COMPUTER SERVICES     |     WEB SERVICES     |    SERVICE REQUEST     |      ABOUT US    |      VIRUS ALERTS    |     TESTIMONIALS

Virus Alerts

No, Microsoft has not released a new patch

We have received samples of an e-mail that has been spammed out to lots of recipients looking like an e-mail from Microsoft, with a link to a patch that is supposed to be a patch for a new vulnerability in the Microsoft WinLogon Service. Of course it isn't and even though the link looks like it's going to www.microsoft.com it will take you to http://www.redcallao.com/[undisclosed]/winlogon_patchV1.12.exe instead which is a password stealing trojan that we detect as Trojan-PSW.Win32.QQPass.ho.

 

Exploit-WMF  Type of threat: Trojan
Threat aimed at: This Sober variant was being seeded on Nov 21st 2005. It arrives as an email attachment, along with various message subjects and bodies. When the attachment is opened and the contained executable is run, a fake error message is displayed, Sober then creates a directory named WinSecurity in the %WinDir% directory (typically c:\windows). Several files are created in this folder. Starting on Friday, 6th January 2006, the worm stops spreading via EMail and tries to download and execute file from different URLs. The URLs are calculated based on the date and change every two weeks.

Recommended measures: Standalone tools such as McAfee Stinger http://vil.nai.com/vil/stinger/ will remove this Trojan. Customers using up-to-date antivirus protection from the major vendors are protected.

 

WinFixer  Type of threat: Program
Threat aimed at: This is not a virus or a trojan. It is detected as a "potentially unwanted program." It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. For example, a cookie from the winfixer.com domain was detected, along with several shortcuts that were pointing to valid existing targets. Although some detected items may be legitimate, the fact that clearly benign items are cited as problems is questionable. The primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections

 
Neal's Black Bag
Computer services
Web services
Anti Virus Products
 
 
 
 
Spyware Removal Products
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Contact Information
Phone: 210.422.8049
Email: helpme 
 
 
  
 Copyright technoDOCTOR 2006. All Rights Reserved.