Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - April 11, 2005

by Marianna Schmudlach / April 11, 2005 1:10 AM PDT

Troj/Agent-DH
Summary

Aliases BackDoor-COC
Trojan.Win32.Dialer.gq

Type Trojan

Troj/Agent-DH is a backdoor Trojan.
Troj/Agent-DH will contact a preconfigured remote location to report that the computer has been infected and will then await backdoor commands. Troj/Agent-DH can be used to download, upload, modify and run executable files. The Trojan can also be used to modify registry entries and kill processes.

http://www.sophos.com/virusinfo/analyses/trojagentdh.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - April 11, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - April 11, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/VB-SP
by Marianna Schmudlach / April 11, 2005 1:12 AM PDT

Type Worm

W32/VB-SP is a worm for the Windows platform that replicated by writing itself to any floppy disks used in the computer. The worm executable appears to be a Microsoft Word document, and when executed displays a message box with title "Microsoft Word" and text "Microsoft Word could not open this document".

http://www.sophos.com/virusinfo/analyses/w32vbsp.html

Collapse -
Troj/Dloader-LF
by Marianna Schmudlach / April 11, 2005 1:13 AM PDT
Collapse -
Troj/Small-EE
by Marianna Schmudlach / April 11, 2005 1:15 AM PDT

Aliases Downloader-GS


Type Trojan

Troj/Small-EE is a backdoor Trojan which can be used as a proxy server and is capable of downloading and executing arbitrary files.
To avoid detection, Troj/Small-EE may delete netlog.exe on startup.

http://www.sophos.com/virusinfo/analyses/trojsmallee.html

Collapse -
Troj/Shuckbot-A
by Marianna Schmudlach / April 11, 2005 1:16 AM PDT
Collapse -
W32/Mytob-AB
by Marianna Schmudlach / April 11, 2005 1:17 AM PDT

Type Worm

W32/Mytob-AB is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
W32/Mytob-AB is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-AB will create another file in the root folder named hellmsn.exe. This file is detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytobab.html

Collapse -
W32/Mytob-Y
by Marianna Schmudlach / April 11, 2005 1:19 AM PDT

Aliases Net-Worm.Win32.Mytob.w
Worm.Mytob.T-2
WORM_MYTOB.AI

Type Worm

W32/Mytob-Y is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
The worm is capable of spreading itself using the LSASS (MS04-011) exploit vulnerability.
W32/Mytob-Y also drops a file C:\hellmsn.exe. This file is being detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytoby.html

Collapse -
W32/Mytob-Z
by Marianna Schmudlach / April 11, 2005 1:21 AM PDT

Type Worm

W32/Mytob-Z is a mass-mailing worm and Trojan with an IRC backdoor.
W32/Mytob-Z is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-Z harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobz.html

Collapse -
W32/Mytob-AA
by Marianna Schmudlach / April 11, 2005 1:23 AM PDT

Aliases Net-Worm.Win32.Mytob.v
W32/Mytob.t@MM
Worm.Mytob.Y

Type Worm

W32/Mytob-AA is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
The worm is capable of spreading through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-AA harvests email addresses from files on the infected computer and from the Windows address book.
The worm also attempts to set up an FTP server, an IRC server and a web proxy server.
W32/Mytob-AA drops a file C:\hellmsn.exe. This file is being detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytobaa.html

Collapse -
W32/Mytob-X
by Marianna Schmudlach / April 11, 2005 1:24 AM PDT

Aliases WORM_MYTOB.AH

Type Worm

W32/Mytob-X is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
W32/Mytob-X is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-X also creates the helper file hellmsn.exe (detected by Sophos as W32/Mytob-D) in the root folder.

http://www.sophos.com/virusinfo/analyses/w32mytobx.html

Collapse -
W32/Tirbot-D
by Marianna Schmudlach / April 11, 2005 9:28 AM PDT

Type Worm

W32/Tirbot-D is a network worm with backdoor functionality for the Windows platform.
The worm spreads to network computers vulnerable to the LSASS vulnerability (MS04-011) and through network shares protected by weak passwords.
The backdoor component joins one of 4 predetermined IRC channels and awaits further commands from remote users. The backdoor component can then be instructed to perform the following:
Take part in distributed denial of service (DDoS) attacks
Upload/download files
Execute files
Serve as a proxy server
Harvest information from the system registry
Report filesystem information
List running processes
Scan for the presence anti-virus software
Terminate running processes
Remove registry entries

http://www.sophos.com/virusinfo/analyses/w32tirbotd.html

Collapse -
W32/Mytob-AV
by Marianna Schmudlach / April 11, 2005 9:31 AM PDT

Type Worm

W32/Mytob-AV is a mass-mailing worm with backdoor functionality that targets users of Internet Relay Chat programs.
W32/Mytob-AV is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32mytobav.html

Collapse -
W32/Mytob-AW
by Marianna Schmudlach / April 11, 2005 9:33 AM PDT

Type Worm

W32/Mytob-AW is a mass-mailing worm with backdoor functionality that targets users of Internet Relay Chat programs.
W32/Mytob-AW is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32mytobaw.html

Collapse -
Troj/Agent-DJ
by Marianna Schmudlach / April 11, 2005 9:35 AM PDT

Type Trojan

Troj/Agent-DJ is a Trojan for the Windows platform.
Troj/Agent-DJ is capable of spying on a user's browsing habits, modifying Internet Explorer settings, downloading further executables and displaying popup advertisements.
When first run, Troj/Agent-DJ will drop and register a DLL that is also detected as Troj/Agent-DJ.

http://www.sophos.com/virusinfo/analyses/trojagentdj.html

Collapse -
W32/Mytob-AL
by Marianna Schmudlach / April 11, 2005 9:37 AM PDT

Aliases Net-Worm.Win32.Mytob.t
W32/Mytob.u@MM

Type Worm

W32/Mytob-AL is a mass-mailing worm with backdoor functionality that targets users of Internet Relay Chat programs.
W32/Mytob-AL is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-AL harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobal.html

Collapse -
Troj/Bdoor-HN
by Marianna Schmudlach / April 11, 2005 9:38 AM PDT
Collapse -
Troj/Ablank-Q
by Marianna Schmudlach / April 11, 2005 9:40 AM PDT

Aliases StartPage-DU.dll
Trojan.Win32.StartPage.uz

Type Trojan

Troj/Ablank-Q is a Trojan for the Windows platform.
Troj/Ablank-Q is a DLL file that may be dropped by members of the Troj/Ablank family of Trojans. Troj/Ablank-Q may display popup advertisements.

http://www.sophos.com/virusinfo/analyses/trojablankq.html

Collapse -
W32/Mytob-AB
by Marianna Schmudlach / April 11, 2005 12:16 PM PDT

Type Worm

W32/Mytob-AB is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
W32/Mytob-AB is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-AB will create another file in the root folder named hellmsn.exe. This file is detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytobab.html

Collapse -
W32/Mytob-Y
by Marianna Schmudlach / April 11, 2005 12:18 PM PDT

Aliases Net-Worm.Win32.Mytob.w
Worm.Mytob.T-2
WORM_MYTOB.AI

Type Worm

W32/Mytob-Y is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
The worm is capable of spreading itself using the LSASS (MS04-011) exploit vulnerability.
W32/Mytob-Y also drops a file C:\hellmsn.exe. This file is being detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytoby.html

Collapse -
W32/Mytob-Z
by Marianna Schmudlach / April 11, 2005 12:24 PM PDT

Type Worm

W32/Mytob-Z is a mass-mailing worm and Trojan with an IRC backdoor.
W32/Mytob-Z is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-Z harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobz.html

Collapse -
W32/Mytob-AA
by Marianna Schmudlach / April 11, 2005 12:25 PM PDT

Aliases Net-Worm.Win32.Mytob.v
W32/Mytob.t@MM
Worm.Mytob.Y

Type Worm

W32/Mytob-AA is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
The worm is capable of spreading through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-AA harvests email addresses from files on the infected computer and from the Windows address book.
The worm also attempts to set up an FTP server, an IRC server and a web proxy server.
W32/Mytob-AA drops a file C:\hellmsn.exe. This file is being detected by Sophos as W32/Mytob-D.

http://www.sophos.com/virusinfo/analyses/w32mytobaa.html

Collapse -
W32/Mytob-X
by Marianna Schmudlach / April 11, 2005 12:27 PM PDT

Aliases WORM_MYTOB.AH

Type Worm

W32/Mytob-X is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
W32/Mytob-X is capable of spreading through operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-X also creates the helper file hellmsn.exe (detected by Sophos as W32/Mytob-D) in the root folder.

http://www.sophos.com/virusinfo/analyses/w32mytobx.html

Collapse -
concerning lates trojan
by T8TR / April 12, 2005 12:00 AM PDT

i downloaded the file you posted. it is not recognized by windows. when i click to find it and use file tech, i come up with borland company. i'm confused. should this file protect me or find this trojan> i cant tell based on what you posted. thank you

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.