Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 21, 2005

by roddy32 / August 20, 2005 11:43 PM PDT



Type Trojan

Troj/Spexta-A is a Trojan for the Windows platform.
Troj/Spexta-A may be used to send out spam emails to addresses harvested from the infected system. The Trojan may also download and run further malicious code.
Troj/Spexta-A may arrive as an email attachment in emails claiming to be from "CNN Newsletter" with subject line "TERROR HITS LONDON". The Trojan is included as an attachment with filename "LondonTerrorMovie.zip".


Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 21, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 21, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by roddy32 / August 20, 2005 11:45 PM PDT
Collapse -
by roddy32 / August 20, 2005 11:47 PM PDT
Collapse -
by roddy32 / August 20, 2005 11:49 PM PDT
Collapse -
by roddy32 / August 20, 2005 11:52 PM PDT
Collapse -
by roddy32 / August 20, 2005 11:58 PM PDT

Type Spyware Trojan

Troj/Blacklog-A is a keylogger Trojan for the Windows platform.
Troj/Blacklog-A displays a fake error message with the title "KB826929 Setup Error" and the text "Setup cannot update your Windows files because the language installed on your system is different from the update language."
The Trojan may inject itself into the explorer process or register itself as a service process in order to prevent itself from being terminated.
Troj/Blacklog-A records keystrokes to the file servms.dll in the Windows system folder. When this file becomes larger than 30kb, its contents are submitted to the author by email. The file servms.dll may be deleted.


Collapse -
by roddy32 / August 21, 2005 12:00 AM PDT

Aliases Backdoor.Win32.Rbot.uj

Type Spyware Worm

W32/Monkbd-A is a keylogger and backdoor worm which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Monkbd-A includes functionality to:
- steal computer information
- log keystrokes and send them to a remote location
W32/Monkbd-A may also attempt to copy itself to network shares.


Collapse -
by roddy32 / August 21, 2005 12:02 AM PDT


Type Trojan

Troj/IWDL-A is a Trojan creator for the Windows platform.
Files created by Troj/IWDL-A are detected by Sophos's anti-virus products as Troj/Dloader-PO.


Collapse -
by roddy32 / August 21, 2005 12:05 AM PDT
Collapse -
by roddy32 / August 21, 2005 12:07 AM PDT
Collapse -
by roddy32 / August 21, 2005 12:09 AM PDT
Collapse -
by roddy32 / August 21, 2005 2:03 AM PDT


Type Spyware Worm

W32/Tilebot-B is a worm that attempts to spread to remote network shares. It also contains backdoor functionality, allowing unauthorized remote access to the infected computer via IRC channels.

W32/Tilebot-B spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

W32/Tilebot-B allows a remote user to perform a wide range of actions on the infected computer including downloading further files, setting registry entries and stealing information from the computer including from protected storage areas.

W32/Tilebot-B attempts to interfere with and disable certain security related processes.


Collapse -
by roddy32 / August 21, 2005 2:06 AM PDT
Collapse -
by roddy32 / August 21, 2005 2:08 AM PDT
Collapse -
by roddy32 / August 21, 2005 2:12 AM PDT


Type Spyware Worm

W32/Rbot-AJR is a worm and backdoor for the Windows platform.
W32/Rbot-AJR spreads to other network computers infected with worms from the W32/MyDoom and W32/Bagle families, by exploiting common buffer overflow vulnerabilites, including LSASS, RPC-DCOM and WebDav and by copying itself to network shares protected by weak passwords.
W32/Rbot-AJR includes functionality to:
carry out DDoS flooder attacks
silently download, install and run new software
access the internet and communicate with a remote server via HTTP
act as a SOCKS4 proxy
disable other software, including anti-virus, firewall and security related applications
When W32/Rbot-AJR is installed it creates the file <Windows system folder> \svkp.sys.
The file SVKP.sys is registered as a new system driver service named ''SVKP'', with a display name of ''SVKP'' and a startup type of automatic, so that it is started automatically during system startup.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AJR can be obtained from the Microsoft website:





Collapse -
by roddy32 / August 21, 2005 2:22 AM PDT


Type Trojan

Dial/Eocha-A is a dialer application for accessing pornographic material.
When first run Dial/Eocha-A copies itself to the Desktop and User folders.
Dial/Eocha-A changes the Start Page and security settings for Microsoft Internet Explorer


Collapse -
by roddy32 / August 21, 2005 2:58 AM PDT


Type Virus

W32/Bobax-P is a virus and backdoor for the Windows platform.
W32/Bobax-P communicates with a remote server which will instruct it to perform specific actions.


Collapse -
by roddy32 / August 21, 2005 3:01 AM PDT


Type Virus

W32/Bobax-Q is a virus and backdoor for the Windows platform.
W32/Bobax-Q communicates with a remote server which will instruct it to perform specific actions.


Collapse -
by roddy32 / August 21, 2005 4:05 AM PDT

Aliases Trojan-Downloader.Win32.Agent.bq

Type Trojan

Troj/SpyDldr-B is an advertising Trojan with downloading functionality.
Troj/SpyDldr-B periodically displays the following messages:
WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.
Do you want to learn how to protect your computer?
Your computer might be at risk
Your virus protection status is bad
Spyware Activity Detected
Click this balloon to fix this problem
Clicking on the messages opens a browser window on a page advertising anti-spyware software.
The Trojan attempts to download and run further Trojan files.


Collapse -
by roddy32 / August 21, 2005 4:08 AM PDT


Type Spyware Worm

W32/Mytob-KC is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-KC is capable of spreading through email and through various operating system vulnerabilities such as LSASS. Email sent by W32/Mytob-KC has the following properties:
Subject line:
Good day
Mail Delivery System
Mail Transaction Failed
Server Report
Message text:
'This is a multi-part message in MIME format.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
The attached file consists of a base name followed by the extentions PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE or ZIP.
A patch for the vulnerability exploited by W32/Mytob-KC is available from M


Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Mytob-KC (detected as W32/Mytob-Fam) since version 3.94.


Collapse -
by roddy32 / August 21, 2005 5:49 AM PDT

Type Spyware Trojan

Troj/Bardus-A is a backdoor and keylogging Trojan for the Windows platform.
Troj/Bardus-A can also be registered as a service, steal product registration
keys, retrieve system information, and delete system files.


Collapse -
by roddy32 / August 21, 2005 5:53 AM PDT

Type Trojan

Troj/Webdrop-B is a Trojan dropper for Windows based systems.
Troj/Webdrop-B is an HTML script that tries to ascertain whether a system viewing that script in a web browser has certain vulnerabilities.
If the system has one or more of these vunlerabilities, Troj/Webdrop-B exploits them to run malicious code.


Collapse -
by roddy32 / August 21, 2005 5:55 AM PDT

Aliases Backdoor.Win32.VBbot.i

Type Spyware Worm

W32/Chode-F is a worm for the Windows platform.
W32/Chode-F sends a message to all MSN Messenger contacts with a link to a site
that contains a copy of the worm.
The message will be one of the following:
LMAO, this is freaking me out!!
looooooool....check this out !!!
Automessage : download the new MSN update here!
rofl, this ownz!!
Hej, you already updated your MSN?
Get the new MSN Messenger here :
Click here if you want more MSN emotions:
w0000t, you have to check this out!
lmao, this roxXxX!!
wow wow wow.....you have to check this out!!!
W32/Chode-F terminates a number of processes including those related to various AV and security applications.
W32/Chode-F includes functionality to silently download, install and run new
software including an update of itself, initiate a proxy server on the
infected computer, steal passwords, act as a flooder.


Collapse -
by roddy32 / August 21, 2005 5:57 AM PDT


Type Spyware Trojan

Troj/Banker-FB is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Banker-FB attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.


Collapse -
by roddy32 / August 21, 2005 5:59 AM PDT

Type Spyware Trojan

Troj/Fodder-A is a password stealing backdoor Trojan that allows a remote
intruder to gain access and control over the computer.
Troj/Fodder-A connects to a pre-configured IRC server and waits for further instructions from a remote intruder.
Troj/Fodder-A includes functionality to access the internet and communicate with
a remote server via HTTP.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.