30 entries found.
Displaying page 2
of 2.
Trojan:WinNT/Conficker.B
Updated on Apr 11, 2011
Trojan:WinNT/Conficker.B is a trojan component of Worm:Win32/Conficker that aids in restarting the TCP/IP service.
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.
Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.
Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent this worm from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029.
Alert level:
severe
TrojanDownloader:Win32/Silly_P2P.G
Updated on Apr 11, 2011
TrojanDownloader:Win32/Silly_P2P.G is a trojan that attempts to download other malware. It may be distributed as a Win32/Conficker removal tool named "remtool_conf.exe".
Alert level:
severe
TrojanDownloader:Win32/Renos.HL
Updated on Apr 11, 2011
Trojan:Win32/Renos.HL is an installer that connects to specified websites to download and install a fake antivirus scanner. This scanner is detected as Trojan:Win32/WinSpywareProtect.
Note 6th April 2009: We have received reports that TrojanDownloader:Win32/Renos.HL has been distributed attached to an email that masquerades as a message from Microsoft. The message reads as follows:
From: Microsoft Computer Safety Department
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
Dear Windows User,
Starting April 1st, 2009 the "Comficker" virus began infecting Microsoft customers very quickly.
Microsoft was alerted by your Internet provider that your computer is showing signs of being infected.
To prevent further infection we recommend removing the infection using an antivirus program
We are giving all effected Microsoft customers a free antispyware scan in order to remove any infections from their system.
Please visit the Microsoft Windows System Security Scanner website by clicking here to start scanning your computer.
The process takes under a minute and will prevent your information from being stolen.
We appreciate your cooperation in this matter.
Regards
Microsoft Windows Representative #10(Willa)
Windows Net Security Division
Email Ref ID: g9BK0f
Windows Net Security Division
Email Ref ID: g9BK0f
This email was not sent by Microsoft and is an attempt to use the current interest and concern over Win32/Conficker in order to persuade users to download and install arbitrary files of the attacker's choice - in this case, Trojan:Win32/Renos.HL and in turn Trojan:Win32/WinSpywareProtect.
Additional information on how to help verify the legitimacy of a Microsoft e-mail can be found here:
Alert level:
severe
AVDefender
Updated on Apr 11, 2011
AVDefender 2011 is a variant of Rogue:Win32/FakePowav, which is a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that they need to pay money in order to remove these non-existent threats.
Alert level:
low