Obfuscated Script.f!58 is an identification given to any web pages that are modified to host malicious content. This detection is for Obfuscated Java Script code that Trojan has injected to compromised web page. The script intends to drop additional malware onto visitor’s computer that causes Internet browser to redirect to unwanted web site hosting more threats. Authors conceal Obfuscated Script.f!58 from security program by using a complicated method in running its process on the system. It may inject code to system processes in order to hide the Trojan’s activity. More
TROJ_SMALL.UY is a Trojan that can drop another threat on to the infected computer. People may acquire this by visiting malicious websites. This Trojan will pretend as a legitimate Adobe Flash player updated to penetrate and install itself on victim’s computer. Presence of TROJ_SMALL.UY may set off malfunctions in Windows operating system. It can also endanger the privacy of computer users by exposing sensitive data to an attacker. More
Win32/Delf.OHS is a trojan program that provides a remote unauthorized control over the infected computer. Win32/Delf.OHS is a Windows PE EXE file, written in Borland Delphi and compressed using ASPack. This Trojan will connect to an IRC server via TCP port 3195 and receive commands from the remote attacker.
Win32.Virut.56 or also known as Virus:Win32/Virut.BN, propagates by infecting .exe and .scr files on a computer and network-shared resources. Win32.Virut.56 comes from the Virut family of Trojan that has infected millions of computers worldwide. These types of Trojans may corrupt the operating system because it tends to infect mostly system files. Due to immense damage, virus removal from affected files is often impossible. This may result for Windows operating system to fail. When that happens, only solution left is reformatting the hard drive and installing a fresh copy of Windows. More
Packed.Win32.Tdss.f is a Trojan that can hide its presence when infecting system files by injecting a code on legitimate Windows processes. This highly advanced method of infection is called rootkit technique. Packed.Win32.Tdss.f is also capable of creating a backdoor port to allow a remote attacker to gain full access on the compromised computer without user’s consent. This approach may give an attacker access to sensitive data that are stored on the system. More
Packed.Generic.200 is a usual detection for malicious files that were packed or encrypted to conceal itself from antivirus programs. Packed.Generic.200 can further harm the computer by downloading more threats from a remote server. This detection may cover Backdoor.Tidserv, Trojan.Fakeavalert, Trojan.Zlob families. Malware authors typically encrypt the Trojan using a packer that in not commonly used for lawful intention. More
WMA.Wimad.Drp is a detection method to identify malicious or infected MP3 files. This Trojan usually spreads through file-sharing networks and infects multimedia files on victim’s computer. The Trojan may also infect several driver and dynamic link library (DLL) files on the compromised system. More
Trojan.Mournor or W32.Mournor is a computer worm that alters certain system files and downloads additional threats coming from a remote server. The worm may propagate by infecting removable USB drives and network shared drives that have weak protection. It replaces genuine explorer.exe file with a modified one and moved it to a different folder. This method will allow the Trojan to execute when user opens Windows Explorer. More
Backdoor.Tidserv is a Trojan horse that allows remote unauthorized access on infected computer by creating a backdoor port. Backdoor.Tidserv remains hidden from the system with its use of advanced rootkit techniques. Once inside the computer, this Trojan can redirect Internet browser’s search result to a set of web addresses. Upon visiting said web sites, the Trojan will display pop-up ads and fake virus scanners to promote a rogue security product. More
Trojan.Giframe is a heuristic detection method to identify infected GIF images that may contain HTML tags crafted to redirect infected computer to malicious web sites.
When the Trojan executes, it will drop several files under Temporary folder of Windows. These files can consist of malicious GIF images. See Associated Files and Folders section for a complete list. The Trojan may then inject these files into Internet browser as a funny button that may induce user to click on it. It also uses trickery like online promotion, lottery or greeting card. More