Archive | Virus

Remove Win32/FakeAlert.MX. Delete, Uninstall Win32/FakeAlert.MX


What is Win32/FakeAlert.MX

Win32/FakeAlert.MX is a trojan that downloads and executes arbitrary files. It can block certain security websites and redirect user search queries to malware-related websites.

How Win32/FakeAlert.MX propagates

Win32/FakeAlert.MX checks whether the following Internet browser executables exist on the system, in order to customize replies received from the web servers:

chrome.exe
explorer.exe
firefox.exe
iexplore.exe
maxthon.exe
myie2.exe
opera.exe

It also monitors and may manipulate “GoogleDesktop.exe” results.

It checks for Internet connectivity by attempting to access www.microsoft.com. If unsuccessful, the trojan does not continue with its payload.

Win32/FakeAlert.MX is also known as

Clbd LB (CA Anti-Spyware), TrojanDropper:Win32/Alureon.J (MS OneCare), Rootkit.Win32.Clbd.lb (Kaspersky), Backdoor.Tidserv (Symantec)

Posted in VirusComments (1)

Remove Win32/Malas.C: Delete, Uninstall Win32/Malas.C


What is Win32/Malas.C

Win32/Malas.C is a network worm that propagates through mapped network drives and peer-to-peer networks.

How Win32/Malas.C propagates and spreads

There are generally two ways adopted by Win32/Malas.C for infecting computers and spreading itself.

Via Network Drives

The worm spreads via mapped network drives by searching for any logical drive and attempting to drop the following files there:

\autoply.exe
\Autorun.inf

Via Peer-to-Peer Networks

To propagate via peer-to-peer (P2P) network shares, Win32/Malas.C searches for the following directories relating to popular P2P programs:

%Program Files%\Kazaa Lite\My Shared Folder\
%Program Files%\Kazaa\My Shared Folder\
%Program Files%\Edonkey2000\Incoming\
%Program Files%\Icq\Shared Files\
%Program Files%\emule\incoming\
%Program Files%\Gnucleus\Downloads\Incoming\
%Program Files%\KMD\My Shared Folder\
%Program Files%\Limewire\Shared\
%Program Files%\XPCode\
C:\Inetpub\ftproot\

Win32/Malas.C is also known as:

W32/Bindo.worm (McAfee), INF/Malas.C, Worm:Win32/Malas.gen (MS OneCare), P2P-Worm.Win32.Malas.h (Kaspersky), WORM_MALAS.I (Trend), W32/Malas-B (Sophos), W32.SillyFDC (Symantec)

Posted in VirusComments (2)

Remove Win32/Fruspam.E – Delete, Uninstall Win32/Fruspam.E Virus


What is Win32/Fruspam.E

Win32/Fruspam.E is a mass-mailing worm that has the capability to send spam email through its own SMTP engine. It also targets systems running servers with IIS.

The virus Win32/Fruspam.E tries to obtain the IP address of the affected system by sending a HTTP request to whatismyip.com. Additionally, it connects to whois.apnic.net to determine the details of the IP address such as country, description, address and other details.

Method of Distribution of Win32/Fruspam.E

There are two methods by which Win32/Fruspam.E generally propagates to your system.

Via Email: Win32/Fruspam propagates via email. It downloads images from two legitimate websites and uses the images to construct the spam email.

Fruspam scans the system and harvests target email addresses from files on the affected machine. It communicates these email addresses to a remote SMTP server and attempts to use the server for sending the spam emails. It performs DNS MX (mail exchanger) queries to find an appropriate mail server for each domain it tries to send itself to. If it cannot find the DNS server, it attempts to guess the correct one for each domain, by different methods.

Via File Replacement: If the compromised system runs a web server with IIS (Internet Information Services), Win32/Fruspam.E attempts to modify or replace the legitimate IIS file at %Root%\inetpub\wwwroot\index.htm with its own .htm file.

Posted in VirusComments (1)

test, please ignore


test, please ignore

Posted in VirusComments (1)

Advertise Here

Hot Deals - Ending Soon

Archives