Spammer:Win32/Fifesock.E
Spammer:Win32/Fifesock.E is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
Spammer:Win32/Fifesock.F
Spammer:Win32/Fifesock.F is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
Exploit:Win32/Pdfjsc.ADQ
Exploit:Win32/Pdfjsc.ADQ is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
- Adobe Acrobat 8 and Adobe Reader 8 earlier than 8.2.1
- Adobe Acrobat 9 and Adobe Reader 9 earlier than 9.3.1
Exploit:Win32/Pdfjsc.ADY
Exploit:Win32/Pdfjsc.ADY is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files, including malware from the following families:
- Trojan:Win32/Simda
- Win32/Zegost (for example, Backdoor:Win32/Zegost.F)
- Win32/Carberp
- Win32/Fareit
- Trojan:Win32/Lockscreen
- Trojan:Win32/Ransom
- Trojan:Win32/Reveton
- Win32/Winwebsec
- Win32/Zbot
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
- Adobe Acrobat and Adobe Reader earlier than 8.2.1
- Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection
This malware exploits known vulnerabilities.
You should always install the latest updates available from Adobe to prevent reinfection from this threat, and possible infection from other threats.
Download updates for Adobe products from the following link:
SystemTool
System Tool is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.
Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "System Tool".
Trojan:Win32/Fifesock.gen!A
Trojan:Win32/Fifesock.gen!A is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
TrojanDownloader:Win32/Waledac.I
SecurityShield
Rogue Antivirus programs are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.
- Microsoft Security Essentials
- Windows Defender
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Trojan:Win32/Necurs
Microsoft security software detects and removes this family of threats.
This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.
These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec. We have also seen them installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.
Attentive Antivirus
Windows Defender detects and removes this threat.
Attentive Antivirus is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also stop processes and services, modify security settings, and block access to websites.
VirTool:Win32/Obfuscator.OB
Trojan:Win32/Fifesock.gen!C
Trojan:Win32/Fifesock.gen!C is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
TrojanDownloader:Win32/Harnig.gen!Q
Trojan:HTML/IFrame_Exploit.C
TrojanDownloader:Win32/Renos.IR
Spammer:Win32/Fifesock.B
Spammer:Win32/Fifesock.B is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
SmartProtection2012
Smart Protection 2012 is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.
Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Smart Protection 2012".
Trojan:Win32/Fifesock.gen!B
Trojan:Win32/Fifesock.gen!B is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
Rogue:Win32/Defmid
Windows Defender Antivirus detects and removes this threat. See the Win32/Defmid description for more information.
Rogue:Win32/InternetAntivirus
Windows Defender Antivirus detects and removes this threat. See the Win32/InternetAntivirus description for more information.