rundll16.exe

April 23, 2010 1:10:14 AM CEST

McAfee DAT 5958 Issues

April 15, 2009 10:17:00 AM CEST

Trojan-Dropper.Win32.Agent.albv – This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size. Installation The Trojan copies its executable file as follows: %WinDir%\system\svhost.exe In order to...

September 25, 2009 1:51:00 PM CEST

Backdoor.Win32.Clampi.a – This Trojan spy program is designed to steal confidential user data and remotely manage the victim machine. It is a Windows PE EXE file. It is 470 bytes in size. Installation When launched, the Trojan creates the following file: %AppData%\.exe

February 4, 2010 9:25:24 AM CET

What happened to the automatic actions in the Boot-time scan? – Since the release of avast v5.0, we have heard quite a few times the question “where do I set up the automatic actions for the boot-time scan”? As a matter of fact, we decided to remove this feature from avast 5 and this short post will try to explain why. The reason why the boot-time scan [...]

April 15, 2009 11:17:00 AM CEST

Trojan-Dropper.Win32.Agent.albv – This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size. Installation The Trojan copies its executable file as follows: %WinDir%\system\svhost.exe In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link...

January 6, 2010 5:54:26 PM CET

Windows 7 – XP Mode – In my last blog, we have discussed the kernel API refactoring in Windows 7, today we are going to look at a new feature of Windows 7 – XP Mode, which is a combined solution of Virtualization and RemoteApp technologies. For quick understanding on Windows XP Mode, let’s look at an excerpt from Wikipedia about its [...]

September 28, 2009 1:21:14 PM CEST

Trojan Downloader.Agent.UZM – A new Trojan Downloader was spammed today. Trojan is attached in zip archive to emails in HTML format with subject "Hot game" and body text that claims some Angelina Jolie or Lara Croft undressing game. xgame.zip attachment contains xgame.exe (20992B) which drops executes and deletes kernel driver C:\WINDOWS\System32\drivers\runtime.sys and downloads another downloader smartdrv.exe. runtime.sys runs injects and hides Iexplore.exe process and downloads another components. xgame.exe is detected as Trojan Downloader.Agent.UZM, smartdrv.exe is detected as Trojan Downloader.Agent.UZN, runtime.sys is detected as Trojan Downloader.Agent.THW and other downloaded components are detected as several variants of Trojan Backdoor.Ntrootkit.

October 5, 2009 3:55:41 PM CEST

I-Worm/Nuwar – We have a new wave of spammed mail messages containing link directing users to website where the worm could be downloaded. Emails contains short text and IP address of currently working pages with worm. In this case downloaded filename is withlove.exe and it's about 115kB in size. Websites and worm files changes every few minutes. AVG detects withlove.exe as I-Worm/Nuwar.L.

September 28, 2009 1:21:14 PM CEST

I-Worm/Nuwar – Propagation method of new Nuwar variant is still similar to its precedessors. Spammed mails with link in IP format directs users to the worm web pages where the users are prompted to download one of the worm files with the name funny.exe. Names of other downloadable files are kickme.exe and foolsday.exe. AVG detects this threat as I-Worm/Nuwar.R.

April 22, 2010 12:40:24 PM CEST

McAfee and SEO poisoning: there but for the grace… – ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please [...]

» The Latest Computer Security News