Spyware, Viruses, & Security forum

About This Forum
CNET's spyware, viruses, & security forum is the best source for finding the latest news, help, and troubleshooting advice from a community of experts. Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.
Real-Time Activity
Resolved Questions
My Tracked Discussions
FAQs
Policies
Moderators

General discussion

VIRUS ALERTS - August 19, 2004

by Marianna Schmudlach | August 18, 2004 11:41 PM PDT

W32/Tzet-B

Aliases Worm.Win32.Tzet
W32/Tzet.worm.e
Win32/Tzet.A.dropper

Type Worm

W32/Tzet-B is a network worm.
W32/Tzet-B searches the local network for computers with weak or no passwords on the administrator or admin accounts to which it can copy itself.

http://www.sophos.com/virusinfo/analyses/w32tzetb.html

Discussion is locked

Flag

You are posting a reply to: VIRUS ALERTS - August 19, 2004

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.

Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 19, 2004

This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Sorry, there was a problem flagging this post. Please try again now or at a later time.

Track this discussion

Thread display: Collapse / Expand

18 total posts

Collapse -

W32/Sdbot-NB

by Marianna Schmudlach | August 18, 2004 11:44 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Sdbot
IRC/SdBot.ATK
W32/Sdbot.worm.gen.b
Backdoor.SdBot.mw

Type Worm

W32/Sdbot-NB is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NB copies itself to the Windows system folder as SAGE.EXE and creates the following registry entry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Laptop Access = Sage.exe
W32/Sdbot-NB spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnb.html

Flag

This was helpful (0)

Collapse -

W32/Sdbot-NC

by Marianna Schmudlach | August 18, 2004 11:46 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.SdBot.nv
W32/Sdbot.worm.gen
IRC/SdBot.AXT
Backdoor.Ranky

Type Worm

W32/Sdbot-NC is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NC copies itself to the Windows system folder under a random filename and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Monitor Test
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
W32/Sdbot-NC spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html

Flag

This was helpful (0)

Collapse -

W32/Protoride-N

by Marianna Schmudlach | August 18, 2004 11:48 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Worm.Win32.Protoride.aa
W32/Protoride.worm
Win32/Protoride.P
W32.Protoride.Worm

Type Worm

W32/Protoride-N is a Windows worm that spreads via network shares. The worm also has a backdoor component that allows unauthorised remote access to the computer via IRC channels.
W32/Protoride-N will set the following registry entry so that it runs automatically upon restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskbar Manager
W32/Protoride-N attempts to copy itself to WINMNGR.EXE in the startup folder of shared network computers.
W32/Protoride-N may also set the following registry entry:
HKLM\Software\BeyonD inDustries\ProtoType[v2]
W32/Protoride-N remains resident, running in the background as a service process and listening for commands from remote users via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32protoriden.html

Flag

This was helpful (0)

Collapse -

Troj/Vidlo-E

by Marianna Schmudlach | August 18, 2004 11:50 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Type Trojan

Troj/Vidlo-E is a Trojan which downloads a file from a predefined location and then executes it.

http://www.sophos.com/virusinfo/analyses/trojvidloe.html

Flag

This was helpful (0)

Collapse -

W32/Sdbot-ND

by Marianna Schmudlach | August 18, 2004 11:53 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.SdBot.nt
W32/Sdbot.worm.gen.k
Win32/IRCBot.KE
W32.Spybot.Worm

Type Worm

W32/Sdbot-ND is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-ND copies itself to the Windows system folder as WINDOWSNT.COM and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Information Manager = windowsNt.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
W32/Sdbot-ND spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Sdbot-ND may also try to log the users keystrokes for later retrieval by the remote intruder in a file named KEYLOG.TXT in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/w32sdbotnd.html

Flag

This was helpful (0)

Collapse -

W32/Rbot-GM

by Marianna Schmudlach | August 18, 2004 11:55 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GM spreads using several vulnerabilities and backdoors opened by other worms.
The vulnerabilities used are addressed in MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GM allows a remote attacker unauthorised access to the infected computer. An infected computer may have its anti-virus and security software disabled.

http://www.sophos.com/virusinfo/analyses/w32rbotgm.html

Flag

This was helpful (0)

Collapse -

W32/Rbot-GN

by Marianna Schmudlach | August 18, 2004 11:56 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GN spreads using vulnerabilities and backdoors opened by other worms. The vulnerabilities used are addressed by MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GN allows remote attackers to have unauthorised access to infected computers.

http://www.sophos.com/virusinfo/analyses/w32rbotgn.html

Flag

This was helpful (0)

Collapse -

Troj/Banker-AR

by Marianna Schmudlach | August 18, 2004 11:58 PM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Trojan.Win32.Banker.ar

Type Trojan

Troj/Banker-AR is a Trojan which steals online banking information.

http://www.sophos.com/virusinfo/analyses/trojbankerar.html

Flag

This was helpful (0)

Collapse -

W98/Flcss-B

by Marianna Schmudlach | August 19, 2004 12:01 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Win32.FunLove.3662
W32/Cassi.intd
W32.Funlove.C
PE_FUNLOVE.3662

Type Virus

W98/Flcss-B is a Windows98 parasitic virus which infects executable files locally and over NetBIOS shares with the following extenstions: OCX, SCR, EXE.

http://www.sophos.com/virusinfo/analyses/w98flcssb.html

Flag

This was helpful (0)

Collapse -

W32/Lovgate-W

by Marianna Schmudlach | August 19, 2004 12:03 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Type Worm

W32/Lovgate-W is a worm with the backdoor functionality that spreads via email, network shares with weak passwords and filesharing networks.
When executed W32/Lovgate-W creates a background process with the name "LSASS.EXE", copies itself to the Windows system folder, sets registry entries, extracts a backdoor component as a DLL file, harvests email addresses from *.ht files and sends itself out.

More: http://www.sophos.com/virusinfo/analyses/w32lovgatew.html

Flag

This was helpful (0)

Collapse -

Troj/Banker-K

by Marianna Schmudlach | August 19, 2004 1:56 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Type Trojan

Troj/Banker-K attempts to steal login credentials for Brazilian online banking sites.
In order to run automatically when Windows starts up the Trojan drops the file svchost.exe into the Windows system folder and adds the registry entry HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost pointing to this file.
Troj/Banker-K also drops the files bb.exe, bmb.exe, bnet.exe, bra.exe, gf.exe and itau.exe into the Windows system folder.

http://www.sophos.com/virusinfo/analyses/trojbankerk.html

Flag

This was helpful (0)

Collapse -

W32/Lemoor-A

by Marianna Schmudlach | August 19, 2004 1:59 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Worm.Win32.Lemoor.a
W32/Lemoor

Type Worm

W32/Lemoor-A is a worm for the Windows platform.
W32/Lemoor-A spreads by exploiting a vulnerability in the FTP server set up by the W32/Sasser family of worms.

http://www.sophos.com/virusinfo/analyses/w32lemoora.html

Flag

This was helpful (0)

Collapse -

W32/Sdbot-NE

by Marianna Schmudlach | August 19, 2004 2:04 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases

* Backdoor.SdBot.mw
* W32/Sdbot.worm.gen.b
* IRC/SdBot.AVQ
* Backdoor.Sdbot
* WORM_SDBOT.MN

Type

* Worm

W32/Sdbot-NE is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

W32/Sdbot-NE copies itself to the Windows system folder as CMAGESTA.EXE and creates the following entry in the registry to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
MachineTest = CMagesta.exe

W32/Sdbot-NE spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotne.html

Flag

This was helpful (0)

Collapse -

W32/Rbot-GO

by Marianna Schmudlach | August 19, 2004 7:03 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GO is a worm which attempts to spread to remote network shares.
W32/Rbot-GO also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgo.html

Flag

This was helpful (0)

Collapse -

W32/Rbot-GQ

by Marianna Schmudlach | August 19, 2004 7:05 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Rbot.gen
Rbot.fam

Type Worm

W32/Rbot-GQ is a network worm with IRC backdoor functionality.
The worm attempts to spread to unpatched machines affected by the LSASS (MS04-011), RPC-DCOM (MS03-039), RPC-DCOM2 (MS04-012), WebDav (MS03-007), Universal Plug-and-Play (MS01-059) or Dameware (CAN-2003-1030) vulnerabilities, infected by other backdoors or running network services protected by weak passwords.
An attacker can control an infected machine remotely through IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgq.html

Flag

This was helpful (0)

Collapse -

W32/Agobot-MD

by Marianna Schmudlach | August 19, 2004 7:07 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Gaobot.worm.gen.q
Agobot.3.U
Gaobot.AFJ

Type Worm

W32/Agobot-MD is a network worm with IRC backdoor functionality.
The worm spreads to unpatched machines affected by the RPC DCOM (MS03-059, MS04-012), DameWare (CAN-2003-1030) or LSASS (MS04-011) vulnerabilities.
An attacker can remotely control the infected machine through IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotmd.html

Flag

This was helpful (0)

Collapse -

W32/Rbot-GS

by Marianna Schmudlach | August 19, 2004 8:14 AM PDT

In reply to: VIRUS ALERTS - August 19, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-GS spreads by exploiting vulnerabilities, network services with weak passwords and backdoors opened by other worms.
W32/Rbot-GS allows unauthorised remote access to the infected computer.
The operating system vulnerabilities exploited by W32/Rbot-GS are addressed by MS04-011, MS03-039, MS03-007 and MS01-059.

http://www.sophos.com/virusinfo/analyses/w32rbotgs.html

Flag

This was helpful (0)

Back to Spyware, Viruses, & Security forum 18 total posts

Popular Forums

icon

Computer Newbies 10,686 discussions

icon

Computer Help 54,365 discussions

icon

Laptops 21,181 discussions

icon

Networking & Wireless 16,313 discussions

icon

Phones 17,137 discussions

icon

Security 31,287 discussions

icon

TVs & Home Theaters 22,101 discussions

icon

Windows 7 8,164 discussions

icon

Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.