write access
to the local file system. In the wild, one example of the exploit code was distributed within a Java archive
file (.JAR) named "serial.jar" with the exploit code named "payload.ser".
Trojan:JS/Iframeinject.M
- Trojan:JS/Iframeinject.M generates a random IFrame and injects it into the HTML webpage. The Iframe
contains instructions to redirect the browser to a certain webpage containing malware. The destination
webpage is crafted using daily trends from the online site Twitter.com. As a result, the destination
webpage content varies however it commonly hosts malware detected as Exploit:JS/Blacole.G.
Trojan.QHost.BG:
- Trojan.QHost.BG is a malicious application that can infect your computer and make it almost unusable.
It is important to get rid of this virus as soon as possible to avoid loss of data and corruption of files on
the computer.
Trojan:Smitfraud-C.generic:
- This is a highly dangerous Trojan that compromises computers with security holes. The program is
designed to block various anti-virus programs, and can bypass the systems firewall and anti-virus
because the code rapidly mutates until it executes. Once it blossoms the virus sends a kill code to
disable the anti-virus and firewall programs. Once the virus maintains a firm hold on the system it may
disable features like System Restore and Windows Installer Services. If the anti-virus does find this
Trojan, the removal process may cripple the system and render the unit unusable. Manual removal is
recommended, even in a manual removal the virus may fight back and destroy the operating system.
If you are infected with this virus, disconnect from the internet and call a service technician.
Trojan:Spyeyes:
- is a trojan that captures keystrokes and steals login credentials through a method known as "form
grabbing". Trojan:Win32/Spyeye sends captured data to a remote attacker, may download updates
and has a rootkit component to hide its malicious activity. This is a highly sophisticated program and
has been circulating the globe since its release in Russia in 2009. The code written for this virus
enables it to reside in your computer virtually undetected and causing no symptoms. Unless you run
a full scan on good anti-virus program you may never know the virus is present. Meanwhile, Spyeyes
is stealing data and giving a remote user the ability to control your computer. The code is written to
attach itself to web-browsers: Internet Explorer, Firefox, Chrome, Opera and others. Spyeyes captures
keystrokes and information that is entered in any on-line shopping form, credit form, loan application
form and any other type of form you fill out using a web browser.
Trojan.Vundo:
- The Vundo Trojan (commonly known as Vundo, Virtumonde or Virtumondo, and sometimes referred
to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware
programs, and sporadically other misbehavior including performance degradation and denial of service
with some websites including Google and Facebook. A Vundo infection is typically caused either by
opening an e-mail attachment carrying the trojan, or through a variety of browser exploits, including
vulnerabilities in popular browser plug-ins, such as Java. Many of the popups advertise fraudulent
programs such as AntiSpywareMaster, WinFixer, AntiVirus 2009.
Trojan.Win32/Agent:
- Trojan Win32 Agent, also known as TrojanSpy.Win32.Agent, is a keylogger program. Keyloggers
are malicious programs designed to steal your personal information. Trojan Win32 Agent affects the
Windows Operating System.
Trojan:Win32/Alureon.FP:
- Win32/Alureon is a family of data-stealing trojans. These trojans allow an attacker to intercept
incoming and outgoing Internet traffic in order to gather confidential information such as user
names, passwords, and credit card data. It may also allow an attacker to transmit malicious data
to the infected computer. The trojan may modify DNS settings on the host computer to enable the
attacker to perform these tasks. Therefore it may be necessary to reconfigure DNS settings after
the trojan is removed from the computer. Win32/Alureon may also infect and corrupt certain
driver files, causing them to become unusable. The Alureon.FP signature series is known for
installing additional malware programs, stealing credit card information and passwords. The Trojan
is capable of taking over the infected computer and creating maximum damage to the system. If
you suspect you have this infection, immediately disconnect the unit from the internet and/or network.
Perform this function by unplugging the internet cable and/or turning off the wireless signal. Even
advanced users may find this trojan extremely hard to eradicate
Trojan:Win32/Cleaman.B:
- Trojan:Win32/Cleaman.B is a malicious program that is unable to spread of its own accord. It may
perform a number of actions of an attacker's choice on an affected computer.
Trojan:Win32/Cleaman.B modifies the Windows Hosts file. The local Hosts file overrides the DNS
resolution of a website URL to a particular IP address. Malicious software may make modifications to
the Hosts file in order to redirect specified URLs to different IP addresses. Malware often modifies an
affected computer's Hosts file in order to stop users from accessing websites associated with
particular security-related applications.
Trojan.Win32.FakeAlert.CN:
- This trojan infection can cause massive damage to the computer system. It will download other
severe malware programs. The program will compromise the units security system and leave
backdoors open in order to allow fellow hackers access to your system and its files. Although some
companies will advertise on-line removal, this trojan and many others should be removed by your
local technician for a more detailed removal.
Trojan:Win32/FakeSysdef:
- Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system
memory, hard drives and over-all system performance. They scan the system, show fake hardware
problems, and offer a solution to defrag the hard drives and optimize the system performance. They
then inform the user that they need to pay money to download the fix module and to register the
software in order to repair these non-existent hardware problems. One of the first variants was
distributed as program named "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System
Defragmenter".
Trojan.Win32.Generic!BT:
- This trojan enters the system via a Rogue Program download. The infection may cause system pop-
us that use scare tactics in order to trick the user into purchasing a fake anti-malware or anti-virus
program. Additionally, the program may Hijack the internet browser and re-direct the user to its
website or other websites that may contain malicious code. System crashing can be expected and
longer than normal startups.
Trojan:Win32/Sirefef:
- Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an
affected computer. Due to the nature of this threat, the payload may vary greatly from one infection
to another, although common behavior includes: •Downloading and executing of arbitrary files
•Contacting remote hosts •Disabling of security features
- Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to
hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes
to your computer that will NOT be restored - some system files may be irrevocably corrupted and
essential security services may be disabled.
- Due to the severe consequences associated with this threat, you may need to reinstall your Windows
operating system and other computer programs, and restore your files and data from backup if your
computer is infected with any of the following Sirefef variants: •Trojan:Win32/Sirefef.AA
•Trojan:Win32/Sirefef.AC •Trojan:Win32/Sirefef.AH
- Attempting to use an anti-virus program to remove this trojan my damage your system, possibly
beyond repair.
- Trojan:Win32/Sirefef.AC is a component of Win32/Sirefef - a multi-component family of malware that
moderates an affected user's Internet experience by modifying search results, and generates pay-per
click advertising revenue for its controllers. The family consists of multiple parts that perform different
functions, such as downloading updates and additional components, hiding existing components, or
performing the payload. Trojan:Win32/Sirefef.AC is a service control program (a service that starts
and controls services) used by Win32/Sirefef, responsible for starting or stopping malicious service
components.
- Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to
hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes
to your computer that will NOT be restored - some system files may be irrevocably corrupted and
essential security services may be disabled. Due to the severe consequences associated with this
threat, you may need to reinstall your Windows operating system and other computer programs,
and restore your files and data from backup if your computer is infected with any of the following
Sirefef variants: Trojan:Win32/Sirefef.AA, Trojan:Win32/Sirefef.AC, Trojan:Win32/Sirefef.AH.
Trojan:Win32/Sirefef.AG:
- At this time there is no information on this virus.
Trojan:Win32/Sirefef.AH:
- Trojan:Win32/Sirefef.AH is a component of Win32/Sirefef - a multi-component family of malware
that moderates an affected user's Internet experience by modifying search results, and generates
pay-per-click advertising revenue for its controllers. The family consists of multiple parts that
perform different functions, such as downloading updates and additional components, hiding
existing components, or performing the payload. There are no common symptoms associated with
this threat. Alert notifications from installed anti-virus software may be the only symptoms.
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to
hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting
changes to your computer that will NOT be restored - some system files may be irrevocably
corrupted and anti-virus services may be disabled. As a consequence of being infected with this
threat, you may need to reinstall your Windows operating system and other computer programs,
and restore your files and data from backup.
Trojan:Win32/Sirefef.AL:
- Trojan:Win32/Sirefef.AL is a component of Win32/Sirefef - a multi-component family of malware
that moderates your Internet experience by changing search results, and generating pay-per-click
advertising revenue for its controllers. The family consists of multiple parts that perform different
functions, such as downloading updates and additional components, hiding existing components,
or performing a payload.
Trojan:Win32/Tracur.AK:
- Win32/Tracur is a detection for the trojan family Tracur that downloads and executes arbitrary files,
redirects web search queries to a malicious URL and may also install other malware. Win32/Tracur
may drop several modified copies of itself in the system folder. In the wild, the trojan used the
following file names: hal32.dll, olecli3232.dll, olecli3232.exe, authz32.dll. In rebooting, Win32/Tracur
makes changes to the registry to ensure that the malware DLL is executed each time a specified
parent-process is launched. Win32/Tracur may create events and mutex to ensure that only one
copy of the threat runs on infected the computer at any one time. Win32/Tracur monitors the user's
web browsing and may redirect web searched to a malicious URL when one of the following search
engines are used: •Google •Yahoo •AOL •Ask •Bing
- In addition to the search engines listed above, some variants may also redirect searchers for the
following: •Snap •Hotbot •Gigablast •Lycos •Altavista •Alltheweb •Netscape •Youtube
- Allows backdoor access and control. Win32/Tracur attempts to connect to a server via a random
TCP port and wait for commands. Using this backdoor, an attacker can perform a number of actions
on an affected computer. For example, an attacker may be able to perform the following actions:
•Download and execute arbitrary files •Control the web browser redirection parameters.
Trojan:Win64/Sirefef.B:
- This is a Trojan Horse Spyware virus, its main purpose is to download malicious malware files from
the internet. Once accomplished the program will delete or alter certain system files in order to
disable your ability to remove the virus. At this stage the virus will begin to collect your email account
information and address book information in order to use your email account to send emails to your
friends and family. Encased in these emails are seeds of itself that will duplicate itself in the computers
of your friends and family. In some cases reported people also experienced annoying pop-up ads
advertising Adult websites and other questionable sites. If you suspect you have this virus, immediately
disconnect your computer from the internet and contact a repair specialist. It IS possible to remove the
virus without re-installing your operating system, but not in all cases.
Trojan:Win64/Sirefef.J:
- There are no common symptoms associated with this threat. Alert notifications from installed
antivirus software may be the only symptoms. Trojan:Win64/Sirefef.J is a trojan component of the
Win32/Sirefef that contains a free mining client for Windows. The mining client is detected as
Program:Win32/CoinMiner and may be used to generate new digital coins in the BitCoin
decentralized economy by performing highly complex computations. To generate these coins,
Program:Win32/CoinMiner uses the computer's CPU resources intensively.
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| Malicious Software Programs |
 |  |  |  |
 | |  | |  | |  |
| | | |
