antivirusprotection

Aliases:
Trojan-Dropper.Java.Xideo (Kaspersky Lab) is also known as: TrojanDropper.Java.Xideo (Kaspersky Lab), JV/Xideo (McAfee),   Trojan Horse (Symantec),   Troj/JVXideo-A (Sophos),   Java/Xideo (H+BEDV),   Java/TrojanDropper.Xideo.A (Eset)

Description added     Nov 28 2006
Behavior                    TrojanDropper
Technical details:
This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. It is written in Java. The file is 42,155 bytes in size.

Payload:
Once launched, the Trojan extracts the following files from itself, saves them to the Windows temporary directory, and launches them for execution:

xxxvideo.com (6 000 bytes, will be detected by Kaspersky Anti-Virus as Trojan.Win32.Alfora)
microsoft.com (15,360 bytes, will be detected by Kaspersky Anti-Virus as Trojan.Win32.Small.w) Removal instructions

Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete xxxvideo.com and microsoft.com from the Windows temporary directory (%Temp%).
Update your antivirus databases and perform a full scan of the computer.

Aliases:
Trojan-Downloader.JS.Weis.b (Kaspersky Lab) is also known as: TrojanDownloader.JS.Weis.b (Kaspersky Lab), VBS/Psyme (McAfee),   Downloader.Trojan (Symantec),   JS/Psyme (Grisoft),   Exploit.ADODB.Stream.Gen (SOFTWIN),   VBS/TrojanDownloader.Psyme.NAF (Eset)

Description added    May 10 2007
Behavior                    TrojanDownloader
Technical details:
This is a Trojan downloader program. It is written in JavaScript. It can be found on web pages.
Payload:
The Trojan uses Microsoft.XMLHTTP to download a file from an address which is given as a parameter. This file will be saved using ADODB.Stream to C:\Program Files\Internet Explorer\
The file will then be launched for execution by a function which will vary in accordance with the version of Windows. Removal instructions:
-Delete the page with the malicious code, if it was launched from a local resource.
-Update your antivirus databases and perform a full scan of the computer.

Technical details:
This is the second macro-virus that also has pretensions to be The Number One in the “Macro.Visio” family. This virus is more complex than Macro.Visio.Radiant - it uses encryption and special tricks to hide its body in infected files.
The virus infects Visio documents, and stencils and templates upon opening an infected document. It enumerates all opened documents, stencils and templates and infects them by coping the virus body into them. To mark already infected documents, the virus writes “Visio2k.Unstable” into their description and does not infect documents with such a mark.
To hide itself, the virus closes all opened widows in the VBA editor, disables Visual Basic Editor’s menus and “Standard” toolbar. In case a user tries to edit the macros inside infected documents, he/she will see just the empty editor’s main window without any menus, toolbars and child windows.
The virus has a payload that triggers on the 31st, and it displays the message:
Visio2000.Unstable
Unstable, it’s hard to be the one who’s strong
Who’s always got a shoulder to cry on
Who’s got a shoulder for me?
The virus contains three procedures in module “ThisDocument” - “Document_DocumentOpened()”, “Unstable()” and “ci()”. Inside infected documents second procedure is unreadable because of encryption. The virus decrypts this procedure only just before its call.

Sydney-based PC Tools, purveyors of the popular Spyware Doctor antispyware utility, today announced their acquisition of Novatix Corporation.
Novatix’s flagship product is Cyberhawk, a real-time behavior-based anti-malware program. According to PC Tools, “Cyberhawk’s patent-pending ActiveDefense technology offers unsurpassed protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows and other forms of malware and provides effective protection against zero-day attacks.”
Mike Kronenberg, chief executive of Novatix, will become chief technical officer of North American operations for PC Tools.
Spyware Doctor has long been a PC Magazine Editor’s Choice for spyware protection, though the latest revision, Version 5.0 – a total rewrite with antivirus protection added – had some new-version problems. In testing, Cyberhawk Pro 2.0 was very effective at preventing malware from installing on a clean system. It doesn’t remove found threats, just bottles them up so they can’t do any harm. It’s a good match for Spyware Doctor, which thoroughly cleans up the malware infestations it finds.
According to PC Tools chief executive Simon Claussen, “This new technology will help strengthen our zero-day coverage and improve our ability to detect emerging threats”.
Kronenberg agreed. “We see this acquisition as a great fit for Novatix,” he said. “PC Tools is a leader in the anti-spyware and anti-virus space. Our combined efforts will ensure that consumers get the best protection possible. PC Tools’ broad reach in the consumer marketplace ensures our highly effective technology will have an even greater impact.”
When asked when customers would reap the benefits of this acquisition, Michael Greene, PC Tools’ vice president of product strategy, said immediately. “Consumers will start to recognize benefits right away.” Greene said. “The information that comes in from the Cyberhawk community protection feature will feed into our ongoing analysis of new threats, and our Threat Expert technology will help speed up processing”.
Cyberhawk Pro and the free Cyberhawk Basic will be backed by the PC Tools name and fully supported by PC Tools, Greene added.
Greene also declined to give a timetable on when both products would be integrated. “We don’t have a hard date for integrating the technology into Spyware Doctor, but it is part of the long-term plan. Not only will we have signatures for the stuff we know about, we’ll have behavioral technology for threats we haven’t seen.”

Spyware Doctor is a dedicated tool that can do precisely this. It begins scanning your PC’s contents as soon as you complete the installation and provides precise details of each of the items it determines are potential threats. SD scanned our 120GB test machine in less than 10 minutes and identified 34 problems.
Unlike some spyware and antivirus programs that simply warn you of the number of nasties lurking on or attempting to access your system, Spyware Doctor actually tells you what the threats are, one by one.
In addition, it explains the level of threat they pose and, on the right of the pane listing them, explains why cookies from known dodgy websites put you at risk. Threats are separated into low, medium, elevated and high levels, categorised by type such as advertising and tracking cookies.
It outlines why these are a risk and provides a history of how they’ve been known to exploit vulnerabilities. This way you know which threats you should immunise your system against.
The main Spyware Doctor window offers to scan or immunise your computer, and to switch on or off the OnGuard Protection utility. By clicking on the Tools menu you can select which particular types of threat you want the program to alert you to and to protect you against. These include keystroke loggers, adware, phishing tools and Trojans, plus items that make changes to your PC’s Registry.
A Smart Update setting ensures you stay up-to-date with alerts. You can schedule the program to run automatically. A handy tool will undo changes you’ve asked Spyware Doctor to make, such as removing items you then find you need.
Verdict:
Spyware Doctor impressed us greatly with its detailed reporting tools and the ability to specify exactly what you want it to be on guard for and what doesn’t concern you. It’s well priced and it’s refreshing to find a program that takes the time to explain each risk, helping you make an informed decision about whether to erase it.

Aliases:
Email-Worm.Win32.NetSky.t (Kaspersky Lab) is also known as: I-Worm.NetSky.t (Kaspersky Lab), W32/Netsky.t@MM (McAfee),   W32.Netsky.T@mm (Symantec),   Win32.HLLM.Netsky.based (Doctor Web),   W32/Netsky-T (Sophos),   Win32/Netsky.T@mm (RAV),   WORM_NETSKY.T (Trend Micro),   Worm/NetSky.#1 (H+BEDV),   W32/Netsky.T@mm (FRISK),   Win32:Netsky-T (ALWIL),   I-Worm/Netsky.T (Grisoft),   Win32.NetSky.T@mm (SOFTWIN),   Worm.SomeFool.Gen-2 (ClamAV),   W32/Netsky.T.worm (Panda),   Win32/Netsky.T (Eset

Technical details: 
This worm spreads via the Internet as an attachment to infected emails.
The worm itself is a Windows PE EXE file of approximately 18KB, packed using UPX and written in Microsoft Visual C++.
Infected messages:
Message header
Approved
Hello
Hi
Important
My details
Re: Approved
Re: Hello
Re: Hi
Re: Important
Re: My details
Re: Request
Re: Thanks you!
Re: Your details
Re: Your document
Re: Your information
Request
Thank you!
Your details
Your document
Your information
Message body (chosen at random from the texts below)
Approved, here is the document.
For more details see the attached document.
For more information see the attached document.
Hello!
Here is the “…”.
Here is the document.
Hi!
I have found the “…”.
I have sent the “…”.
I have spent much time for the “…”.
I have spent much time for your document.
My “…” is attached.
My “…”.
Note that I have attached your document.
Please have a look at the “…”.
Please have a look at the attached document.
Please notice the attached “…”.
Please notice the attached document.
Please read quickly.
Please read the “…”.
Please read the attached document.
Please see the “…”.
Please, “…”.
See the document for details.
Thank you
Thanks
The “…” is attached.
The “…”.
The requested “…” is attached!
Your “…” is attached.
Your “…”.
Your file is attached to this mail.
Yours sincerely
The worm inserts random characters from the list below between the quotation marks.

abuse list
account
answer
approved document
approved file
archive
bill
concept
contact list
corrected document
description
detailed document
details
developement
diggest
document
e-mail
excel document
file
final version
homepage
icq number
important document
improved document
improved file
info
information
instructions
letter
list
mail
message
movie document
new document
note
notice
number list
old document
order
personal message
phone number
photo document
picture document
postcard
powerpoint document
presentation document
release
report
requested document
sample
secound document
story
summary
text
textfile
user list
word document
Attachment:
A file with a .pif extension and a randomly generated name.
The worm is activated when the user opens the attached file.
Once launched, the worm installs inself to the system and starts propagating.
Installation:
When installating, the worm copies itself to the Windows directory under the name EastAV.exe and registers this file in the system registry auto-run key:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
 ”EastAV”=”%windir%\EastAV.exe”
Mass mailing
The worm searches for files with the extensions listed below:
adb
asp
cfg
cgi
dbx
dhtm
doc
eml
htm
html
jsp
mbx
 mdx
mht
mmf
msg
nch
ods
oft
php
pl
ppt
rtf
sht
 shtm
stm
tbb
txt
uin
vbs
wab
wsh
xls
xml
harvests email addresses and sends copies of itself to all addresses found.

Setup:
Spy Sweeper 5.3 is available for retail purchase or download, with or without antivirus enabled. We question why Webroot would make antivirus an option–shouldn’t it be standard? In light of this, we recommend buying the antispyware version only at $29. Current Spy Sweeper customers’ apps will be automatically upgraded to version 5.3 (with an option to enable antivirus for $10 more). We suggest all Spy Sweeper users wait and purchase the antivirus component in a future release. Note: the trial copy of Spy Sweeper will not remove any spyware it identifies unless you purchase the full product; we think this is wrong, and a crude way to force sales.
We experienced no difficulties installing Spy Sweeper 5.3 with Antivirus. After installation, we were asked to reboot our system.
Should you decide to uninstall Spy Sweeper, Webroot includes an uninstall icon on the All Programs list. After rebooting, we found no trace of Spy Sweeper in the Program Files directory or the system registry.
Interface:
The Spy Sweeper 5.3 with Antivirus interface remains unchanged from that of Spy Sweeper 5, with the exception of a tiny upper-right corner panel informing you whether antivirus protection has been enabled. Webroot’s integration of Sophos is invisible; for example, there’s no separate configuration page for antivirus scans, which initially started us wondering just how much antivirus protection exists within Spy Sweeper.

To tweak antispyware scans for individual files or folders, simply use the various Spy Sweeper configuration screens; however, we could find no separate configuration options for the antivirus part of the product, such as protective settings to block incoming viruses from e-mail or IM, a setting found in many traditional antivirus products.
Spy Sweeper’s interface is crisp and intuitive, the result of many hours of user-interface testing. For example, we like that during a scan, the color-coded tabs on the scan page mark your progress: Sweeping, Quarantine, and Summary.

Performance:
Webrot Spy Sweeper 5.3 is very slow at a scanning, requiring more than one hour to scan our Acer Travelmate 8200 laptop; other antispyware products completed their respective scans in around 20 minutes. That said, Spy Sweeper’s remains one of the better antispyware apps we tested. In exclusive testing by CNET Labs, Spy Sweeper’s active shields identified and blocked seven out of eight spyware samples we attempted to install, missing only one generic Trojan, Compare-prices.zip. For scanning and removing existing spyware samples, Spy Sweeper’s caught six out of eight. As for the removal itself, in a majority of the cases Spy Sweeper left some spyware residue behind, removing only three of the eight samples, creating the possibility that some of the sample spyware could reinstall itself. This last criteria sunk Spy Sweeper’s overall performance score. Webroot says Spy Sweeper removes only as much of the potential spyware as necessary to disable it, but we found competing antispyware apps removed all traces of some of the same samples that Webroot chose to leave behind, so that argument didn’t wash.

Spyware is a crafty and insidious threat, so you need good tools to combat it. Some anti-spyware programs can stop most attacks, but none stop enough.
You woudn’t use an antivirus app that failed to block or remove every virus it might reasonably encounter, yet anti-spyware apps that stop only about a third of the threats are often deemed acceptable, and ones that capture three out of four are praised as excellent. (We admit that we’ve been so desperate for some protection that we’ve been guilty of the latter ourselves at times.) It’s almost enough to make us throw up our hands in defeat—almost, but not quite. Unfortunately, even this subpar protection is better than none—and better than what you’ll find included with most security suites.
We evaluated nine antispyware apps that were updated fairly recently. Their results, on the whole, were an improvement over past versions—an encouraging sign. We tested the products on their ability to block spyware and keyloggers from installing on a clean system, as well as their success at removing the malware on an already-infected system. To avoid conflicts, you should use only one antispyware tool to block incoming attacks, but we strongly recommend that you use two or more to scan your system regularly, in the hope that each will cover the gaps in the other’s protection. And, of course, you’ll still need to keep your wits about you to lessen your chances of getting screwed by spyware.
 

The new Panda Internet Security 2007 offers the most complete protection so you can use the Internet with absolute peace of mind. It prevents data theft (login details, credit card numbers, etc.) and protects you from other Internet threats, such as viruses, spyware, hackers and online fraud. And now, for each Panda Internet Security 2007 product purchase, you will obtain protection for up to 3 PCВ’s!

Also includes:
- Panda Antivirus
- Panda AntiSpyware
- Panda Firewall
- Panda Identity Protect
- Panda AntiSpam
- Panda Parental Control
 
Key features:
Panda Identity Protect: Secures your personal data.  Personal data theft (account and credit card numbers, login details, etc.) is becoming a major threat to your security. With Panda Internet Security 2007, no one can access your data without your permission. Continue Reading »