ctfmor.exe
Saturday, 04 February 2012 13:41
The name ctfmor.exe has appeared in a virus analysis report. You can see it on this link
It tries to change the internet settings of the affected computer by running a PAC configuration file.
- The installer is of about 682 KB. It could be a virus Trojan Infostealer Bancos/ Banker/Banbra.
- It has threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.
- It may stop services ALG/ Application Layer Gateway Service, SharedAccess/ Windows Firewall/Internet Connection Sharing (ICS)
- Trojan.Bancos runs silently in the background to monitor web browser activities. It can create fake login page for certain banking sites which is used for stealing usernames and passwords which can be sent to the attacker via e-mail.
- It may modify the hosts file so as to redirect or block sites. Or it deletes the hosts file.
- It may delete safeboot registry keys. This will prevent the computer from starting in safe mode. The remedy to this problem is to reinstall windows.
- According to Symantec
The Trojan is most often spread by way of an email containing a social engineering trick such as a fake email from a bank asking the user to run the attached program and perform some other actions to verify their banking details. If the user complies with the request they could potentially reveal their account access information which may lead to significant financial loss.
You can read the the writeup at Symantec on this link
It creates ctfmor.exe and other files on the infected computer that you need to search and delete. You should also remove the entries of these files from the windows startup.
wusa32.exe
Friday, 03 February 2012 13:29
A suspicious files name wusa32.exe has appeared in a virus analysis report. You can see it on this link
- The installer of this virus is of about 3.53 MB. It may be detected by antivirus programs as
packed with: PE_Patch [Kaspersky Lab] - It creates registry entries so that wusa32.exe and other malicious files run at startup
- It creates malicious service named SystemCacheControl/ System Cache Control. You need to stop this service before you can delete its exe file
- It changes the proxy server settings on the computer.
It creates wusa32.exe and other files on the infected computer that you need to search and delete. You should end running processes named wusa32.exe from Task Manager. And also remove the file's entries from windows startup.
sey.exe
Last Updated on Friday, 03 February 2012 12:03 Friday, 03 February 2012 11:59
A suspicious file name sey.exe has appeared in a virus analysis report. You can see it on this link
- The installer of this virus is of about 376 KB. It may be detected by antivirus programs as
Trojan.Gen [PCTools]
Trojan.Gen.2 [Symantec]
Trojan.Win32.Buzus.ixwh [Kaspersky Lab]
Generic.bfr!de [McAfee]
TROJ_BUZUS.SMUJ [Trend Micro]
Mal/Behav-328 [Sophos]
Trojan:Win32/Malagent [Microsoft]
Trojan.Win32.Buzus [Ikarus] - It creates registry entries so that sey.exe and other malicious files run at startup
It creates sey.exe and other files on the infected computer that you need to search and delete. You should end running processes named sey.exe from Task Manager. And also remove the file's entries from windows startup.
More Articles...
Page 1 of 1459
«StartPrev12345678910NextEnd»Search within this site
Read in your language
Main Menu
| Home |
| ----Sections---- |
| Harmful Files |
| Virus Removal |
| Trojan Removal |
| Worms Removal |
| Rogues Removal |
| Unwanted Apps |
| Removal Tools |
| Current News |
| ----Articles---- |
| Warning/ Disclaimer |
| Common Folders |
| Preventive Measures |
| Removal Instructions |
| Video Tutorials |
| ----Site Info---- |
| Sitemap |
| About/Contact |
Sanjay C Rajure