YouTubeVideoGrabber is a trojan horse, which writes these files on your hard disk: note these virus also contains description:
AdultLinksQ.bar: Cagetory:Browser Plug-in - Risk Level: High
Adwarehookdump: Cagetory: Adware - Risk Level: Moderate
Adwarehookdump:Cagetory: Adware - Risk Level: Moderate
Adwarehookdump:Cagetory: Adware - Risk Level: Moderate
Adwarehookdump:Cagetory:Adware - Risk Level:Moderate
Adwarehookdump:Cagetory: Adware - Risk Level:Moderate
Flex IP Trojan:Cagetory:Trojan - Risk Level: Moderate
Flex IP Trojan:Cagetory:Trojan - Risk Level: Moderate
Flex IP Trojan:Cagetory:Trojan - Risk Level: Moderate
Flex IP Trojan:Cagetory:Trojan - Risk Level: Moderate
Exploit.WebViewForYOU!! Cagetory:Adware - Risk Level: High
Exploit.WebViewForYOU!! Cagetory:Adware - Risk Level: High
Exploit.WebViewForYOU!! Cagetory:Adware - Risk Level: High
Exploit.WebViewForYOU!! Cagetory:Adware - Risk Level: High
Adrevolver.com Cagetory:Cookie - Risk Level: Minor
AdServer.com Cagetory:Cookie - Risk Level:Minor
Bravenet.com Cagetory:Cookie - Risk Level:Minor
Adrevovler.com Cagetory:Cookie - Risk Level:Minor
Bravenet.com Cagetory:Cookie - Risk Level:Minor
statcounter.com Cagetory:Cookie - Risk Level:Minor
Spyshield Cagetory: Cookie - Risk Level:Minor
ContraVirus v2.0: Cagetory: Unknown - Risk Level: Very High
These files will end up making a fake error. The next time you run the computer, the fake error appears as:
The installation is not sucsessful.
IF YOU SEE THIS MESSAGE IN THE INSTALLATION, DO NOT PRESS OK. IT WILL WRITE THE VIRUSES ON YOUR COMPUTER ABOVE
yes i know this because i was in the middle of looking for viruses yeah and then i came accros this one.
The effect of this virus is: Unknown
--Answer these questions:
Does your computer run slower than normal?
Do you keep getting pop ups every page you open?
Does your computer pause most of the time?
Does your computer crash or pauses every page you open?
If you answered 2 to 3 of these questions as yes, then you might have spyware.
Millions of software that are free are mostly viruses.
Viruses can access your personal information, letting the people who sent it know where you live!
It is recomended that you leave a firewall on, or download a anti - virus program ( be careful, if you are downloading a anti virus program from another website rather than the original one that is the website of the company that made it, because sometimes instead it might be a virus!)
Trojans are viruses that pretend to be software.
Wormholes are viruses that spread by email, live chat and games.
Viruses are like..
Continue at this symbol --
Keyboard Recorders are programs that record everything you type while you are typing a username or password. this is the most dangerous.
If you recieve a email saying something about you did something but you know you didnt, it should be somebody copying somebody elses stuff. Do not open the link if there is one.
As of October 6, 2005, 5:52 am TrendLabs has declared a Medium risk alert in order to control this new SOBER variant that is currently spreading in USA, Japan, and Germany.
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Comments/Suggestions
We would like to know what you think about the Behavior Diagram, our latest Virus Encyclopedia feature. Please click here to send us your comments, suggestions, or feedbacks.
Malware Overview
This worm propagates via email messages. It uses its own SMTP engine to send a copy of itself as an attachment to target email addresses. This routine ensures that this worm is not dependent on any application installed on the system to perform its mailing routine. This also ensures that the mailing routine remains transparent to the user, such that affected users may not be aware that email messages are being sent from their machines.
It gathers the said addresses from files with certain extensions on an affected system. Most of the files with the said extensions are related to the Web pages visited by an affected user. This worm gathers these types of files under the assumption that visited Web pages may contain text strings that refer to email addresses.
The image below is a sample of the email messages that this worm sends out:
(Note: This worm can also send email messages in German.)
Upon execution, it displays the following error message, which may mislead affected users into thinking that the file is corrupted, and therefore does not perform malicious routines:
It terminates the originally executed file and control is passed over to a dropped copy. It then displays the following error message:
This worm performs antivirus retaliation by searching the affected system's process list for MRT.EXE. When found, it then displays the following fake message in order to trick users into thinking that no viruses or other malware have been found on the machine:
Upon display of the said message, the process MRT.EXE is terminated.
(Note: MRT.EXE is the process for the Microsoft Windows Malicious Software Removal Tool.)
This worm employs the same routine when terminating active Live Update RAS connection, which is used by an antivirus application to download virus pattern updates. When found, this worm terminates the connection and displays the following fake message:
Thank you for using LiveUpdate. All of the Symantec
products and components are currently up-to-date.
Otherwise, it displays the following message:
No Connection!
It also drops a number of files, which aid its mass-mailing routine. The said routine consumes bandwidth that can slow down an affected network's processes.
In addition, on systems running Windows XP Service Pack 2, this worm prevents the affected system from connecting to a network. The said action greatly limits the system's capabilities and further renders the said system vulnerable to this worm's malicious routines.
Create a free website at Webs.com