Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

IObit Europe Laboratory NEWS - read more


Recommended Posts

WARNING!

Following the remote wipe attack on some Samsung Mobile devices via a USSD code embedded in URL links with the “tel” prefix, QR codes and NFC-enabled cards, a new vulnerability in Android OS could affect millions of users.The new USSD attack can change a SIM PIN and brute force a PUK lock, rendering the card unusable.

 

--> IObit Europe Team

--> IObit Malware Fighter Team

Link to comment
Share on other sites

Warning

 

WARNING

 

A trojan on Facebook

 

The trojan sends a message in the name of a friend on facebook and the friend has sent nothing and knows nothing about it.

 

the message on facebook as follows:

 

ahaahahahahhahaahhhhahhaahhaahaaaaaahaaahhahaahhhaaaaahahaaahaaaaaahhaaha

http://www.mediafire

. com /? 9ff5r1p6cwt4ksi

 

Please not click and delete immediately.

 

--> IObit Europe Team

--> IObit Malware Fighter Team

--> IObit Europe LAB Team

Link to comment
Share on other sites

Good NEWS "IMF and ASC Ultimate (ASC with AV 2013!)

 

In October 2012, we saw a new QUERVAR variant with a new structure, different from the previously detected variants but with the same infection routines. These included infecting .EXE and Microsoft Excel and Word files and then renaming them with a .SCR extension. However, the newer variants came with a new payload: downloading ransomware and ZACCESS variants.

 

The new QUERVAR variants are detected as PE_QUERVAR.E-O. PE_QUERVAR.E-O accesses the following malicious files below to download ransomware variants detected as TROJ_RANSOM.CMY and HTML_RANSOM.CMY, and the ZACCESS variant TROJ_SIREFEF.SZP.

 

http://{BLOCKED}ewidea1.ru/1.php?000102E0&pin=16FB2534B0B2D6E3

http://www.{BLOCKED}coservisi.com/test/php/way.php?000076A8&pin=16FB2534B0B2D6E3

http://{BLOCKED}y90.com/c/osnovnoj2.exe?00022F68 – detected as TROJ_RANSOM.CMY

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/get.php?id=2 – detected as HTML_RANSOM.CMY

http://{BLOCKED}lhgkjl.un {BLOCKED}ilesexchnges.su/landings/first/US/NL_files/buttons.css

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/jquery.min.js

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/FBI.png

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/keyboard.js

http://{BLOCKED}lil.ru/33797470/2a06754.50664748/3052832ace10d474336096b36fbd49f05f190.exe?{random characters} – detected as TROJ_SIREFEF.SZP

 

IObit IMF and IObit ASC Ultimate users need not worry as they are protected via the Browser Guard and Network Guard. In particular, file reputation services blocks and deletes related malicious files, while the web reputation services blocks access to the sites where PE_QUERVAR.E-O downloads its malicious payload.

 

--> IObit Europe LAB Team

--> IObit Malware Fighter Team

--> IObit Europe Team

Link to comment
Share on other sites

  • 2 weeks later...

fake Adobe Flash Player update . . .

 

NEWS

Without verifying its legitimacy, users who may be anticipating a WebEx conference are at risk of downloading variants of a notorious info stealing malware. Last week, we received two spoofed emails that redirect users to a fake Adobe Flash Player update. These messages use different approaches to lure users into downloading the malicious file update_flash_player.exe (detected as TSPY_FAREIT.SMC). The first email is disguised as a WebEx email containing an HTM attachment. Once users execute this attachment, they are lead to a malicious ...

 

--> IObit Europe LABS Team

--> IObit Malware Fighter Team

Link to comment
Share on other sites

IObit Europe Laboratory NEWS - read more

 

News

We’re currently investigating several file infectors that have affected several countries, particularly Australia.

Identified as:

 

PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O. Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information:

 

{BLOCKED}.{BLOCKED}.162.208:35516 {BLOCKED}.{BLOCKED}.152.218:35516 {BLOCKED}.{BLOCKED}.71.249:35516 {BLOCKED}.{BLOCKED}.60.108:35516 {BLOCKED}.{BLOCKED}.123.153:35516 {BLOCKED}.{BLOCKED}.132.25:35516 {BLOCKED}.{BLOCKED}.16.5:389 {BLOCKED}.{BLOCKED}.0.1:1056 {BLOCKED}.{BLOCKED}.16.9 {BLOCKED}.{BLOCKED}.16.10 {BLOCKED}.{BLOCKED}.183.224:35516 {BLOCKED}.{BLOCKED}.0.1:1070 {BLOCKED}.{BLOCKED}.16.12:389 {BLOCKED}.{BLOCKED}.4.250:80 {BLOCKED}.{BLOCKED}.204.90:80 {BLOCKED}.{BLOCKED}.0.1:1043 {BLOCKED}biok.info {BLOCKED}c.com {BLOCKED}v.com {BLOCKED}tss.info {BLOCKED}ifhrf.net {BLOCKED}kowab.ru {BLOCKED}elertiong.com {BLOCKED}xw.ru {BLOCKED}naf.ru {BLOCKED}ppsfm.org {BLOCKED}r.info {BLOCKED}j.info {BLOCKED}bkxfn.biz {BLOCKED}hpte.com {BLOCKED}e.ru {BLOCKED}fbxrzn.com {BLOCKED}etobob.biz {BLOCKED}mullpy.info {BLOCKED}th.info {BLOCKED}medescriptor.com {BLOCKED}sncki.info {BLOCKED}hyjku.net {BLOCKED}mpyzh.net, {BLOCKED}hez.com, {BLOCKED}knddy.com {BLOCKED}vaweonearch.com, {BLOCKED}qyhqtb.org {BLOCKED}gnfvhz.ru {BLOCKED}l.ru {BLOCKED}cut.biz {BLOCKED}pq.info {BLOCKED}o.net {BLOCKED}eucnd.biz {BLOCKED}e.bluefirems.com.au

 

The infected file (detected as PE_XPAJ variants) is capable of downloading its mother file and loading it to the memory. As such, the copy of the mother file can be found in Windows folder using random file name and extension. ...

 

--> IMF/ASCU Team

--> IObit Europe LABS (Laboratory) Team

--> IObit Europe Team

Link to comment
Share on other sites

Facebook Security Alert....

 

FACEBOOK SECURITY ALERT....

If you get a chat from a friend and it reads....

 

hey, go to album67 dot com and search for "YOURNAME HERE" then click on the first photo.. I bet you didn't remember that, eh?

 

1. DO NOTE GOTO THE LINK YOU WILL BE INFECTED

2. Tell your friend his/her computer is infected and must be cleaned right away

3. Change your FB password if you suspect you are infected right away.... bad guys have full account access to your profile now

4. Get Advanced System Care w/ AntiVirus...

5. Virus scan your entire system

6. Run Deep Care - repair

7. Reboot

8. During the next 24/48 hrs keep in touch w/ friends on FB make sure they no longer are getting these messages from you

if problems persist contact a professional technician

 

--> IMF/ASCU Team

Link to comment
Share on other sites

Virus and Trojan Information

 

Virus and Trojan Information

 

W32/Mydoom.o@MM!CB4BF14684BD Trojan Low 25.10.2012

 

Ransom!gw!95169F0738CA Trojan Low 25.10.2012

 

Generic.gl!B73D3212DF6E Trojan Low 25.10.2012

 

W32/Expiro.gen.n!DB6957E1F258 Virus Low 25.10.2012

 

PWS-OnlineGames.a.dr!CA6559944F9F Trojan Low 25.10.2012

(Trojan/Password Stealer) !

 

Generic.dx!8BD479BD2D18 Trojan Low 25.10.2012

Link to comment
Share on other sites

Hi Martino... thanks for the information!

 

Malware Information

 

PWS-Banker!56D48148ADF2 / Trojan / 27.10.2012

 

Trojan / Password Stealer

 

--> cheers . . .

 

 

Hi martino... what else do you wish to be read??? You do understand that this is a restricted section of the forum dedicated to cleansing of machines so there are very few that can post here. So a suggestion here to read more would mean that you are providing additional information to be read. The title of your post is:

Malware Information . . . read more . . .

 

Please advise what is to be read!:shock: Otherwise the information is not useful to the majority of users that visit this support forum. It is necessary on this forum to post information that will be supportful to all members and visitors as best as possible (as the search engine bots are crawling everywhere here linking user searches here).

 

The information provided in the body of your post does not reveal the source of the information, nor the usefullness (how is a member or visitor to apply this information or test its validity??), thus the value of the post is severely diminished!!:?:

 

Posts even in this section, as it is public, should be clear in their applicability and context to solving a particular issue.:wink:

Perhaps you should become familiar with the Iobit forums more?

 

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

What is Tunneling ?

 

Tunneling

Tunneling is a virus technique designed to prevent anti-virus applications from working correctly. Anti-virus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.

 

cheers

Link to comment
Share on other sites

IObit Europe Laboratory NEWS - read more

 

The other threat is a phishing email that entices users to visit a website where they can download Windows 8 for free. Instead of a free OS, they are lead to a phishing site that asks for personally identifiable information (PII) like email address, password, name that can be peddled in the underground market or used for other cybercriminal activities.

 

cheers

 

--> IMF/ASCU Team <--

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...