W32.Ramnit
W32.Ramnit is a worm that propagates on removable drives infecting executable files it founds. W32.Ramnit will also copy itself on the recycle bin and creates Autorun.Inf file on each drives to run itself when the drive is accessed. More
Virus
Win32/Protector.C
Win32/Protector.C is a virus that was intentionally encrypted to conceal itself from antivirus program and intends to infect a computer without being detected. Win32/Protector.C can block Internet access of the infected computer by modifying configuration of Internet browser. The virus spreads locally by infecting system files and executable files that it can access over the shared network drives. The virus will attempt to connect to a remote computer and further download additional malware. More
Virus.Win32.Hala.a
Virus.Win32.Hala.a is a virus that infects various files by injecting or overwriting it with a malicious code. The virus can also connect to a remote computer and download other malicious programs to victims PC. Virus.Win32.Hala.a fetches additional malware that has a payload of stealing sensitive information, intercept Internet browser traffic and opens a backdoor on compromised system. More
W32/Liger-A
W32/Liger-A will infect Windows DLL file and usually spreads on local and remote shared drives. W32/Liger-A is a virus created for the Windows platform. This detection aims to identify legitimate Windows file that is already contaminated with a virus. More
W32.Daprosy
W32.Daprosy is a worm that will sneak into computers via malicious email attachments. When the attached file is executed, W32.Daprosy will infect network drives, fixed, and USB removable drives. It will send itself onto victims computers email contacts to further propagate the infection. More
Win32:Vitro
Win32:Vitro is a detection for a variants of a polymorphic viruses that has identical characteristics. Win32:Vitro will infect executable files in order to spread itself on computers and network environment.
W32/Conficker!mem
W32/Conficker!mem is a heuristic detection for a memory-related worm that took advantage of the Microsoft Windows Server Service Vulnerability. W32/Conficker!mem may download and execute a more harmful files on to the computer. More
Mal/Qbot-B
Mal/Qbot-B is a virus that may pose threat on computers that will lead to intrusions, disruptions and damage to systems of the infected computer. Mal/Qbot-B is a general detection to identify malicious files with these characteristics to warn computer users and prevent execution.
Alias: Trojan.Win32.Regrun.hse, Packed.Win32.Krap.hm, TR/Crypt.XPACK.Gen, Trojan.Zbot, W32.Qakbot, BKDR_QAKBOT.AF, Trojan-PSW.Win32.Qbot.mk
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
This virus has multiple functionalities once it infects a computer. However, its primary objective is to gather information from the infected system. It targets the following information:
- Cookies that authenticate user’s credentials
- DNS, IP address and hostname of the infected computer
- Operating System version and related information
- Country of origin and Internet browser information
- Keystrokes generated from the compromised PC
- Account details for FTP, IRC and Email applications
- Account login for several web sites
- Web pages and visited URLs
Distribution
Mal/Qbot-B may spread by exploiting security and software vulnerabilities when user visits a malicious web page. Codes from this web site may instantly download a copy of the threat on visitor’s computer without a notice. Most of these infections are caused by unsuspecting clicks on malevolent links.
Locally, Mal/Qbot-B will spread on unsecured network-shared directories. If so configured, this virus may spread also on removable drives and USB devices.
Added Registry Entries:
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{1D42325C-4DD2-AAF4-0623-04F664A4E007}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Associated Files and Folders:C:\WINDOWS\host32.exe C:\WINDOWS\system32\twext.exe
W32.Virut.CF
W32.Virut.CF is a virus that can hide itself from antivirus program detection and invade the scanning process by using Entry Point Obfuscation (EPO). W32.Virut.CF will modify Windows registry to add itself on start-up items. Another functionality of this virus is to look for and infect executable files with extensions such as .exe, .scr. This worm injects i-frame into the body of the web-related files such as .html, .php and .asp. to further harm computer and redirect the homepage to unwanted websites. More
Suspicious.MH690
Suspicious.MH690 is a detection process for new malware threats without utilizing your antivirus program’s usual signatures. The method’s unique objective is to identify harmful software that attempts to conceal themselves from security programs by mutation technique. Encrypting Suspicious.MH690 is intentional with developers hoping to complicate threat analysis. Target computer’s antivirus application will be with the applied method. More