SpyHunter Threat Database Update 5.92

SpyHunter defs version 5.92 (08/17/2007) Latest Program version: 2.9.5018 The following new parasites have been added: Bofra.A Bofra is a worm virus that propagates through email. Once executed, Bofra will collect any emails that it can find on your PC (from both the Outlook address book, and text files). The worm uses its own SMTP email engine to send itself via email to any addresses that it harvests on your PC. It may try to masquerade as an online greeting card, pornographic video, or as “funny photos”. This worm also opens up a backdoor on your PC that allows a hacker to control your computer, steal data, and issue commands to the virus over IRC networks. The worm may also download and install additional malware. Worm.Fbound FBound is a worm virus that propagates through email. Once executed, FBound...

Posted on August 17, 2007 in Database Updates

Bofra.A

Bofra is a worm virus that propagates through email. Once executed, Bofra will collect any emails that it can find on your PC (from both the Outlook address book, and text files). The worm uses its own SMTP email engine to send itself via email to any addresses that it harvests on your PC. It may try to masquerade as an online greeting card, pornographic video, or as “funny photos”. This worm also opens up a backdoor on your PC that allows a hacker to control your computer, steal data, and issue commands to the virus over IRC networks. The worm may also download and install additional malware.

Posted on August 17, 2007 in Worms

Worm.Fbound

FBound is a worm virus that propagates through email. Once executed, FBound will collect any emails that it can find in your address book. The worm uses its own SMTP email engine to send itself via email to any addresses that it harvests on your PC. It masquerades as a file called patch.exe in outgoing emails. The worm will use a subject line written in Japanese if it sends to an email address ending in .jp.

Posted on August 17, 2007 in Worms

Worm.Gokar

Gokar is a worm virus that propagates through email. Once executed, FBound will collect any emails that it can find in your Outlook address book. The worm will then send itself via email to any addresses that it harvested on your PC. Gokar also attempts to propagate via IRC by creating a mIRC script.ini file. It will also attempt to spread itself by creating a default page in the Microsoft IIS web server folder. If a user visits this page, they will be asked to download the worm.

Posted on August 17, 2007 in Worms

BackDoor.Deloder

Deloder is a backdoor worm virus. It attempts to connect to remote Windows PCs using psexec.exe. Once it makes a successful connection, it will try to log on as Administrator, using a variety of pre-defined passwords. If the worm is able to login to Windows, it will connect through port 445 over TCP and will copy itself to the target computer. The worm will also delete several network shares on the infected PC. It will also install a separate backdoor exe, which will allow a hacker to connect to your computer via several access methods. This program opens up a huge security hole on your computer and is a very dangerous threat to the security of your personal and financial data.

Posted on August 17, 2007 in Backdoors

W95.Bodgy

Bodgy is a virus that may come packaged with other Trojans, backdoors, and malicious programs. Once installed and executed, Bodgy will autostart with Windows. On the 31st of August, the virus will display the message: “ANTI-MICROSOFT: DAMN BILLGATE & MICROSOFT, FUCK YOU!!! DO NOT TRY TO MONOPOLIZE SOFTWARE MARKET!!!”

Posted on August 17, 2007 in Viruses

X97M.Clonar.A

X97M.Clonar is a virus that may come packaged with other Trojans, backdoors, and malicious programs. Once installed and executed, Clonar will autostart with Windows. It will disable certain menu options related to Microsoft Office macros and Visual Basic, and may modify the size of toolbar buttons. This virus can spread as a macro, and will inject itself into other documents when an infected document is opened.

Posted on August 17, 2007 in Viruses

Email-Worm.Evaman.a

Evaman is a worm virus that propagates through email. Once executed, Evaman will configure itself to automatically start when Windows starts. The worm will then try to connect to a list of SMTP servers (or your PCs default SMTP server). It will then randomly query email.people.yahoo.com and will gather email addresses from the results. It will then send itself to any emails that it is able to collect, as either an exe file or an scr file. It may masquerade as a delivery failure attempt email.

Posted on August 17, 2007 in Worms

W32.Dupator

Dupator is a virus that injects itself directly into the Windows kernel32.dll system file. Once injected, it will add the string “DUPATOR” to the code of any executable file that is opened on the infected computer.

Posted on August 17, 2007 in Viruses

TrojanDownloader.ConHook.l

ConHook is a Windows Trojan downloader. Once installed on your PC, this parasite will load automatically as a Browser Helper Object each time you start Internet Explorer. ConHook will continuously download and install additional security risks, including Trojans, keyloggers, and rogue antispyware applications.

Posted on August 17, 2007 in Trojan Downloader

Adware.TTC

Adware.TTC installs itself as an Internet Explorer Browser Helper Object. Once installed, it will load each time you open IE, and will download and display numerous popup and pop-under adverts. The program installs itself without any license agreement or privacy policy. It also has the ability to auto-update itself over the web.

Posted on August 17, 2007 in Adware

Adware.Searchforit

Searchforit is an adware program. Once installed, it will load each time you login to Widnows, and will download and display numerous popup and pop-under adverts. Advertisements will typically be for credit cards, dating sites, and affiliate shopping sites. Searchforit is known to install itself through drive-by-downloads and other nefarious mechanisms.

Posted on August 17, 2007 in Adware

PCSecureSystem

PCSecureSystem screenshot

A rogue anti-spyware application that utilizes simple but effective scare tactics in order to intimidate you into purchasing the full commercial version of the software, PCSecureSystem achieves such results by showing you misleading scan results and false pop-up security alerts. PCSecureSystem typically finds its way into your system due to Trojans, browser security exploits or manual download and installation.

Posted on August 17, 2007 in Rogue Anti-Spyware Program

CrisysTec Sentry

CrisysTec Sentry screenshot

Crisystec Sentry is a rogue anti-spyware application that is often downloaded and installed upon your computer by a Trojan, that gains access to your system through security exploits. By showing you misleading warning messages and fraudulent scan results, Crisystec Sentry attempts to intimidate you into purchasing the full version of this program. It is important to note that CrisysTec Sentry will not help protect or repair your system and in fact may expose your computer to more serious security threats.

Posted on August 17, 2007 in Rogue Anti-Spyware Program

StealthWatcher

StealthWatcher screenshot

StealthWatcher is a spyware keylogger application. This application records every keystroke that you type on your computer, and hides itself from the user by running in stealth mode. StealthWatcher can be configured to automatically take screenshots at a preset time interval. It can be configured to log every web page that you visit and will also record all keystrokes that you type, as well as any instant messenger and email conversations. This program is a severe violation of your privacy and the safety of your personal and financial data, including banking information and credit card numbers.

Posted on August 17, 2007 in Keyloggers