Archive for November, 2006
Thursday, November 30th, 2006
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 2189 bytes in size. The file is modified in such a way as to block access to the sites listed below (the majory of which are antivirus sites and...
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This non-malicious advertizing program installs Mirar Toolbar in Internet Explorer.
It is a Windows PE EXE file. It is written in Microsoft Visual C++. It is not packed in any way. The file is 376,832 bytes in size. The size of the file which is installed may vary.
Installation
Once launched,...
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This Trojan program makes it possible for a remote malicious user to use the victim machine as a proxy mail server. It is a Windows PE EXE file.
It is 8,768 bytes in size, and packed using FSG. The unpacked file is approximately 53KB in size.
Installation
This Trojan was mass mailed as an...
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This Trojan program is a HTML file (an HTA file) It is 1476 bytes in size.
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. It is written in Visual C++. The file is 14,336 bytes in size.
Installation
Once launched, the Trojan copies itself to the Windows system directory as "systemks.exe":
%System%\systemks.exe
It then registers itself in...
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 964 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added...
Posted in Virus Threats | Comments Off
Thursday, November 30th, 2006
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. The file is 36,864 bytes in size. It is written in C++.
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This Trojan program will change the Microsoft Internet Explorer home page without the knowledge or consent of the user.
The program itself is a Windows PE EXE file. The file is 20,480 bytes in size. It is written in C++.
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This Trojan installs another Trojan program to the victim machine. It is a Windows PE EXE file. The file is 1,067,060 bytes in size.
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This Trojan program will change the Microsoft Internet Explorer and Netscape Navigator home page without the knowledge or consent of the user.
The program itself is a Windows PE EXE file. The Trojan is written in Visual C++ and is not packed in any way. The file is 204,800 bytes in size.
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 1861 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added...
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
Remote Adminstrator will provide full access to the interface of a remote machine in real time mode. (It is similar to pcAnywhere from Symantec). The program is produced by AT&T Laboratories Cambridge.
The program can be used for remote adminstration and observing remote machines.
Although this...
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This Trojan program makes it possible for a remote malicious user to manage the victim machine. It is a Windows PE EXE file. It is written in Visual C++. It is not packed in any way. The file is 924 bytes in size.
Posted in Virus Threats | Comments Off
Wednesday, November 29th, 2006
This is a non memory resident file virus. It infects Windows PE EXE files. It is written in Assembler.
Posted in Virus Threats | Comments Off
Tuesday, November 28th, 2006
This network worm infects computers running under Windows. The worm itself is a PE EXE file 352 768 bytes in size.
The worm spreads via local network resources and encrypts user data on the victim machine.
Posted in Virus Threats | Comments Off