Jump to content

Search the Community

Showing results for tags 'trojan'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • A Test Category
  • Immunet Information
    • Announcements
    • Support Documentation
    • FAQ
  • Immunet Community Discussions
    • Immunet General Forum
    • Ideas
    • Immunet Support (Issues/Defects)
    • False Positives
    • Malware Detections
    • Malware Removal
  • Immunet Local Communities
  • ClamAV For Windows Community
    • ClamAV For Windows General Forum


  • Knowledge Base
  • Installation
  • FAQs

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 4 results

  1. Js.Downloader & Html.Exploite.CVE detected by Immunet but Quarantine Failed. Please can someone advise on how to remove these? GDY
  2. Hello There are malware files which are downloadable from www.4shared.com File mp3.download_2014 glitter and gold - rebecca ferguson( somlivre2014 )_mp3_.zip which was downloaded from XXXXXXXXXXXXXXXXXXXXXX is a malware. Analysis https://www.virustot...sis/1396993428/ Antivirus Result Update AVG Win32/Themida 20140408 Ad-Aware Trojan.Packed.Libix.Gen.9 20140408 AntiVir TR/Crypt.TPM.Gen 20140408 Baidu-International Trojan.Win32.Generic.alXg 20140408 BitDefender Trojan.Packed.Libix.Gen.9 20140408 Bkav W32.HfsAutoB.30cc 20140408 CMC Packed.Win32.Black!O 20140408 Comodo Packed.Win32..Black.~A 20140408 DrWeb Trojan.Packed.650 20140408 ESET-NOD32 Win32/Packed.Themida.AAG 20140408 Emsisoft Trojan.Packed.Libix.Gen.9 ( 20140408 F-Prot W32/Themida_Packed!Eldorado 20140408 F-Secure Trojan.Packed.Libix.Gen.9 20140408 GData Trojan.Packed.Libix.Gen.9 20140408 Ikarus Packed.Win32.Themida 20140408 Jiangmin Packed.Black.Gen.a 20140408 K7AntiVirus Trojan ( 002e1e5b1 ) 20140408 K7GW Trojan ( 002e1e5b1 ) 20140408 Kaspersky HEUR:Trojan.Win32.Generic 20140408 Malwarebytes Malware.Packer.T 20140408 McAfee-GW-Edition Heuristic.LooksLike.Win32.EPO.N 20140408 MicroWorld-eScan Trojan.Packed.Libix.Gen.9 20140408 Microsoft VirTool:Win32/Obfuscator.XX 20140408 Panda Trj/Thed.A 20140408 Sophos Mal/Behav-374 20140408 TheHacker W32/Behav-Heuristic-064 20140408 Please send malware file to lab
  3. I am running the trial version of Immunet. I get warnings of a trojan located in a tmp file in one of my ../Program (86)/.. subfolders. Immunet quarantines it. I delete it, Then in a day or so, it shows up again in another subfolder. I assume there is something putting these trojans into my system after they were cleaned out. Here is the type of information I get: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\00031004.tmp is Trojan.Generic.9853649 C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\00019370.tmp is Trojan.Generic.9853649 How can I find the source of these and remove them once and for all? Thanks, I started looking through file history "All File Events" and found a place where it claims Norton is installing the trojans. The information looks like. Is this a false positive or is my Norton infected? Here is another alarm from Immunet about Norton. What is going on here. I thought Immunet was suppose to be compatable with Norton and other standard anti-virus software. Is my Norton infected or is Immunet wrong? Thanks
  4. We have received reports about a wave of malicious browser extensions trying to hijack Facebook profiles. This threat was first discovered in Brazil. We detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox. When installed, it attempts to update itself using the following URLs: Chrome browser: du-pont.info/updates/<removed>/BL-chromebrasil.crx Mozilla Firefox browser: du-pont.info/updates/<removed>/BL-mozillabrasil.xpi Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A. To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do. Depending on the file, this malware can do any of the following in the Facebook profile of an infected system: Like a page Share Post Join a group Invite friends to a group Chat to friends Comment on a post At the time of writing this blog, we have also seen the following behavior. The configuration file contains a command to post the following message in Facebook: GAROTA DE 15 ANOS VÃ?TIMA DE BULLYING COMETE SUICÃ?DIO APÓS MOSTRAR OS SEIOS NO FACEBOOK Vìdeo no link abaixo:<Currently unavailable link> It is written in Portuguese and here’s an English translation: 15 YEAR-OLD VICTIM OF BULLYING COMMITS SUICIDE AFTER SHOWING HER BREASTS ON FACEBOOK. Video on the link below: <Currently unavailable link> The above URL is unavailable and already blocked by Facebook. We also found this threat tries to "like" and "comment" on a Facebook page: It also attempts to comment on a post from this Facebook page with one of the following messages, written in Portuguese: Tenha um Celta 0km pagando R$13,00 por dia!! English translation: Get a brand new Celta paying R$13 per day!! Concurso valendo um Vale-Compras de R$1000,00! English translation: R$1000-voucher contest! Note: This message may vary depending on the configuration file.As we can see on the Facebook page, there’s a link that has been shared with about 165 comments and 167 likes. There is a possibility that these people are infected with Trojan:JS/Febipos.A. This trojan may also send out the following message via chat, posts or comments: Desculpa ai galera, mas isso eh um absurdo!!! English translation: Sorry guys, but this is ridiculous!!! Sonzinho sensação do momento. Muito show!! English translation: The coolest tune at the moment. It’s really nice! Léo Max e Renan - Rebolada de Gama (Clipe Oficial) English translation: <song title> (Official Clip) Eu, não tenho carro do ano, não tenho grana sobrando, mas chego junto e...♫♫ English translation: I don’t have a new car, I don’t have spare cash, but I get really close... It may also post links on Facebook profiles. For example, the posted link from the Facebook page in the image above redirects to a website that sells cars. At the time this blog was written, there were more users “liking” and “commenting” on the Facebook page that this malware uses – so there’s a possibility that there are more people continuing to be infected. The number of “likes” for this page grew as we analyzed this malware. When we began analysis the page statistics looked like this: Facebook page likes: 2,746 Facebook shared link likes: 167 Number of comments: 165 After several hours this had risen to: Facebook page likes: 3,177 Facebook shared link likes: 201 Number of comments: 183 All of the information above is what we found at the time of our analysis. There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection. Jonathan San Jose MMPC Here is a related article from CNET: http://news.cnet.com/8301-1009_3-57584111-83/microsoft-warns-of-new-trojan-hijacking-facebook-accounts/?tag=nl.e757&s_cid=e757&ttag=e757
  • Create New...