Virus - Malware Threats
close
back
A little advice...
The best way to protect yourself from infection is to avoid opening email attachments and files without scanning them first with a current version of the Antivirus software of your choice. It is always easier to keep problems from getting on your machine than trying to remove them after they have entered. Most infections come from email attachments or opening unscanned files. The second most common problem is outdated or non-existant real time virus scanning software. It is advisable if you spend time in chatrooms or use other file sharing software on common servers to install and maintain a firewall. Also have it tested upon installing and at least a minor port scan tests done monthly. Finally Windows users should keep current with Windows Update for patches to most major security threats on Microsofts products. These few things will stop most virus and security problems.

Virus - Malware Alert status section!
 
Real time Virus Map



Symantec Response
( Norton Antivirus )
Link to Symantec
Norton 's top 5 latest threats.

Clean up tools and info for some of the more commonly seen Malware.

  • Lirva.C for information about removal click here
    For download of removal tool click here.


  • Sobig.A for information about removal click here.
    For Download of removal tool click here.


  • Bogusbear Worm  ; This worm propagates via email be sending a copy of itself attached to messages with the following details:
    • From: Alerta_RaPida <boletin@viralert.net>
    • Subject: ProTeccion TOTAL contra W32/Bugbear (30dias)
    • Attachment: PROTECT.ZIP
    Trend Micro fix for this threat

  • Worm_Rodok.A - Henpeck - Fleming worm  is a worm that is written in Visual Basic. The worm spreads using MSN Messenger, and it is capable of downloading updates to itself from a Web site. The worm appears to originate from Norway, and it uses the file name BR2002.exe.
    registry key = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    so that it is executed when the system is started.
    Finally, the worm tries to find what appears to be CD keys that belong to the game named Half-Life and to an add-on for the game named Counterstrike. The worm looks for them in these locations: HKEY_CURRENT_USER\Software\Valve\Half-Life\Settings\Key HKEY_CURRENT_USER\Software\Valve\CounterStrike\Settings\Key If the worm finds the keys, it includes them in an MSN message that it sends to the hacker.
    • 1. Update the virus definitions.
    • 2. Run a full system scan, and
      delete all files that are detected as W32.HLLW.Henpeck.
    • 3. Delete the value
      WinUpdat
      from the registry key
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Additional Information = here.

  • Bugbear:  Is a Windows only Trojan-horse worm that attacks via e-mail and steals passwords and credit card numbers. Mactintosh, Linux and Unix users are not attacked by the worm. Bugbear's single trace is an attachment file that is always 50,688 bytes in size. The Trojan recreates randomly named .exe and .dll files, kills firewall and antivirus programs, and opens port 36794 for remote access. Users of IE 5.01 and 5.5 should run a header patch called Infected Mime, available at Microsoft.com, as well as uncheck Windows file sharing. Upon execution, WORM_BUGBEAR.A drops a copy of itself in the Windows System directory using a 4-character, semi-randomly generated filename. To ensure its automatic execution every system startup, it adds a registry entry that terminates antivirus processes and allows the worm to propagate by sending itself via email using its own SMTP (Simple Mail Transfer Protocol) engine. It also propagates via shared network folders.
    Fix Information at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A

    Bugbear Cleaner from Symantec

  • Worm_Aplore.A:   Known also as: W32.Aphex@mm, Bloodhound.VBS.Worm, I-Worm.Aplore [AVP], W32/Aplore-A [Sophos], W32/Aplore@MM [McAfee], Win32.Aphex [CA], WORM_APLORE.A [Trend], W32/Explorer [Panda]
    Infection Length: 319,488 bytes
    Description - This mass-mailing worm uses Microsoft Outlook and Visual Basic Script (VBS) to propagate copies of itself via email. It originates from a malicious Web site that prompts a visiting user to download and execute its file, which is a malicious executable that displays a hoax message.
    Upon execution, it creates an auto run key in the registry, drops other files, and copies itself into the System directory. Thereafter, it stays in memory and sends advertising messages to to users connected to the same Internet Relay Chat (IRC) channel as its infected user.

    Click Left Click Start - then >Run, type Regedit then hit the Enter key.
    In the left panel, double click the following:
    • HKEY_LOCAL_MACHINE>Software>Microsoft>
      Windows>CurrentVersion>Run
    • In the right panel, look for and then delete this registry entry:
      "Explorer=%SYSTEM%\explorer.exe"
    • Close the registry.
    • Restart your system in SAFE MODE ( F-8 at boot up of Windows ).
    • Open your Windows System directory, which is usually
      at C:\Windows\System. Click Start>Run, type C:\Windows\System or
      your Windows System directory then hit the Enter key. ( c:\winnt\system on win2k and win nt systems )
    • In the Windows System directory, look for and then delete these files:
      • EXPLORER.EXE (copy of itself)
      • PSECURE20X-CGI-INSTALL.VERSION6.01.BIN.HX.COM (copy of itself)
      • EMAIL.VBS (detected as VBS_PSECURE.A)
      • INDEX.HTML (detected as HTML_PSECURE.A)
      • APHEX.JPG (image)
      • HWND32.DLL (program usually truncates to 0 byte)




  • W32 Klez:  W32.Klez.gen@mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages. The subject and attachment name of incoming emails are randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. Cleaner is available at: http://www.norton.com/avcenter/venc/data/w32.klez.removal.tool.html

  • W95 Hybris.gen :  Subject: Snow White and the Seven dwarves Attachment Names: anpo porn(.scr , atchim.exe , branca de neve.scr , dunga.scr , dwarf4you.exe , enano porno.exe , joke.exe midgets.scr , sexy virgin.scr
    Fix information at http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html

  • W95.MTX:   Other names include attachments such as - I_wanna_see_you.txt.pif , Matrix_screen_saver.scr , Love_letter_for_you.txt.pif , New_playboy_screen_saver.scr , Bill_gates_piece.jpg.pif , Tiazinha.jpg.pif , Feiticeira_nua.jpg.pif , Geocities_free_sites.txt.pif , New_napster_site.txt.pif , Metallica_song.mp3.pif , Anti_cih.exe , Internet_security_forum.doc.pif , Alanis_screen_saver.scr , Reader_digest_letter.txt.pif , Win_$100_now.doc.pif , Is_linux_good_enough!.txt.pif , Qi_test.exe , Avp_updates.exe , Seicho_no_ie.exe , You_are_fat!.txt.pif , Free_xxx_sites.txt.pif I_am_sorry.doc.pif , Me_nude.avi.pif , Sorry_about_yesterday.doc.pif , Protect_your_credit.html.pif , Jimi_hendrix.mp3.pif , Hanson.scr F___ing_with_dogs.scr , Matrix_2_is_out.scr , Zipped_files.exe , Blink_182.mp3.pif - At least two base versions exist. Fix information at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MTX.D
    or
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MTX.B

  • Wscript.KakWorm:   This virus almost cannot be detected in an email, without an antivirus program. It can be sent from anyone and can have any subject - the attachment is embedded in the email.
    Norton Antivirus Write up: http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html
    Additional Comments: To avoid getting this virus make sure windows is patched via Windows Update or download this file http://www.microsoft.com/TechNet/IE/tools/scrpteye.asp.
    Fix Program: http://www.symantec.com/avcenter/fixkak.exe

  • Happy99.worm:  Attachment Names: Happy99.exe, Happy00.exe
    Additional information : http://www.symantec.com/avcenter/venc/data/happy99.worm.html
    Fix: tool at:
    http://www.sarc.com/avcenter/venc/data/fix.happy99.worm.html



Trend Housecall Online Scan (PcCillin)

http://www.trendmicro.com/( PcCillin Home page )

http://www.symantec.com/ ( Norton Antivirus Home Page )

Symantec Removal Tools list.

e-Trust Antivirus Page ( Computer Associates - Innoculate )

Panda Antivirus - Online scans, software and removal tools.

Grisoft Antivirus - free for personal use AV software.

H+BEDV Free Antivirus Software - A Free Antivirus Solution.

Kaspersky Antivirus Labs Home. Win-Linux- Online Scans

Trojan List    Simply Super Trojan Remover

Com U Solve Page ( Swat It Trojan tool )

Spybot Search and Destroy

My Security Section ( for problems like Spyware, webbots, etc.)


Close This Window    Back to last window

Most contents of this page are from either Trend Micros or Symantec websites and are here for informational purposes. See links to those websites for additional information and assistance. - last revised: March 19, 2003
however the virus info will load the most current list from Trend.
Note: I do not support or recommend the use of Network Associates Products ( McAfee )