http://www.fortiguard.com/ en Copyright 2010 Fortinet Inc. All Rights Reserved Thu, 02 Sep 2010 14:50:09 -0800 Visible Symptoms

• The following files exist:
  
  
  • %System%\yise.ero
  • %System%\4.tmp


• It deletes itself from the current folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Sasfis.BLR!tr.dldr http://www.fortiguardcenter.com/ve?vn=W32/Sasfis.BLR!tr.dldr Wed, 01 Sep 2010 00:00:00 -0800 Visible Symptoms

• The following files exist:
  
  
  • %SYSTEM%\yise.ero
  • %TEMP%\[Number].tmp


• It deletes itself from the current folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Agent.EO!tr http://www.fortiguardcenter.com/ve?vn=W32/Agent.EO!tr Tue, 24 Aug 2010 00:00:00 -0800 Visible Symptoms

• The following files exist:
  
  
  • %SYSTEM%\yise.ero
  • %TEMP%\[Number].tmp


• It deletes itself from the current folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Agent.YB!tr http://www.fortiguardcenter.com/ve?vn=W32/Agent.YB!tr Tue, 24 Aug 2010 00:00:00 -0800 Visible Symptoms

• The following files exist:
  
  
  • %Application Data\%Piiz\mahi.exe
  • %Application Data\%Sodeir\fyyk.tmp
  • %Application Data\%Sodeir\fyyk.yhz


• It deletes itself from the current folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Agent.ELI!tr http://www.fortiguardcenter.com/ve?vn=W32/Agent.ELI!tr Tue, 24 Aug 2010 00:00:00 -0800 Visible Symptoms

• Visible symptoms vary.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Krypt.B!tr.dldr http://www.fortiguardcenter.com/ve?vn=W32/Krypt.B!tr.dldr Tue, 24 Aug 2010 00:00:00 -0800 Visible Symptoms

• This malware tries to execute some Javascript codes from a remote location. There may be no visible symptoms.

]]> http://www.fortiguardcenter.com/ve?vn=JS/Agent.FNR!tr http://www.fortiguardcenter.com/ve?vn=JS/Agent.FNR!tr Mon, 23 Aug 2010 00:00:00 -0800 Visible Symptoms

• Visible symptoms vary.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Katusha.MK!tr http://www.fortiguardcenter.com/ve?vn=W32/Katusha.MK!tr Mon, 23 Aug 2010 00:00:00 -0800 Visible Symptoms

• An interface for a fake antivirus application is displayed.
• A copy of the malware may exist in an existing subfolder in the Program Files folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/FakeAV.TI!tr http://www.fortiguardcenter.com/ve?vn=W32/FakeAV.TI!tr Mon, 23 Aug 2010 00:00:00 -0800 Visible Symptoms

• Possible firewall alert that an executable program is attempting to connect to the Internet.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Agent.AQLJ!tr http://www.fortiguardcenter.com/ve?vn=W32/Agent.AQLJ!tr Fri, 20 Aug 2010 00:00:00 -0800 Visible Symptoms

• The following files exist:
  
  
  • %AppData%\[RANDOM_NAME]\[RANDOM_NAME].exe
  
  where:
  
    %AppData% is a variable that refers to the directory that serves as a common repository for application-specific data.
    {RANDOM_NAME} refers to the file name that had been generated by a random mechanism.


• It deletes itself from the current folder.

]]> http://www.fortiguardcenter.com/ve?vn=W32/Zbot.MMV!tr http://www.fortiguardcenter.com/ve?vn=W32/Zbot.MMV!tr Thu, 19 Aug 2010 00:00:00 -0800