|
>
Computer Virus Alerts - Maintenance
Type: Trojan, Virus
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
W32.Rixobot!gen2 is a heuristic detection used to detect threats associated with the W32.Rixobot family of worms. Files that are detected as W32.Rixobot!gen2,, W32.IRCBot!gen2, W32.Yimfoca!gen2, Trojan.Zlob!gen1, Trojan.Zlob.P, Trojan.FakeAV!gen30, Packed.Coravint!gen, Packed.Coravint!gen1, W32.Expichuare considered malicious.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows 7, Windows XP
Trojan.GootKit is a Trojan horse that steals confidential information. It also opens a back door and downloads additional files on to the compromised computer.
Note: Definitions prior to May 11, 2010 may detect this Trojan as one of the following threats:
- Backdoor.Trojan
- Downloader
- Packed.Cupx!gen5
- Trojan Horse
- Trojan.Dropper
- Trojan.Gen
- W32.Ircbrute
Trojan.Holisnif
Updated: May 6, 2010
Type: Trojan
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows 7, Windows NT, Windows Server 2003, Windows 2000
Once executed, the Trojan cretes the following file:
%CurrentFolder%\[RANDOM FILE NAME].exe
The Trojan creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run\"sniffer" = "%CurrentFolder%\[RANDOM FILE NAME].exe"
It proceeds to drop the following legitimate packet sniffing library files:
* %System%\Packet.dll
* %System%\wpcap.dll
* %System%\drivers\npf.sys
The Trojan then attempts to initialise the dropped files and start sniffing on available ethernet interfaces to look for user credentials sent over the following TCP ports:
* TCP port 110 for POP3
* TCP port 25 for SMTP
* TCP port 21 for FTP
It then gathers the stolen confidential credentials and sends them to the remote attacker by posting them to a script at the following remote server:
holiza.com
Windows Security
Criminals can gain access to your computer through email, attackers' websites, instant messaging & file sharing.
All of these are safe, when you have the best antivirus software & your Windows or Mac updates.
ESET NOD32 Anti-Virus even alerts you to update Windows.
Contact Us for a free antivirus trial to the end of this month.
You may download, install & scan your computer using the best antivirus avaiable. (Data from independant tests at www.av-comparatives.org shows ESET NOD32 Anti-Virus is the best of 16 tested. AVG free is bottom of the list & Nortons comes in the lower half of results.)
What is a virus or trojan or malware?
We have a comparison of NOD32 Eset to other antivirus products.
Contact Us for a free antivirus trial to the end of this month.
Most recent malware, computer viruses, worms, Trojan horses, spyware and adware.
01. a variant of Win32/Injector.BZ trojan December 09 09
02. Win32/Netsky.Q worm
03. Win32/Zafi.B worm
04. a variant of Win32/Kryptik.BIT trojan
05. Win32/Netsky.C worm
06. Win32/Mydoom.Q worm
07. Win32/Netsky.AB worm
08. Win32/Merond.AA worm
09. Win32/Netsky.Z worm
10. Win32/Xorer.NAE virus
Trojan-Spy:W32/ZBot.XF Bloodhound.Exploit.192 - W32.Tufik.E!inf - W32.Tufik.E - Trojan.Cymdos - Trojan.Installscash - Bloodhound.Exploit.189 - Bloodhound.Exploit.190 - Infostealer.Fertippy - Packed.Generic.119 - Trojan.Virantix.C - W32.Mariofev.A - W32.Zapinit - JS.Faizal - W32.Wowinzi.A - VBS.Solow.F - W32.Madag.A - Downloader.Lozavita -W32.Bassyl!inf - W32.Zatyudi.A - Trojan.Garntet - Trojan.Qipian - Trojan.Asnoms!inf - W32.Mandaph - Infostealer.Gamler
What is a virus or trojan or malware?
Malware is software designed to infiltrate or damage a computer system, without the owner's consent. The term is a combination of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware. In law, malware is sometimes known as a computer contaminant.
Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains errors or bugs.
Recommendations
We encourage all users and administrators to adhere to the following basic security "best practices":
* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
* Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the Current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
* Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
* Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
* Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
Contact Us for a free antivirus trial to the end of this month.
|
