Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS April 6, 2005

by Marianna Schmudlach / April 6, 2005 1:26 AM PDT

W32/Mytob-W
Summary

Aliases Net-Worm.Win32.Mytob.q
WORM_MYTOB.W

Type Worm

W32/Mytob-W is a mass-mailing network worm with backdoor functionality that targets users of Internet Relay Chat programs.
Emails sent by W32/Mytob-W have the following characteristics:
The subject line is one of the following:
Error
Good day
Hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
The message text is one of the following lines:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The original message was included as an attachment.
Here are your banks documents
The worm is included as an attachment to the message, either as an executable file (with CMD, BAT, DOC, HTM, PIF, SCR, TMP, TXT, EXE or COM extension) or as a ZIP file containing the executable. The filename (excluding file extension) is chosen from the following list:
BODY
DATA
DOC
DOCUMENT
FILE
MESSAGE
README
TEST
TEXT


http://www.sophos.com/virusinfo/analyses/w32mytobw.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS April 6, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS April 6, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-ZY
by Marianna Schmudlach / April 6, 2005 1:29 AM PDT

Aliases Backdoor.Win32.SdBot.gen

Type Worm

W32/Rbot-ZY is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-ZY may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. The worm also opens up a backdoor, allowing unauthorised remote access to infected computers via the IRC network, while running in the background as a service process. The worm exploits vulnerabilities including: RPC-DCOM (MS04-012) and LSASS (MS04-011).
W32/Rbot-ZY can receive commands from a remote intruder to delete network shares, log keypresses, participate in DDoS attacks, scan other computers for vulnerabilities, steal passwords, steal registration keys for computer games, create administrator accounts, terminate firewall and anti-virus processes and capture video from webcameras attached to the computer.

http://www.sophos.com/virusinfo/analyses/w32rbotzy.html

Collapse -
W32/Rbot-AAA
by Marianna Schmudlach / April 6, 2005 1:31 AM PDT

Aliases Backdoor.Win32.SdBot.gen
BKDR_SDBOT.MC

Type Worm

W32/Rbot-AAA is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-AAA may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. The worm also opens up a backdoor, allowing unauthorised remote access to infected computers via the IRC network, while running in the background as a service process. The worm exploits the following vulnerabilities: WKS (MS03-049) and LSASS (MS04-011).
W32/Rbot-AAA can receive commands from a remote intruder to delete network shares, log keypresses, participate in DDoS attacks, scan other computers for vulnerabilities, steal passwords, steal registration keys for computer games, create administrator accounts, terminate firewall and anti-virus processes and capture video from webcameras attached to the computer.

http://www.sophos.com/virusinfo/analyses/w32rbotaaa.html

Collapse -
W32/Agobot-RF
by Marianna Schmudlach / April 6, 2005 1:33 AM PDT

Aliases W32.HLLW.Gaobot
WORM_AGOBOT.AAN

Type Worm

W32/Agobot-RF is worm which attempts to spread to remote network shares. It also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotrf.html

Collapse -
Troj/Bube-K
by Marianna Schmudlach / April 6, 2005 1:34 AM PDT

Aliases Virus.Win32.Bube.k

Type Trojan

Troj/Bube-K is a downloader Trojan for Windows based systems.
The Trojan contacts a pre-specified website to report its presence on the computer. Troj/Bube-K can be instructed to install software to the registry, set and delete registry entries, open Internet Explorer to a specific web page, run Explorer with specified parameters, download and execute files, and change Internet Explorer's start page.


http://www.sophos.com/virusinfo/analyses/trojbubek.html

Collapse -
Troj/Dloader-KY
by Marianna Schmudlach / April 6, 2005 1:36 AM PDT
Collapse -
Troj/PcClient-Q
by Marianna Schmudlach / April 6, 2005 1:38 AM PDT
Collapse -
Troj/Delf-KM
by Marianna Schmudlach / April 6, 2005 1:40 AM PDT
Collapse -
Troj/Verzila-A
by Marianna Schmudlach / April 6, 2005 1:42 AM PDT
Collapse -
Troj/Bdoor-ZAU
by Marianna Schmudlach / April 6, 2005 1:43 AM PDT

Type Trojan

Troj/Bdoor-ZAU is a backdoor Trojan for the Windows platform.
The Trojan listens on a randomly chosen port for connections from remote attackers. The Trojan can then be instructed to perform the following functions:
take part in distributed denial of service (DDoS) attacks
download and execute arbitrary files
Troj/Bdoor-ZAU makes repeated HTTP requests while posting details of the infection to a remote site.

http://www.sophos.com/virusinfo/analyses/trojbdoorzau.html

Collapse -
W32/Reper-A
by Marianna Schmudlach / April 6, 2005 1:45 AM PDT
Collapse -
Troj/Bancban-CC
by Marianna Schmudlach / April 6, 2005 1:47 AM PDT

Aliases Trojan-Spy.Win32.Banker.ju

Type Trojan

Troj/Bancban-CC is a password stealing Trojan for the Windows platform.
When first run Troj/Bancban-CC will email out a notification email to a predefined address informing the recipient of the computer's infection.
Troj/Bancban-CC monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email

http://www.sophos.com/virusinfo/analyses/trojbancbancc.html

Collapse -
W32/Rbot-ZZ
by Marianna Schmudlach / April 6, 2005 1:48 AM PDT

Aliases WORM_RBOT.AXM

Type Worm

W32/Rbot-ZZ is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011) and the RPC-DCOM security exploit (MS03-039).
Once installed, W32/Rbot-ZZ will attempt to participate in denial of service (DoS) attacks, download and run files from the Internet, steal CD keys, log keystrokes and setup a SOCKS4 server when instructed to do so by a remote attacker.

http://www.sophos.com/virusinfo/analyses/w32rbotzz.html

Collapse -
Troj/Dloader-LA
by Marianna Schmudlach / April 6, 2005 1:50 AM PDT

Type Trojan

Troj/Dloader-LA is a Trojan downloader for the Windows platform.
When run Troj/Dloader-LA will download a specified file from the internet as C:\cartao.scr and execute it.
cartao.scr is detected by Sophos as Troj/Bancban-CC.

http://www.sophos.com/virusinfo/analyses/trojdloaderla.html

Collapse -
Troj/Agent-DG
by Marianna Schmudlach / April 6, 2005 1:52 AM PDT

Aliases Backdoor.Win32.Agent.bg
BKDR_C.A

Type Trojan

Troj/Agent-DG is a backdoor Trojan for the Windows platform.
The Trojan contacts a website and downloads instructions. The instructions may cause the Trojan to :
Download files
Execute files
Modify registry entries

http://www.sophos.com/virusinfo/analyses/trojagentdg.html

Collapse -
Troj/Dloader-KZ
by Marianna Schmudlach / April 6, 2005 1:53 AM PDT

Type Trojan

Troj/Dloader-KZ is a downloader Trojan for the Windows platform.
Troj/Dloader-KZ will copy itself to the Windows system folder under two different predefined filenames. The Trojan will also attempt to hide itself by injecting some of its code into the Internet Explorer process space. Troj/Dloader-KZ will now be able to contact a predefined URL.

http://www.sophos.com/virusinfo/analyses/trojdloaderkz.html

Collapse -
W32/Rbot-AAC
by Marianna Schmudlach / April 6, 2005 1:55 AM PDT

Type Worm

W32/Rbot-AAC is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the RPC-DCOM security exploit (MS03-039).
W32/Rbot-AAC drops the file C:\hellmsn.exe and runs it. This file is currently being detected by Sophos as W32/Mytob-H.

http://www.sophos.com/virusinfo/analyses/w32rbotaac.html

Collapse -
Troj/Banker-MA
by Marianna Schmudlach / April 6, 2005 1:57 AM PDT

Aliases TROJ_BANKER.EY
PWSteal.Bancos.O

Type Trojan

Troj/Banker-MA is a Trojan for the Windows platform.
The Trojan displays fake login pages for certain banking sites and steals the information entered into the fake pages. This information is subsequently sent to a remote IP address via HTTP.
Troj/Banker-MA also harvests email and internet username, passwords including POP3, IMAP, HTTPMail, Internet Account Manager, Outlook Account Manager and INETCOMM Server account information.

http://www.sophos.com/virusinfo/analyses/trojbankerma.html

Collapse -
Troj/Bancos-BZ
by Marianna Schmudlach / April 6, 2005 1:58 AM PDT

Aliases TROJ_BANCOS.UG
Trojan-Spy.Win32.Banbra.bz

Type Trojan

Troj/Bancos-BZ is a password stealing Trojan for the Windows platform that targets customers of Brazilian banks.
Troj/Bancos-BZ monitors a user's internet access, and when certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.

http://www.sophos.com/virusinfo/analyses/trojbancosbz.html

Collapse -
Troj/StartPa-FO
by Marianna Schmudlach / April 6, 2005 2:01 AM PDT
Collapse -
Troj/Bancos-CA
by Marianna Schmudlach / April 6, 2005 2:02 AM PDT

Aliases Trojan-Spy.Win32.Bancos.cr
TROJ_BANCOS.TX

Type Trojan

Troj/Bancos-CA is a password stealing Trojan for the Windows platform.
Troj/Bancos-CA monitors browser activity for visits to specific internet banking websites. On detecting such activity, the Trojan will display a fake login screen for the relevant site and record keypresses in order to steal login details. Any information obtained in this manner is submitted to the author by email.

http://www.sophos.com/virusinfo/analyses/trojbancosca.html

Collapse -
W32/Rbot-AAB
by Marianna Schmudlach / April 6, 2005 2:04 AM PDT

Type Worm

W32/Rbot-AAB is an IRC backdoor Trojan and network worm.
W32/Rbot-AAB can receive commands from a remote intruder to delete network shares, log keypresses, participate in DDoS attacks, scan other computers for vulnerabilities, steal passwords, steal registration keys for computer games, create administrator accounts, terminate firewall and anti-virus processes and capture video from webcameras attached to the computer.

http://www.sophos.com/virusinfo/analyses/w32rbotaab.html

Collapse -
Troj/Dloader-LB
by Marianna Schmudlach / April 6, 2005 2:06 AM PDT
Collapse -
Troj/Mirchack-F
by Marianna Schmudlach / April 6, 2005 2:07 AM PDT
Collapse -
Troj/Haxdor-Gen
by Marianna Schmudlach / April 6, 2005 2:09 AM PDT
Collapse -
Troj/Nuclear-F
by Marianna Schmudlach / April 6, 2005 2:11 AM PDT

Aliases Backdoor.Win32.Nuclear.b

Type Trojan

Troj/Nuclear-F is a configurable backdoor Trojan for the Windows platform which allows full remote access capabilities via a remote client. The Client application allows the creation of server applets which act as the backdoor when installed on the infected computer.

http://www.sophos.com/virusinfo/analyses/trojnuclearf.html

Collapse -
WM97/Ponapi-A
by Marianna Schmudlach / April 6, 2005 2:12 AM PDT
Collapse -
Troj/Spabot-D
by Marianna Schmudlach / April 6, 2005 2:15 AM PDT

Aliases Trojan.Win32.Spabot.i
Trojan.SpBot

Type Trojan

Troj/Spabot-D is a Trojan for the Windows platform.
When run the Trojan attempts to send spam emails to random email addresses while running in the background as a process.
Troj/Spabot-D will attempt to download and run executable files.

http://www.sophos.com/virusinfo/analyses/trojspabotd.html

Collapse -
Troj/Daoser-B
by Marianna Schmudlach / April 6, 2005 2:17 AM PDT

Aliases Trojan.Win32.WebSearch.i

Type Trojan

Troj/Daoser-B is a Trojan for the Windows platform.
Troj/Daoser-B will attempt to download and run an executable file. At the time of writing, this file is detected as Troj/Zins-B. The Trojan will modify Internet Explorer's Start page.
Troj/Daoser-B may also display popups and spy on a user's web search habits.

http://www.sophos.com/virusinfo/analyses/trojdaoserb.html

Collapse -
WM97/Xaler-A
by Marianna Schmudlach / April 6, 2005 4:11 AM PDT

Aliases Virus.MSWord.Xaler.a
W97M.Lexar.A

Type Virus

WM97/Xaler-A is a macro virus for Microsoft Word.
On predefined days WM97/Xaler-A will display a message telling the user to relax while all of the files on the computer are deleted, although no files are actually deleted.

http://www.sophos.com/virusinfo/analyses/wm97xalera.html

Collapse -
Troj/Mailgrab-A
by Marianna Schmudlach / April 6, 2005 4:13 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?