VirTool:Win32/Obfuscator are detections for programs that aim at covering their selves on the infected computer system to avoid detection and removal by anti-virus software. These applications commonly use a combination of methods that include compression, encryption,anti-emulation, and anti-debugging techniques. VirTool:Win32/Obfuscator detection detects a wide range of different malicious applications; therefore, there are not any symptoms that can be listed specific to...

Worm:Win32/Wecykler.A is a worm that circulates via removable drives, such as USB sticks. Worm:Win32/Wecykler.A also terminates some security related processes, and logs keystrokes. Once installed, Worm:Win32/Wecykler.A drops potentially malicious files and makes registry modifications on the infected computer system. Worm:Win32/Wecykler.A creates copies of itself in the certain locations on the victimized computer system. The folders where the copies of Worm:Win32/Wecykler.A are located are...

Trojan:JS/IframeRef.I is a Trojan that spreads as a malicious JavaScript file, which is added into malicious or hijacked websites via an iFrame. The aim of the file is to reroute the compromised web browser to other malicious websites that may drop other malware threats onto the infected computer, often by exploiting software vulnerabilities. Trojan:JS/IframeRef.I activates links within iFrames while viewing web content on modified websites. To bypass the detection of anti-virus software, the...

Trojan:Win32/Agent.gen!F is a Trojan that runs additional malware. The additional malware threat is usually downloaded as a file with a name created to appear like a legitimate system file. Once installed on the infected computer system, Trojan:Win32/Agent.gen!F drops potentially malicious files. The malicious files may be added in any location on the victimized computer.

Trojan.Reveton.N (Trojan:Win32/Reveton.N) is a ransomware Trojan that demands a ransom from victims for the imaginary possession of illegitimate material or cybercrime activities. Trojan.Reveton.N displays a full-screen webpage including image/alert, localized according to the targeted location, providing instructions for the payment of the supposed fine. The webpage covers all other windows on the affected PC and makes the computer unusable. Trojan.Reveton.N also creates a shortcut file,...

PWS-Zbot.Gen is a Trojan created to steal data from the infected computer system. PWS-Zbot.Gen steals financial account information such as online banking login details and account data. PWS-Zbot.Gen is mostly distributed via spam email messages but can also use auto run capabilities of removable media, or install itself on the machine via a drive-by downloads when the PC user visits a hijacked or malicious website. Once installed on the affected computer system, PWS-Zbot.Gen connects to a...

Worm:Win32/Vobfus.MD is a worm that proliferates via network and removable drives and downloads other malware threats from a remote server. Once installed, Worm:Win32/Vobfus.MD drops potentially malicious files in the root folders of network and removable drives. Worm:Win32/Vobfus.MD also makes registry modifications. When executed, Worm:Win32/Vobfus.MD downloads a copy of itself as an executable file (.exe). Worm:Win32/Vobfus.MD modifies the certain registry entry to assure that its copy...

Worm:Win32/Rotrumas.A is a worm that circulates via removable drives. Worm:Win32/Rotrumas.A may also replace detected picture files (JPG and JPEG) with its own picture and may remove contents of document files (DOC and XLS). Once installed on the affected PC, Worm:Win32/Rotrumas.A adds potentially malicious files and makes registry modifications. Worm:Win32/Rotrumas.A creates the certain registry entries so that its copy can load automatically every time you start Windows...

Trojan:HTML/Redirector.AW is a Trojan that spreads as a malicious HTML file through hacked websites. The file is downloaded into the affected computer by another security infection and is set as the home page of the hijacked web browser. Trojan:HTML/Redirector.AW attempts to redirect the affected PC user's web browser to suspicious and infectious websites that contain malware threats or rogue software. Trojan:HTML/Redirector.AW also strives to make money from unwanted redirects by...

JS:Trojan.Script.AAR is a Trojan that spreads as a code in a form of a JavaScript file. This type of file usually exists on the web server and starts once it registers a visitor. JS:Trojan.Script.AAR can be an individual file or an obfuscated script inserted into the malicious website. JS:Trojan.Script.AAR usually infects files such as .html, .asp, and .php. JS:Trojan.Script.AAR creates a code to have a unique signature for each page, thus, it may be difficult for automated scanner to detect...

Trojan.Parpwuts.B (Trojan:MSIL/Parpwuts.B) is a Trojan that displays advertising or pornographic websites on the compromised PC. Trojan:MSIL/Parpwuts.B may pretend to be a legal driver or update for a keyboard. Once installed on the infected computer system, makes system changes by dropping potentially malicious files and making registry modifications. Trojan.Parpwuts.B modifies the registry entry to assure that its copy loads every time you start Windows.

Every so often there comes about an attack on a large social network . In the latest happenings in the online social world, Tumblr was hit with a massive and rapidly spreading worm that has taken advantage of Tumblogs belonging to users logged in at the time of an attack that has left the blogs with an obscene and racists-toned fabricated GNAA (Gay N***** Association of America) message as shown below in Figure 1. Figure 1 - Tumblr worm fabricated obscene message found on attacked...

Trojan.Chromext is a Trojan that steals personal information and opens a back door on the infected computer. Trojan.Chromext is downloaded and installed as a Chrome browser extension. Trojan.Chromext then attempts to steal user names and passwords entered into the Chrome browser. Trojan.Chromext also attempts to steal cookies stored in the web browser. Once executed, Trojan.Chromext may download numerous potentially malicious files from the remote server. Trojan.Chromext also gathers the...

Exploit:Win32/Pdfjsc.ADY is a Trojan that spreads as a malicious PDF file with a malicious JavaScript exploiting a vulnerability in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, allow Exploit:Win32/Pdfjsc.AEW to download and execute arbitrary files. Adobe Acrobat and Adobe Reader earlier than 8.2.1 and Adobe Acrobat and Adobe Reader earlier than 9.3.1 are vulnerable to Exploit:Win32/Pdfjsc.AEW. Exploit:Win32/Pdfjsc.AEW may be faced when visiting a hacked...

Worm:Win32/Dorkbot.I is an IRC-based worm that circulates via removable drives, instant messaging programs such as Windows Live Messenger, Pidgin chat, Xchat and mIRC, and social networks such as Facebook, Twitter, Bebo, and Vkontakte (a Russian social network). Win32/Dorkbot.I may grab user names and passwords by monitoring network communication, and may block websites that are associated with security updates. Worm:Win32/Dorkbot.I may also launch a limited denial of service (DoS) attack....

Worm:Win32/Dorkbot.A, a variant of the well-known Dorkbot family of worms, includes the standard backdoor-based attacks of its kindred, which can be used to compromise your computer's privacy and security to the point of allowing criminals near-total control over your PC. Also like its kin, Worm:Win32/Dorkbot.A has been found to use many different methods of distributing itself. Some of the major methods that SpywareRemove.com malware experts have outlined include spam on social networking...

Also, identified by the alias of Trojan.Agent.AXMO, Troj/Agent-ZCT is a Trojan that's installed on compromised Windows PCs via drive-by-download browser exploits. As of the time of this article's writing, SpywareRemove.com malware experts can confirm that installation attacks for Troj/Agent-ZCT are hosted on gyalwarinpoche.com, a website dedicated to the Dalai Lama. However, due to the newly-emerged nature of this threat, most web analysis tools and companies have yet to flag...

'Browse to Save' is an adware program that will display its own ads on eBay, Amazon, Walmart and other websites. These advertisements will be displayed as boxes including various coupons that are available or as underlined keywords, which when clicked will show an advertisement that claims it is brought to you by 'Browse to Save'. 'Browse to Save' can be installed on the compromised PC by another application that has bundled in its installer the 'Browse to Save' adware. Web users should...

'Ihr Computer Wurde Blockiert' Ransomware is a ransomware Trojan that displays a misleading pop-up warning to force its victims to pay a hundred Euro fine through Ukash. Similar to its relatives (such as Royal Canadian Mount Police (RCMP) Ransomware , ' El Equipo Ha Sido Bloqueado' Ransomware , ' Tá do ríomhaire cosc curtha' Ransomware , ' Komputer zostal zablokowany naruszenia prawa polskiego' Ransomware or ' Computeren er Blevet Blokeret' Ransomware ), 'Ihr Computer Wurde Blockiert'...

Exploit:Java/CVE-2012-4681.HD is a malicious Java applet that exploits the vulnerability described in CVE-2012-4681 to spread the Dorkbot worm. Java applets that are not digitally signed are considered not reliable. As other Java applets, Exploit:Java/CVE-2012-4681.HD, is executed with limited permissions by the Java Runtime Environment. Before it can download and run arbitrary files, Exploit:Java/CVE-2012-4681.HD has to disable the security manager, which defines the security policy of the...