SpyCrush: Old Problem, New Look

SpyCrush is a member of the Smitfraud infection class. It was previously known as SpyLocked. If you’re infected with SpyCrush, you’re likely to see pop-up bubbles like this at system start up:
“System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of [...]

How to Remove ExpertAntivirus

ExpertAntivirus makes money by convincing users to buy software that they don’t need.

W32.Banwarum@mm Discovered today

W32.Banwarum@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also spreads through the network by exploiting the Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability (as described in Microsoft Security Bulletin MS04-007). The worm also [...]

W32.Mytob.PP@mm Virus Discovered Today

W32.Mytob.PP@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
When W32.Mytob.PP@mm is executed, it performs the following actions:

Creates the following file:
%System%\taskgmr.exe
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Adds the value:
"Windows [...]

W32.Browaf Virus discovered today

W32.Browaf is a worm that sends a link to a copy of itself via Yahoo Instant Messenger and MIRC. It also modifies the Internet Explorer Home page.
Once executed, W32.Browaf performs the following actions:

Creates the following files:

%UserProfile%\Start Menu\Internet Browser.lnk
%UserProfile%\Start Menu\Programs\Startup\YMSND.lnk
%Temp%\Startup.exe
C:\YSND\Ysnd.exe
%Temp%\Browser.exe
%Temp%\FtpBrowser.exe
%Temp%\Sys.dll
%Temp%\icon.icoNote:
%Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows [...]

New Virus Discovered Today – W32.Naras

W32.Naras is a worm which infects PE files and contains rootkit and keylogging functionality.
We are curretly investigating this threat and will post more information as it becomes available.  This virus infects Windows Windows 98, Windows ME, Windows 2000, Windows NT, Windows XP.