Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 20, 2004

W32/Rbot-GP

Aliases Backdoor.Rbot.gen
W32/Sdbot.worm.gen.n
W32.Spybot.Worm

Type Worm

W32/Rbot-GP is a worm which attempts to spread to remote network shares and also contains backdoor Trojan functionality allowing unauthorised access to an infected computer.

http://www.sophos.com/virusinfo/analyses/w32rbotgp.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 20, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 20, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Hardoc-A

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Amitis-C

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Small-AR

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Mixus-D

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Dloader-CH

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
W32/Rbot-SA

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-SA is a worm with backdoor Trojan functionality.
W32/Rbot-SA is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command. The worm may also spread by exploiting a number of vulnerabilities.
W32/Rbot-SA may be used to steal passwords and product keys from a number of games and applications.

http://www.sophos.com/virusinfo/analyses/w32rbotsa.html

Collapse -
W32/Suxx-A

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Keylog-R

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
W32/Rbot-GR

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.Rbot.gen
W32/Sdbot.worm.gen.g
W32.Spybot.Worm

Type Worm

W32/Rbot-GR is a worm with backdoor Trojan functionality.
W32/Rbot-GR is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command. The worm may also spread by exploiting a number of vulnerabilities.
W32/Rbot-GR may be used to steal passwords and product keys from a number of games and applications.

http://www.sophos.com/virusinfo/analyses/w32rbotgr.html

Collapse -
W32/Sdbot-NF

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.SdBot.gen
W32/Sdbot.worm.gen.o
IRC/SdBot.ASN

Type Worm

W32/Sdbot-NF is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NF copies itself to the Windows system folder as EXPLORER.EXE and creates the following entry in the registry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Shell32 = explorer.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Shell32 = explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Shell32 = explorer.exe
W32/Sdbot-NF spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnf.html

Collapse -
Troj/Startpa-GM

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
W32/Sdbot-NG

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.SdBot.gen
W32/Sdbot.worm.gen.o
IRC/SdBot.ATD

Type Worm

W32/Sdbot-NG is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NG copies itself to the Windows system folder as SPOOLSERV.EXE and creates the following entries in the registry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
spoolserv = spoolserv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
spoolserv = spoolserv.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
spoolserv = spoolserv.exe
W32/Sdbot-NG spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotng.html

Collapse -
W32/Sdbot-NH

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.SdBot.gen
W32/Sdbot.worm.gen.o
IRC/SdBot.ATG
W32.Randex.gen

Type Virus

W32/Sdbot-NH is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NH copies itself to the Windows system folder as SPOOLSERV.EXE and creates the following entries in the registry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
spoolserv = spoolserv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
spoolserv = spoolserv.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
spoolserv = spoolserv.exe
W32/Sdbot-NH spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotnh.html

Collapse -
W32/Sdbot-NI

In reply to: VIRUS ALERTS - August 20, 2004

Aliases Backdoor.SdBot.gen
W32/Sdbot.worm.gen
IRC/SdBot.ASU
W32.Randex.gen

Type Worm

W32/Sdbot-NI is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NI copies itself to the Windows system folder as SVDHOST.EXE and creates the following entries in the registry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Com Port Manager = svdhost.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Com Port Manager = svdhost.exe
W32/Sdbot-NI spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotni.html

Collapse -
Troj/Dloader-BH

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Dloader-BI

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
W32/Rbot-GT

In reply to: VIRUS ALERTS - August 20, 2004

Type Worm

W32/Rbot-GT is a member of the Rbot family of worms. Infected computers can be controlled remotely over IRC channels. The worm spreads through network shares that are protected by weak passwords and through a number of known vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32rbotgt.html

Collapse -
W32/Agobot-MF

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Delf-EQ

In reply to: VIRUS ALERTS - August 20, 2004

Type Trojan

Troj/Delf-EQ is a dialler Trojan.
When first run the Trojan copies itself as the file CNTR.EXE into the C:\Windows\System32\ShellExt folder.
The Trojan enumerates existing dial out connections and may attempt to dial premium rate services without the knowledge of the user. The Trojan deletes itself if it can not find a modem connected to the computer.
To announce a successful infection Troj/Delf-EQ accesses a remote web site.

http://www.sophos.com/virusinfo/analyses/trojdelfeq.html

Collapse -
Troj/Dloader-BJ

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Agent-O

In reply to: VIRUS ALERTS - August 20, 2004

Aliases TrojanDownloader.Win32.Agent.as
Rutop

Type Trojan


Troj/Agent-O is a backdoor proxy Trojan.
Troj/Agent-O copies itself to a file with a random filename and the extension BAT in the temp folder and listens on TCP port 1044.

http://www.sophos.com/virusinfo/analyses/trojagento.html

Collapse -
Troj/Servu-AF

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Dumbspy-B

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Dloader-AO

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Agent-N

In reply to: VIRUS ALERTS - August 20, 2004

Aliases TrojanDownloader.Win32.Small.nq
Downloader-IF

Type Trojan

Troj/Agent-N is a Trojan Downloader for the Windows platform.
Troj/Agent-N attemps to download and run executable code from the Internet.
The following files may be created by the Trojan:
C:\Windows\scins.exe
C:\Windows\winserv.exe
C:\windows\madopew.dll
C:\windows\fierm.exe



Recovery
Summary Description Recovery

This section tells you how to disinfect this virus.
Please follow the instructions for removing Trojans.


http://www.sophos.com/virusinfo/analyses/trojagentn.html

Collapse -
Troj/Agent-M

In reply to: VIRUS ALERTS - August 20, 2004

Collapse -
Troj/Dumbspy-A

In reply to: VIRUS ALERTS - August 20, 2004

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.