Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 11, 2005

Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 11, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 11, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/RKProc-B

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/Dloader-RV

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Trojan-Downloader.Win32.Agent.rs
Downloader-ADT
TROJ_DLOADER.SC

Type Trojan

Troj/Dloader-RV is a downloader Trojan for the Windows platform.
Troj/Dloader-RV included functionality to download and install software from the internet.

http://www.sophos.com/virusinfo/analyses/trojdloaderrv.html

Collapse -
Troj/Multidr-EF

In reply to: VIRUS ALERTS - August 11, 2005

Type Trojan

Troj/Multidr-EF is a Trojan installer.
The Trojan installs Troj/Dloader-RV along with two Internet Explorer toolbars.
Troj/Dloader-RV is installed as a file named aclayer.exe in the Windows sytem folder.
Files relating to the toolbars are installed in subfolders of the Program File folder named 3721 and Yisou.

http://www.sophos.com/virusinfo/analyses/trojmultidref.html

Collapse -
Troj/Hiddl-A

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/Psupda-A

In reply to: VIRUS ALERTS - August 11, 2005

Type Trojan

Troj/Psupda-A is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/Psupda-A includes functionality to inject its code into SVCHOST.EXE.
When Troj/Psupda-A is installed the following files are created and run:
<System> \Ywvpysxl.d1l
<System> \drivers\Ywvpysxl.sys
The file Ywvpysxl.d1l is detected as Troj/Psupda-A.
The file Ywvpysxl.sys is detected as Troj/RKProc-B.

http://www.sophos.com/virusinfo/analyses/trojpsupdaa.html

Collapse -
Troj/Lineage-AI

In reply to: VIRUS ALERTS - August 11, 2005

Type Spyware Trojan

Troj/Lineage-AI is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".
Troj/Lineage-AI includes functionality to:
- silently download, install and run new software
- disable other software, including anti-virus, firewall and security related applications

http://www.sophos.com/virusinfo/analyses/trojlineageai.html

Collapse -
Troj/LineaDl-A

In reply to: VIRUS ALERTS - August 11, 2005

Aliases Trojan-Downloader.Win32.Small.bet

Type Trojan

Troj/LineaDl-A is a downloader Trojan for the Windows platform.
Troj/LineaDl-A includes functionality to download, install and run new software.
Once installed Troj/LineaDl-A will attempt to download a file from a remote website to <Windows> \svchost.exe and run it. This file is detected as Troj/Lineage-AI.

http://www.sophos.com/virusinfo/analyses/trojlineadla.html

Collapse -
Troj/Mutbo-A

In reply to: VIRUS ALERTS - August 11, 2005

Aliases Trojan.Win32.Mutbot.d

Type Trojan

Troj/Mutbo-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Mutbo-A includes functionality to silently download, install and run new software and inject its code into EXPLORER.EXE.

http://www.sophos.com/virusinfo/analyses/trojmutboa.html

Collapse -
W32/Mytob-HM

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Net-Worm.Win32.Mytob.t
WORM_MYTOB.HM
W32/Mytob.GX@mm

Type Worm

W32/Mytob-HM is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-HM is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011). Emails sent by W32/Mytob-HM have the following properties:
Subject line:
document
Good day
Hello
Mail Delivery System
Mail Transaction Failed
message
readme
Server Report
Status
Message text:
'This is a multi-part message in MIME format.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
The attached file consists of a base name followed by the extentions PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE or ZIP.
Sophos's anti-virus products include Genotype ? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Mytob-HM (detected as W32/Mytob-Fam) since version 3.94.

http://www.sophos.com/virusinfo/analyses/w32mytobhm.html

Collapse -
W32/Mytob-HN

In reply to: VIRUS ALERTS - August 11, 2005

Type Spyware Worm

W32/Mytob-HN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-HN is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011). Emails sent by W32/Mytob-HN have the following properties:
Subject line:
document
Good day
Hello
Mail Delivery System
Mail Transaction Failed
message
readme
Server Report
Status
Message text:
'This is a multi-part message in MIME format.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
The attached file consists of a base name followed by the extentions PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE or ZIP.

http://www.sophos.com/virusinfo/analyses/w32mytobhn.html

Collapse -
Troj/LdPinch-BR

In reply to: VIRUS ALERTS - August 11, 2005

Aliases Trojan-PSW.Win32.LdPinch.rg

Type Spyware Trojan

Troj/LdPinch-BR is a password-stealing Trojan with backdoor functionality.
Troj/LdPinch-BR attempts to steal confidential information and send it to a remote location via HTTP or email.

http://www.sophos.com/virusinfo/analyses/trojldpinchbr.html

Collapse -
Troj/Dumaru-J

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Backdoor.Win32.Dumador.df
BackDoor-CCT
BKDR_DUMADOR.AX

Type Trojan

Troj/Dumaru-J is a Trojan for the Windows platform.
Troj/Dumaru-J includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Dumaru-J attempts to steal confidential information and send it to a remote location. The Trojan allows a remote intruder to gain access to and control over the computer.

http://www.sophos.com/virusinfo/analyses/trojdumaruj.html

Collapse -
Troj/Stoped-B

In reply to: VIRUS ALERTS - August 11, 2005

Type Spyware Trojan

Troj/Stoped-B is a downloader Trojan for the Windows platform.
The Trojan downloads configuration data from a remote site which defines further behaviors. Troj/Stoped-B collects system information which is then sent to the remote site.

http://www.sophos.com/virusinfo/analyses/trojstopedb.html

Collapse -
Troj/Zcrew-G

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/Multidr-DZ

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/Sharp-H

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/Weasyw-B

In reply to: VIRUS ALERTS - August 11, 2005

Type Trojan

Troj/Weasyw-B is a backdoor Trojan.
Troj/Weasyw-B contacts a preconfigured remote internet site and downloads instructions. The Trojan can perform a number of actions based on the downloaded commands.
The Trojan may download and execute EXE files (the Trojan may update itself in this way) and change the Microsoft Internet Explorer settings in the registry so that the default start and search pages are directed to URLs defined within the text file.

http://www.sophos.com/virusinfo/analyses/trojweasywb.html

Collapse -
Troj/Vidlo-T

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Trojan-Downloader.Win32.Small.bgp
Downloader-ACS
Trojan.Downloader.Small-674

Type Trojan

Troj/Vidlo-T is a downloader Trojan for the Windows platform.
Troj/Vidlo-T attempts to download and run further malicious code.

http://www.sophos.com/virusinfo/analyses/trojvidlot.html

Collapse -
W32/Tilebot-E

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Backdoor.Win32.SdBot.aad
W32/Sdbot.worm.gen.by
W32.Spybot.Worm
WORM_SDBOT.BXW

Type Spyware Worm

W32/Tilebot-E is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-E spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.
W32/Tilebot-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-E includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Tilebot-E drops a copy of Troj/Rootkit-Z.

http://www.sophos.com/virusinfo/analyses/w32tilebote.html

Collapse -
W32/Rbot-AKC

In reply to: VIRUS ALERTS - August 11, 2005

Type Worm

W32/Rbot-AKC is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AKC spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), MSSQL (MS02-039) (CAN-2002-0649), UPNP (MS01-059), Veritas (CAN-2004-1172) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-AKC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AKC can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotakc.html

Collapse -
W32/Rbot-AKD

In reply to: VIRUS ALERTS - August 11, 2005

Type Spyware Worm

W32/Rbot-AKD is a worm and IRC backdoor for the Windows platform.
The worm spreads by exploiting software and operating system vulnerabilities and backdoors opened by other worms.
W32/Rbot-AKD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
A remote intruder can instruct the worm to perform a variety of actions, including :
Downloading and executing files
Monitoring network traffic
Logging users' keystrokes
Running a proxy server
Taking part in distributed denial of service attacks

http://www.sophos.com/virusinfo/analyses/w32rbotakd.html

Collapse -
Troj/BagleDl-S

In reply to: VIRUS ALERTS - August 11, 2005

Aliases Email-Worm.Win32.Bagle.cc

Type Trojan

Troj/BagleDl-S is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-S includes functionality to:
- inject its code into EXPLORER.EXE
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related applications
Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/BagleDl-S (detected as Troj/BagDl-Gen) since version 3.94.

http://www.sophos.com/virusinfo/analyses/trojbagledls.html

Collapse -
Troj/QLowZon-C

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
QLowZones-15
Trojan.Win32.Dialer.hc

Type Trojan

Troj/QLowZon-C is a Trojan for the Windows platform.
Troj/QLowZon-C reduces internet security and dialer settings. The Trojan may periodically load up an Microsoft Internet Explorer window on a preconfigured address.

http://www.sophos.com/virusinfo/analyses/trojqlowzonc.html

Collapse -
Troj/KillAV-FK

In reply to: VIRUS ALERTS - August 11, 2005

Collapse -
Troj/ExpHook-A

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
Trojan-PSW.Win32.Agent.bl
TSPY_SIPWEB.A
PWS-ExpHook


Type Spyware Trojan

Troj/ExpHook-A is a password stealing Trojan for the Windows platform.
Troj/ExpHook-A includes functionality to access the internet and communicate
with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojexphooka.html

Collapse -
XM97/Acute-A

In reply to: VIRUS ALERTS - August 11, 2005

Aliases
X97M_ACUTE.A
X97M.Sarsnan

Type Virus

XM97/Acute-A is a virus that infects Microsoft Excel files.
The virus changes the Microsoft Excel window title to either "Sars is different on every computer system." or to "Microsoft Excel for Buggie!" depending on the day of the week. On the 20th day of the month, XM97/Acute-A displays a message box containing the text "UPDATE ME NOW, INFECTED BY BUGGIE!"
XM97/Acute-A then copies itself into each file opened by Microsoft Excel.

http://www.sophos.com/virusinfo/analyses/xm97acutea.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.