Backdoor.Darkmoon.F may allow unauthorized access on infected system by creating a backdoor on TCP port 1328 and connects to the member.loveminim.com and execute commands remotely. When executed, Backdoor.Darkmoon.F will create a hidden alternate data stream using the file system32:netde.exe.
More
Downloader.Hashedip is a Trojan that will download additional threat called Trojan.Pidief.A. If executed, Downloader.Hashedip will resolve an IP address for a predefined host name by sending queries to DNS server assigned to infected system.
VBS.Mondezimia is a VBS, html, htm, and htt file infector that repeatedly infects all html files it can find on the infected computer. It can arrive on the system with an infected .html page. VBS.Mondezimia is capable of modifying Windows registry to run itself automatically when Windows is started. This virus may append VB script to the end of .html file that will increase its size to 35,581 bytes more. More
W32.Minerv.A is a worm that propagates by means of infected removable drives and unsecured network shares. W32.Minera.A will create a copy of itself on drives as Minerva Game.exe and New_Games.exe. This worm will also drop malicious files that will be injected to explorer.exe and record worm’s activity. More
W32.Racita.A is a worm that will propagate by creating a copy of itself to specified mapped network drives. Affected drives will consist an explicit background image assigned by the worm. W32.Racita.A also reduce security settings on the compromised system by ending security-related process.
RegistryCleanFix is a fake Windows registry utilities that may report false errors found on the computer. RegistryCleanFix may install itself on the system without any intervention from the user. A Trojan related to this rogue program will be able to penetrate Windows without being detected by anti-virus application. Also called as Registry Clean Fix 2007, this malicious application will flood the desktop with annoying alerts and pop-up messages. It will also run its own scan that will produce dozes of fake results.
Trojan.Advatrix can reduce security settings on the infected system by ending security-related process. It also redirects search page to predefined websites and publish advertisements. Trojan.Advatrix may infect a computer by downloading and installing programs from illegitimate web sites and file-sharing networks. The Trojan will also act as Browser Helper Object (BHO) for Internet Explorer. More
VirusRay is a rogue antivirus application that tricks user into buying the registered version by displaying its own fabricated threats on the computer. VirusRay uses unfair marketing method and deceiving information to push users to pay for the full version of it. It was found that VirusRay will be installed on target PC by means of a Trojan that will automatically download and execute it without users intervention. A visit to malicious web site is enough to get infected with VirusRay. More
Trojan.Sushpy or also called Sunshine Spy virus is a fake security application that will provide local virus scan and display fabricated results in order to deceive its victims. Sunshine Spy will prompt user to pay for the licensed version of the program in order to remove threats on the system. This potentially unwanted application also modifies desktop wall paper and display a black background with the following message: More
W32.Usbwatch is a worm that propagates by copying itself to removable USB devices and unsecured network drives. W32.Usbwatch steals user name and password from the compromised system and gathers network configuration and information. An autorun.inf file is created to run the worm each time the drive is accessed.