Archive | Malware Files

Infostealer.Tremzi: Remove and uninstall Infostealer.Tremzi

What is Infostealer.Tremzi

Infostealer.Tremzi is a generic detection for polymorphic Trojan .dll files.

Technical details of Infostealer.Tremzi

Discovered: December 29, 2008
Updated: December 29, 2008 11:04:31 AM
Type: Trojan

Characteristics of Infostealer.Tremzi

Infostealer.Tremzi is a generic detection for malicious .dll files that steal information from the compromised computer.

Infostealer is a generic name for Trojan horse programs that attempt to steal sensitive information of a computer, such as password and login credentials. Infostealer can also affect MSN Messenger by writing fake messages and may use some information from messages already written by the MSN user. Further problems caused include sudden signing out.

Posted in Malware FilesComments (0)

Packed.Generic.118: Remove and uninstall Packed.Generic.118

What is Packed.Generic.118

Packed.Generic.118 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software.

Technical details of Packed.Generic.118

Discovered: December 29, 2008
Updated: December 29, 2008 3:52:20 AM
Type: Trojan, Virus

Characteristics of Packed.Generic.118

A packer is a tool that compresses, encrypts or obfuscates executable files. Malware authors often use packers to conceal threats from detection by antivirus software. Packed.Generic.118 detects a packer that is not known to be used for legitimate purposes.

Files that are detected as Packed.Generic.118 are considered malicious. We suggest that any files you believe are incorrectly detected as Packed.Generic.118 be submitted to Symantec Security Response.

Posted in Malware FilesComments (1)

Trojan.Downexec.C: Remove and uninstall Trojan.Downexec.C

What is Trojan.Downexec.C

Trojan.Downexec.C is a Trojan horse that may download files and steal information from the compromised computer.

Technical details of W32.Downadup.B

Discovered: December 30, 2008
Updated: December 30, 2008 2:48:09 PM
Type: Trojan, Virus

Characteristics of W32.Downadup.B

When the Trojan Trojan.Downexec.C is executed, it creates the following file:

Trojan.Downexec.C then modifies the following registry entry, so that it starts when certain programs start:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\”AppInit_DLLs” = “GameMon.des”

Trojan.Downexec.C then attempts to steal information from the PlayOnline Viewer program, sending it to one of the following URLs:[http://]p://[REMOVED][http://]p://[REMOVED]

Trojan.Downexec.C also periodically scans all removable drives for executable files and attempts to infect them.

Posted in Malware FilesComments (0)

How to Remove and uninstall W32.Downadup.B – W32.Downadup.B

What is W32.Downadup.B

W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and blocks access to security-related Web sites.

Technical details of W32.Downadup.B

Discovered: December 30, 2008
Updated: December 31, 2008 9:58:37 AM
Type: Worm
Modifies Files: Modifies the tcpip.sys file.

Characteristics of W32.Downadup.B

Once executed, W32.Downadup.B checks for the presence of the following registry entries and if not present will create them:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\”dl” = “0”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\”dl” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\”ds” = “0”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\”ds” = “0”

W32.Downadup.B then copies itself as the following files:

%ProgramFiles%\Internet Explorer\[RANDOM FILE NAME].dll
%ProgramFiles%\Movie Maker\[RANDOM FILE NAME].dll
%System%\[RANDOM FILE NAME].dll
C:\Documents and Settings\All Users\Application Data \[RANDOM FILE NAME].dll

Next, W32.Downadup.B registers as a service, by creating the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs

    Posted in Malware FilesComments (3)

    Advertise Here

    Hot Deals - Ending Soon