Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 19, 2004

W32/Tzet-B

Aliases Worm.Win32.Tzet
W32/Tzet.worm.e
Win32/Tzet.A.dropper

Type Worm

W32/Tzet-B is a network worm.
W32/Tzet-B searches the local network for computers with weak or no passwords on the administrator or admin accounts to which it can copy itself.

http://www.sophos.com/virusinfo/analyses/w32tzetb.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 19, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 19, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Sdbot-NB

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Sdbot
IRC/SdBot.ATK
W32/Sdbot.worm.gen.b
Backdoor.SdBot.mw

Type Worm

W32/Sdbot-NB is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NB copies itself to the Windows system folder as SAGE.EXE and creates the following registry entry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Laptop Access = Sage.exe
W32/Sdbot-NB spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnb.html

Collapse -
W32/Sdbot-NC

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.SdBot.nv
W32/Sdbot.worm.gen
IRC/SdBot.AXT
Backdoor.Ranky

Type Worm

W32/Sdbot-NC is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NC copies itself to the Windows system folder under a random filename and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Monitor Test
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
W32/Sdbot-NC spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html

Collapse -
W32/Protoride-N

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Worm.Win32.Protoride.aa
W32/Protoride.worm
Win32/Protoride.P
W32.Protoride.Worm

Type Worm

W32/Protoride-N is a Windows worm that spreads via network shares. The worm also has a backdoor component that allows unauthorised remote access to the computer via IRC channels.
W32/Protoride-N will set the following registry entry so that it runs automatically upon restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskbar Manager
W32/Protoride-N attempts to copy itself to WINMNGR.EXE in the startup folder of shared network computers.
W32/Protoride-N may also set the following registry entry:
HKLM\Software\BeyonD inDustries\ProtoType[v2]
W32/Protoride-N remains resident, running in the background as a service process and listening for commands from remote users via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32protoriden.html

Collapse -
Troj/Vidlo-E

In reply to: VIRUS ALERTS - August 19, 2004

Collapse -
W32/Sdbot-ND

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.SdBot.nt
W32/Sdbot.worm.gen.k
Win32/IRCBot.KE
W32.Spybot.Worm

Type Worm

W32/Sdbot-ND is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-ND copies itself to the Windows system folder as WINDOWSNT.COM and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Information Manager = windowsNt.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
W32/Sdbot-ND spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Sdbot-ND may also try to log the users keystrokes for later retrieval by the remote intruder in a file named KEYLOG.TXT in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/w32sdbotnd.html

Collapse -
W32/Rbot-GM

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GM spreads using several vulnerabilities and backdoors opened by other worms.
The vulnerabilities used are addressed in MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GM allows a remote attacker unauthorised access to the infected computer. An infected computer may have its anti-virus and security software disabled.

http://www.sophos.com/virusinfo/analyses/w32rbotgm.html

Collapse -
W32/Rbot-GN

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GN spreads using vulnerabilities and backdoors opened by other worms. The vulnerabilities used are addressed by MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GN allows remote attackers to have unauthorised access to infected computers.

http://www.sophos.com/virusinfo/analyses/w32rbotgn.html

Collapse -
Troj/Banker-AR

In reply to: VIRUS ALERTS - August 19, 2004

Collapse -
W98/Flcss-B

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Win32.FunLove.3662
W32/Cassi.intd
W32.Funlove.C
PE_FUNLOVE.3662

Type Virus

W98/Flcss-B is a Windows98 parasitic virus which infects executable files locally and over NetBIOS shares with the following extenstions: OCX, SCR, EXE.

http://www.sophos.com/virusinfo/analyses/w98flcssb.html

Collapse -
W32/Lovgate-W

In reply to: VIRUS ALERTS - August 19, 2004

Type Worm

W32/Lovgate-W is a worm with the backdoor functionality that spreads via email, network shares with weak passwords and filesharing networks.
When executed W32/Lovgate-W creates a background process with the name "LSASS.EXE", copies itself to the Windows system folder, sets registry entries, extracts a backdoor component as a DLL file, harvests email addresses from *.ht files and sends itself out.

More: http://www.sophos.com/virusinfo/analyses/w32lovgatew.html

Collapse -
Troj/Banker-K

In reply to: VIRUS ALERTS - August 19, 2004

Type Trojan

Troj/Banker-K attempts to steal login credentials for Brazilian online banking sites.
In order to run automatically when Windows starts up the Trojan drops the file svchost.exe into the Windows system folder and adds the registry entry HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost pointing to this file.
Troj/Banker-K also drops the files bb.exe, bmb.exe, bnet.exe, bra.exe, gf.exe and itau.exe into the Windows system folder.

http://www.sophos.com/virusinfo/analyses/trojbankerk.html

Collapse -
W32/Lemoor-A

In reply to: VIRUS ALERTS - August 19, 2004

Collapse -
W32/Sdbot-NE

In reply to: VIRUS ALERTS - August 19, 2004

Aliases

* Backdoor.SdBot.mw
* W32/Sdbot.worm.gen.b
* IRC/SdBot.AVQ
* Backdoor.Sdbot
* WORM_SDBOT.MN

Type

* Worm

W32/Sdbot-NE is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

W32/Sdbot-NE copies itself to the Windows system folder as CMAGESTA.EXE and creates the following entry in the registry to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
MachineTest = CMagesta.exe

W32/Sdbot-NE spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotne.html

Collapse -
W32/Rbot-GO

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GO is a worm which attempts to spread to remote network shares.
W32/Rbot-GO also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgo.html

Collapse -
W32/Rbot-GQ

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Rbot.gen
Rbot.fam

Type Worm

W32/Rbot-GQ is a network worm with IRC backdoor functionality.
The worm attempts to spread to unpatched machines affected by the LSASS (MS04-011), RPC-DCOM (MS03-039), RPC-DCOM2 (MS04-012), WebDav (MS03-007), Universal Plug-and-Play (MS01-059) or Dameware (CAN-2003-1030) vulnerabilities, infected by other backdoors or running network services protected by weak passwords.
An attacker can control an infected machine remotely through IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgq.html

Collapse -
W32/Agobot-MD

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Gaobot.worm.gen.q
Agobot.3.U
Gaobot.AFJ

Type Worm

W32/Agobot-MD is a network worm with IRC backdoor functionality.
The worm spreads to unpatched machines affected by the RPC DCOM (MS03-059, MS04-012), DameWare (CAN-2003-1030) or LSASS (MS04-011) vulnerabilities.
An attacker can remotely control the infected machine through IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotmd.html

Collapse -
W32/Rbot-GS

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GS spreads by exploiting vulnerabilities, network services with weak passwords and backdoors opened by other worms.
W32/Rbot-GS allows unauthorised remote access to the infected computer.
The operating system vulnerabilities exploited by W32/Rbot-GS are addressed by MS04-011, MS03-039, MS03-007 and MS01-059.

http://www.sophos.com/virusinfo/analyses/w32rbotgs.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.