7 entries found.
Trojan:Win32/WinSpywareProtect
Updated on Apr 11, 2011
Trojan:Win32/WinSpywareProtect is a program that may falsely claim that the user's system is infected and encourages the user to buy a promoted product for cleaning the alleged malware from the computer.
Alert level:
high
Program:Win32/WinSpywareProtect.A
Updated on Sep 26, 2013
This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.
Alert level:
severe
TrojanDownloader:Win32/Zlob.II
Updated on Apr 11, 2011
TrojanDownloader:Win32/Zlob.II is a detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software).
Alert level:
severe
TrojanDownloader:Win32/Renos.HL
Updated on Apr 11, 2011
Trojan:Win32/Renos.HL is an installer that connects to specified websites to download and install a fake antivirus scanner. This scanner is detected as Trojan:Win32/WinSpywareProtect.
Note 6th April 2009: We have received reports that TrojanDownloader:Win32/Renos.HL has been distributed attached to an email that masquerades as a message from Microsoft. The message reads as follows:
From: Microsoft Computer Safety Department
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
Dear Windows User,
Starting April 1st, 2009 the "Comficker" virus began infecting Microsoft customers very quickly.
Microsoft was alerted by your Internet provider that your computer is showing signs of being infected.
To prevent further infection we recommend removing the infection using an antivirus program
We are giving all effected Microsoft customers a free antispyware scan in order to remove any infections from their system.
Please visit the Microsoft Windows System Security Scanner website by clicking here to start scanning your computer.
The process takes under a minute and will prevent your information from being stolen.
We appreciate your cooperation in this matter.
Regards
Microsoft Windows Representative #10(Willa)
Windows Net Security Division
Email Ref ID: g9BK0f
Windows Net Security Division
Email Ref ID: g9BK0f
This email was not sent by Microsoft and is an attempt to use the current interest and concern over Win32/Conficker in order to persuade users to download and install arbitrary files of the attacker's choice - in this case, Trojan:Win32/Renos.HL and in turn Trojan:Win32/WinSpywareProtect.
Additional information on how to help verify the legitimacy of a Microsoft e-mail can be found here:
Alert level:
severe
Trojan:Win32/Zlob.G
Updated on Apr 11, 2011
Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.
Alert level:
severe
Exploit:JS/Pdfcmi.C
Updated on Apr 11, 2011
Exploit:JS/Pdfcmi.C is a detection for a specially crafted JavaScript code, embedded in a malformed Portable Document Format (PDF) file, that attempts to exploit a buffer overflow vulnerability (CVE-2007-5659) in Adobe Reader version 8.1.1, and earlier.
Alert level:
severe