Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit Security Software > Spyware-Malware Removal Help!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware-Malware Removal Help! A separate area dedicated to virus, spyware, rootkit and all other forms of malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old Oct. 3rd, 2012, 15:54
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Exclamation IObit Europe Laboratory NEWS - read more

WARNING!
Following the remote wipe attack on some Samsung Mobile devices via a USSD code embedded in URL links with the “tel” prefix, QR codes and NFC-enabled cards, a new vulnerability in Android OS could affect millions of users.The new USSD attack can change a SIM PIN and brute force a PUK lock, rendering the card unusable.

--> IObit Europe Team
--> IObit Malware Fighter Team
Reply With Quote
  #2  
Old Oct. 7th, 2012, 20:27
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default Warning

WARNING

A trojan on Facebook

The trojan sends a message in the name of a friend on facebook and the friend has sent nothing and knows nothing about it.

the message on facebook as follows:

ahaahahahahhahaahhhhahhaahhaahaaaaaahaaahhahaahhha aaaahahaaahaaaaaahhaaha
www.mediafire
. com /? 9ff5r1p6cwt4ksi

Please not click and delete immediately.

--> IObit Europe Team
--> IObit Malware Fighter Team
--> IObit Europe LAB Team
Reply With Quote
  #3  
Old Oct. 8th, 2012, 21:20
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default Good NEWS "IMF and ASC Ultimate (ASC with AV 2013!)

In October 2012, we saw a new QUERVAR variant with a new structure, different from the previously detected variants but with the same infection routines. These included infecting .EXE and Microsoft Excel and Word files and then renaming them with a .SCR extension. However, the newer variants came with a new payload: downloading ransomware and ZACCESS variants.

The new QUERVAR variants are detected as PE_QUERVAR.E-O. PE_QUERVAR.E-O accesses the following malicious files below to download ransomware variants detected as TROJ_RANSOM.CMY and HTML_RANSOM.CMY, and the ZACCESS variant TROJ_SIREFEF.SZP.

http://{BLOCKED}ewidea1.ru/1.php?000102E0&pin=16FB2534B0B2D6E3
http://www.{BLOCKED}coservisi.com/test/php/way.php?000076A8&pin=16FB2534B0B2D6E3
http://{BLOCKED}y90.com/c/osnovnoj2.exe?00022F68 – detected as TROJ_RANSOM.CMY
http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/get.php?id=2 – detected as HTML_RANSOM.CMY
http://{BLOCKED}lhgkjl.un {BLOCKED}ilesexchnges.su/landings/first/US/NL_files/buttons.css
http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/jquery.min.js
http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/FBI.png
http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/keyboard.js
http://{BLOCKED}lil.ru/33797470/2a06754.50664748/3052832ace10d474336096b36fbd49f05f190.exe?{random characters} – detected as TROJ_SIREFEF.SZP

IObit IMF and IObit ASC Ultimate users need not worry as they are protected via the Browser Guard and Network Guard. In particular, file reputation services blocks and deletes related malicious files, while the web reputation services blocks access to the sites where PE_QUERVAR.E-O downloads its malicious payload.

--> IObit Europe LAB Team
--> IObit Malware Fighter Team
--> IObit Europe Team
Reply With Quote
  #4  
Old Oct. 21st, 2012, 18:31
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default fake Adobe Flash Player update . . .

NEWS
Without verifying its legitimacy, users who may be anticipating a WebEx conference are at risk of downloading variants of a notorious info stealing malware. Last week, we received two spoofed emails that redirect users to a fake Adobe Flash Player update. These messages use different approaches to lure users into downloading the malicious file update_flash_player.exe (detected as TSPY_FAREIT.SMC). The first email is disguised as a WebEx email containing an HTM attachment. Once users execute this attachment, they are lead to a malicious ...

--> IObit Europe LABS Team
--> IObit Malware Fighter Team
Reply With Quote
  #5  
Old Oct. 23rd, 2012, 14:02
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default IObit Europe Laboratory NEWS - read more

News
We’re currently investigating several file infectors that have affected several countries, particularly Australia.
Identified as:

PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O. Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information:

{BLOCKED}.{BLOCKED}.162.208:35516 {BLOCKED}.{BLOCKED}.152.218:35516 {BLOCKED}.{BLOCKED}.71.249:35516 {BLOCKED}.{BLOCKED}.60.108:35516 {BLOCKED}.{BLOCKED}.123.153:35516 {BLOCKED}.{BLOCKED}.132.25:35516 {BLOCKED}.{BLOCKED}.16.5:389 {BLOCKED}.{BLOCKED}.0.1:1056 {BLOCKED}.{BLOCKED}.16.9 {BLOCKED}.{BLOCKED}.16.10 {BLOCKED}.{BLOCKED}.183.224:35516 {BLOCKED}.{BLOCKED}.0.1:1070 {BLOCKED}.{BLOCKED}.16.12:389 {BLOCKED}.{BLOCKED}.4.250:80 {BLOCKED}.{BLOCKED}.204.90:80 {BLOCKED}.{BLOCKED}.0.1:1043 {BLOCKED}biok.info {BLOCKED}c.com {BLOCKED}v.com {BLOCKED}tss.info {BLOCKED}ifhrf.net {BLOCKED}kowab.ru {BLOCKED}elertiong.com {BLOCKED}xw.ru {BLOCKED}naf.ru {BLOCKED}ppsfm.org {BLOCKED}r.info {BLOCKED}j.info {BLOCKED}bkxfn.biz {BLOCKED}hpte.com {BLOCKED}e.ru {BLOCKED}fbxrzn.com {BLOCKED}etobob.biz {BLOCKED}mullpy.info {BLOCKED}th.info {BLOCKED}medescriptor.com {BLOCKED}sncki.info {BLOCKED}hyjku.net {BLOCKED}mpyzh.net, {BLOCKED}hez.com, {BLOCKED}knddy.com {BLOCKED}vaweonearch.com, {BLOCKED}qyhqtb.org {BLOCKED}gnfvhz.ru {BLOCKED}l.ru {BLOCKED}cut.biz {BLOCKED}pq.info {BLOCKED}o.net {BLOCKED}eucnd.biz {BLOCKED}e.bluefirems.com.au

The infected file (detected as PE_XPAJ variants) is capable of downloading its mother file and loading it to the memory. As such, the copy of the mother file can be found in Windows folder using random file name and extension. ...

--> IMF/ASCU Team
--> IObit Europe LABS (Laboratory) Team
--> IObit Europe Team
Reply With Quote
  #6  
Old Oct. 23rd, 2012, 18:55
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default Facebook Security Alert....

FACEBOOK SECURITY ALERT....
If you get a chat from a friend and it reads....

hey, go to album67 dot com and search for "YOURNAME HERE" then click on the first photo.. I bet you didn't remember that, eh?

1. DO NOTE GOTO THE LINK YOU WILL BE INFECTED
2. Tell your friend his/her computer is infected and must be cleaned right away
3. Change your FB password if you suspect you are infected right away.... bad guys have full account access to your profile now
4. Get Advanced System Care w/ AntiVirus...
5. Virus scan your entire system
6. Run Deep Care - repair
7. Reboot
8. During the next 24/48 hrs keep in touch w/ friends on FB make sure they no longer are getting these messages from you
if problems persist contact a professional technician

--> IMF/ASCU Team
Reply With Quote
  #7  
Old Oct. 25th, 2012, 17:48
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default Virus and Trojan Information

Virus and Trojan Information

W32/Mydoom.o@MM!CB4BF14684BD Trojan Low 25.10.2012

Ransom!gw!95169F0738CA Trojan Low 25.10.2012

Generic.gl!B73D3212DF6E Trojan Low 25.10.2012

W32/Expiro.gen.n!DB6957E1F258 Virus Low 25.10.2012

PWS-OnlineGames.a.dr!CA6559944F9F Trojan Low 25.10.2012
(Trojan/Password Stealer) !

Generic.dx!8BD479BD2D18 Trojan Low 25.10.2012
Reply With Quote
  #8  
Old Oct. 26th, 2012, 22:49
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default Malware Information . . . read more . . .

Malware Information

PWS-Banker!56D48148ADF2 / Trojan / 27.10.2012

Trojan / Password Stealer

--> cheers . . .
Reply With Quote
  #9  
Old Oct. 27th, 2012, 01:03
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Lightbulb Hi Martino... thanks for the information!

Quote:
Originally Posted by martino View Post
Malware Information

PWS-Banker!56D48148ADF2 / Trojan / 27.10.2012

Trojan / Password Stealer

--> cheers . . .

Hi martino... what else do you wish to be read??? You do understand that this is a restricted section of the forum dedicated to cleansing of machines so there are very few that can post here. So a suggestion here to read more would mean that you are providing additional information to be read. The title of your post is:
Quote:
Malware Information . . . read more . . .
Please advise what is to be read! Otherwise the information is not useful to the majority of users that visit this support forum. It is necessary on this forum to post information that will be supportful to all members and visitors as best as possible (as the search engine bots are crawling everywhere here linking user searches here).

The information provided in the body of your post does not reveal the source of the information, nor the usefullness (how is a member or visitor to apply this information or test its validity??), thus the value of the post is severely diminished!!

Posts even in this section, as it is public, should be clear in their applicability and context to solving a particular issue.

Perhaps you should become familiar with the Iobit forums more?


Sincerely,
-Mel
Live long and prosper!
__________________



Last edited by Melvin_Deal : Oct. 27th, 2012 at 01:08.
Reply With Quote
  #10  
Old Oct. 28th, 2012, 21:01
martino martino is offline
IObit Fan
 
Join Date: 06 Apr 2012
Posts: 73
Default What is Tunneling ?

Tunneling
Tunneling is a virus technique designed to prevent anti-virus applications from working correctly. Anti-virus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.

cheers
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Get FREE Online Help



Free Download IObit Products




Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IObit SysExplorer upload report + brief explaination of issues that led to my running SysExplorer myamets Spyware-Malware Removal Help! 4 Dec. 24th, 2011 18:41
IObit SysExplorer upload report + brief explaination of issues that led to my running SysExplorer myamets Advanced SystemCare v5 1 Dec. 23rd, 2011 22:22
FORUM USAGE GUIDELINES - Read this first wozofoz FORUM USAGE GUIDELINES - Read this first 1 Nov. 4th, 2011 03:47
More Good news for Iobit ken500 Lounge 21 Jan. 17th, 2011 18:36


All times are GMT +0. The time now is 10:47.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.