http://www.securelist.com/en/ 21 May 2013 12:02:13 +0400 http://www.securelist.com/en/rss/klogo.gif http://www.securelist.com/en/ webmaster@securelist.com () If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this: Delete the original program file (its... http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gdn http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gdn 31 Jan 2013 17:21:00 +0400 webmaster@securelist.com () A trojan program. It is a Windows application (PE-EXE file). 742912 bytes. Packed by an unknown packer. Unpacked size - around 788 kB. Written in Delphi. Installation When launching, the... http://www.securelist.com/en/descriptions/Trojan.Win32.Scar.dgje http://www.securelist.com/en/descriptions/Trojan.Win32.Scar.dgje 31 Jan 2013 17:17:00 +0400 webmaster@securelist.com () The malicious library exports the "testall" function which leads to the following actions being carried out. If the system launches the "avp.exe" process, the trojan tries to download the following... http://www.securelist.com/en/descriptions/Trojan.Win32.KillAV.gcg http://www.securelist.com/en/descriptions/Trojan.Win32.KillAV.gcg 31 Jan 2013 16:52:00 +0400 webmaster@securelist.com () The malicious library is a component of a trojan program designed to steal the user's authentication data. It is a Windows dynamic-link library (PE-DLL file). 8192 bytes. Written in C++. http://www.securelist.com/en/descriptions/Trojan.Win32.Agent2.dmdi http://www.securelist.com/en/descriptions/Trojan.Win32.Agent2.dmdi 30 Jan 2013 18:59:00 +0400 webmaster@securelist.com () A trojan program that uses the vulnerabilities in Oracle Java and Adobe Reader/Acrobat products to download and launch other malware. It is a HTML document containing Java Script. 88200 bytes. http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gbj http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gbj 30 Jan 2013 18:42:00 +0400 webmaster@securelist.com () A trojan program that uses the vulnerabilities in Oracle Java and Adobe Reader/Acrobat products to download and launch other malware. It is a HTML document containing Java Script. 88518 bytes. http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gaf http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gaf 30 Jan 2013 18:24:00 +0400 webmaster@securelist.com () A trojan that provides the attacker with remote access to the infected computer. It is a Windows application (PE-EXE file). 176640 bytes. UPX packed. Unpacked size - around 245 kB. Written in... http://www.securelist.com/en/descriptions/Trojan.Win32.Jorik.Carberp.ar http://www.securelist.com/en/descriptions/Trojan.Win32.Jorik.Carberp.ar 29 Jan 2013 14:28:00 +0400 webmaster@securelist.com () After launching, the trojan checks for the following branch in the system registry: [HKCU\Software\Classes\CLSID\{82404416-4C60-47F8-BA06-90BA7261C3AE}\InprocServer32] If the branch is missing, it... http://www.securelist.com/en/descriptions/Trojan.Win32.Agent2.dmvt http://www.securelist.com/en/descriptions/Trojan.Win32.Agent2.dmvt 29 Jan 2013 14:20:00 +0400 webmaster@securelist.com () A trojan program designed to delete components of the security software Gbuster plugin for Internet Explorer. Implemented in the form of an NT kernel mode driver. 5632 bytes. Written in C++. http://www.securelist.com/en/descriptions/Trojan.Win32.KillFiles.afz http://www.securelist.com/en/descriptions/Trojan.Win32.KillFiles.afz 29 Jan 2013 14:15:00 +0400 webmaster@securelist.com () A trojan program that downloads files from the Internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 6656 bytes. Written in C++. Installation After... http://www.securelist.com/en/descriptions/Trojan.Win32.Agent.fajk http://www.securelist.com/en/descriptions/Trojan.Win32.Agent.fajk 24 Jan 2013 15:25:00 +0400 webmaster@securelist.com () A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 56832 bytes. Packed by an unknown packer. Unpacked size - around 53 kB.... http://www.securelist.com/en/descriptions/Trojan.Win32.Jorik.Buterat.dp http://www.securelist.com/en/descriptions/Trojan.Win32.Jorik.Buterat.dp 24 Jan 2013 14:51:00 +0400 webmaster@securelist.com () Adware designed to redirect user searches to other web resources. It is a Windows application (PE-EXE file). 1135840 bytes. Written in C++. Installation The trojan is installed as an add-in for the... http://www.securelist.com/en/descriptions/AdWare.Win32.Gamevance.hfti http://www.securelist.com/en/descriptions/AdWare.Win32.Gamevance.hfti 24 Jan 2013 14:34:00 +0400 webmaster@securelist.com () A trojan program that downloads files from the internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 7168 bytes. Written in C++. Installation When... http://www.securelist.com/en/descriptions/Trojan-Downloader.Win32.Small.bven http://www.securelist.com/en/descriptions/Trojan-Downloader.Win32.Small.bven 23 Jan 2013 14:40:00 +0400 webmaster@securelist.com () A trojan program. It is a Windows application (PE-EXE file). 244927 bytes. This malware is created using the system to create the installation packages Nullsoft Scriptable Install... http://www.securelist.com/en/descriptions/Trojan.NSIS.Miner.a http://www.securelist.com/en/descriptions/Trojan.NSIS.Miner.a 23 Jan 2013 12:50:00 +0400 webmaster@securelist.com () A trojan program that downloads files from the Internet without the user's knowledge and launches them. It is a JAR-archive containing a set of Java-classes (class-files). 15661 bytes. http://www.securelist.com/en/descriptions/Trojan.Java.Agent.an http://www.securelist.com/en/descriptions/Trojan.Java.Agent.an 23 Jan 2013 12:40:00 +0400 webmaster@securelist.com () After launching the malicious HTML-document, using Java Script tools, it is decoded and a code is recorded in its body which carries out the following actions: it launches a script, the location of... http://www.securelist.com/en/descriptions/Exploit.JS.CVE-2010-4452.t http://www.securelist.com/en/descriptions/Exploit.JS.CVE-2010-4452.t 22 Jan 2013 15:39:00 +0400 webmaster@securelist.com () After opening the malicious HTML page in the browser, it displays the following message: 404 Not Found Then, using Java Script, the trojan collects system information, in particular: The type of OS... http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gcv http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.gcv 22 Jan 2013 15:29:00 +0400 webmaster@securelist.com () If the path to the trojan file does not contain a sequence of "ommon" symbols, the trojan will retrieve a script from its body and will launch this script under the following name: %ProgramFiles%\&lt... http://www.securelist.com/en/descriptions/Trojan-Dropper.Win32.StartPage.eba http://www.securelist.com/en/descriptions/Trojan-Dropper.Win32.StartPage.eba 22 Jan 2013 13:22:00 +0400 webmaster@securelist.com () A trojan program that installs and launches other software on the infected computer without the user's knowledge. It is a Windows application (PE-EXE file). 231124 bytes. Written in C++. http://www.securelist.com/en/descriptions/Trojan-Dropper.Win32.Agent.ezqm http://www.securelist.com/en/descriptions/Trojan-Dropper.Win32.Agent.ezqm 21 Jan 2013 13:00:00 +0400 webmaster@securelist.com () When launching, the trojan downloads a file from the internet using the following link: http://<rnd>.***heker.com Where <rnd> is a random sequence of digits. The link did not work... http://www.securelist.com/en/descriptions/Trojan-Downloader.Win32.VB.aiqx http://www.securelist.com/en/descriptions/Trojan-Downloader.Win32.VB.aiqx 21 Jan 2013 12:56:00 +0400