Threat Description:
W32.Scrshotvid is a self-replicating computer worm that tends to propagate via removable media, or as a hidden component of downloaded files that seem harmless. The biggest risk arising from W32.Scrshotvid intrusion is that of privacy violation probability. This nefarious parasite is able to open security holes in the compromised system from the inside. These so-called backdoors will be used to further establish a stealthy connection with an external server which is hackers’ analytic center. Along with this obscure indirect influence, W32.Scrshotvid is as well capable of uploading dangerous files onto the targeted OS thus making the PC exposed to many other infections such as spyware, trojans, rogue antivirus tools etc. W32.Scrshotvid is sensitive to the stuff being typed by the infected PC’s user. It records these data and sends them to cyber criminals for further processing. These can be your credit card details, passwords and other personally identifiable information which is strictly private.
Rootkit.Win32.Agent.pp Description:
Rootkit.Win32.Agent.pp is a pseudo-infection being exploited by Malware Defense scareware in order to frighten its victims into buying the registered version of this nasty software product. Actually, Rootkit.Win32.Agent.pp is a real computer parasite that records a PC user’s keystrokes and transmits these data to a remote analytic center run by hackers. But in the framework of Malware Defense rogueware distribution schemes, Rootkit.Win32.Agent.pp is being exploited as just a scary-sounding puppet infection that is supposed to get people greatly alarmed and inclined to install whatever software is suggested – just to get rid of this virus. Malware Defense fake anti-spyware tends to trigger alerts like the one shown below, saying that Rootkit.Win32.Agent.pp worm has been intercepted on your PC and must be neutralized immediately
Worm.PoeBot.KY Description:
Worm.PoeBot.KY (also known as Virus/Win32.Virut.av or Backdoor:Win32/Poebot.BD) is a computer worm that spreads across PC networks using host system exploits and security vulnerabilities. Worm.PoeBot.KY establishes a hidden connection with an external server and drops its own executables into a phony Recycle Bin directory so as to disguise and hide inside the compromised Operating System. The above might sound a bit confusing but this precisely exemplifies the intricacy of malware applications nowadays. Sad to know, Worm.PoeBot.KY may perform the function of a keylogger that records the user’s typed symbols in order to send this private information to a remote IP. Worm.PoeBot.KY can also corrupt and distort the system files and vital processes running on the compromised system. Considering the fact that Worm.PoeBot.KY is a privacy hazard, it should be removed once intercepted on your PC.
Worm.Win32.NetSky Description:
If you happen to receive alerts about the detection of Worm.Win32.NetSky virus on your computer, you should realize that there’s something malicious going on inside your computer system. Trickily enough, the actual malware problem you are facing is not Worm.Win32.NetSky itself – it’s the counterfeit antivirus program that is to worry about. The spyware alerts allegedly reporting Worm.Win32.NetSky are being triggered by the dangerous rogue anti-spyware tool called Internet Security 2010 which has been in rotation for around 6 months now. When Internet Security 2010 secretly finds itself inside your computer, it tends to display fake spyware interception alerts like the one whose snapshot we’ve provided below. Please abstain from clicking any buttons on such fake warning messages or else you will unknowingly trigger an almost irrevocable procedure of scareware invasion of your machine.
Virus.Win32.Hala.a Description:
Virus.Win32.Hala.a is a PC parasite whose belonging to a particular malware category is being argued over, most IT experts being inclined to consider it a computer worm because it self-replicates and possesses some more corresponding characteristic features. However, Virus.Win32.Hala.a seems to have found itself a new application sphere lately – it’s being exploited as a scare application in the framework of distributing Additional Guard and other rogue anti-spyware programs belonging to the same family. Please, take a look at the screenshot below – it’s a Security Center Alert that mentions Virus.Win32.Hala.a as a virus that potentially threatens your PC security and must be blocked. You should bear in mind that such alert is a fake one which tries to make you install Windows Police Pro scareware. Hence, you don’t literally need to delete Virus.Win32.Hala.a infection; you should uninstall the malicious program that triggers fake ads like that.
Net-Worm.Win32.Mytob.t Description:
Net-Worm.Win32.Mytob.t is being actively used for paving the distribution paths of rogue anti-spyware. The snapshot below shows a fake warning message triggered by Windows Police Pro scareware application. As you can see, Net-Worm.Win32.Mytob.t is claimed to be a piece of suspicious software that contaminates computers running Windows OS; and it’s stated to have been detected on your computer. Actually, that’s just a trick applied by Windows Police Pro to scare you and make you believe you really have this odd PC worm on your machine. Having intimidated you this way, Windows Police Pro rogueware creators are hoping to win your trust and get you installing and buying the full commercial version of their scamware. Consequently, you should bear in mind that Net-Worm.Win32.Mytob.t alerts are misleading; that Security Center Alerts like the one below are not to be trusted; and last but not least – the messages about Net-Worm.Win32.Mytob.t being detected are a sign of Windows Police Pro fake anti-spyware invasion.
Backdoor.Win32.Hupigon Worm Description:
Backdoor.Win32.Hupigon (aka Backdoor.Win32.Hupigon.fixn or Hupigon.fixn) is a computer worm that infects one’s OS secretly and challenges the user’s privacy by stealing confidential information. That’s the encyclopaedic knowledge. However, Backdoor.Win32.Hupigon worm is known to have been lately exploited in the scareware campaign meant for pushing the rogue antivirus product called Windows Antivirus Pro. In this particular role, Backdoor.Win32.Hupigon is mentioned on deceptive alerts triggered by vundo trojans related to Windows Antivirus Pro malware. It’s the trojans that are responsible for triggering the false ads reading “Windows Antivirus Pro has denied internet access of the program”. Those bogus alerts blame Backdoor.Win32.Hupigon.fixn for compromising the user’s privacy through personal data theft and transmission to remote attackers. The two options available on Backdoor.Win32.Hupigon alerts are as follows: “Yes, Activated Windows Antivirus Pro” and “No, Activate later”.
INF/Conficker Worm Description:
INF/Conficker is a computer infection whose basic objective is to propagate the notorious Conficker worm via Autorun.inf files. In other words, INF/Conficker is responsible for transmitting Conficker infection from one computer to another and does this by injecting itself into removable drives or adjacent drives and networks. INF/Conficker is also known to be capable of disabling security software installed on the compromised computer. INF/Conficker may block access to websites providing downloadable PC security solutions. In addition, INF/Conficker uses rootkit techniques to hide its presence on the infected machine, so in complex with disabled antivirus software, this feature of INF/Conficker makes this worm pretty much undetectable. Therefore, it’s the most complicated thing to expose INF/Conficker on one’s computer or on removable drives.
I-Worm.Trojan.b Worm Description:
If you are getting alerts that say you have I-Worm.Trojan.b, it doesn’t necessarily mean your computer is actually infected with that virus. The reason for triggering those alerts is the malicious activity of trojans and a browser hijacker inside your system. The most common way for the malware to manifest itself is through browser redirection to a certain strange website when you are trying to look something up on the internet. Once you get diverted, you will view a pathetic imitation of Windows Security Center alert that says: “Virus (I-Worm.Trojan.b) was found on your computer! Click OK to install System Security Antivirus”. Consequently, it looks like the whole hijacker and pop-up story aims to make you install and purchase the promoted program, i.e. System Security 2009 (aka System Security Antivirus or System Security). FYI: System Security 2009 is a fake spyware remover that uses tactics of scaring its victims into installing its licensed software.
Conficker.C Description:
Conficker.C (also known as Conficker C or W32/Conficker.C) is a computer infection representing the infamous family of Conficker (aka Downadup) worms. According to some experts’ estimates, the active launch of Conficker.C invasive campaign is planned around April.1 but the preliminary attacks are being observed during the last few weeks. Conficker.C is not expressly aggressive and usually remains hidden until you detect its presence in your system using reliable PC security utilities. However, Conficker.C is extremely dangerous in terms of its latent impact on the user’s privacy and computer security. Conficker.C is known to disable the vital protective functions of the compromised machine by disabling the antivirus software updates and preventing the victims from visiting security web resources offering anti-malware solutions. Conficker.C is capable of tracking the victims’ computer activities and even records keystrokes subsequently sending these harvested confidential data to scammers who sell them to interested third parties having malicious purposes.