Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - August 8, 2005

Troj/Whistler-F

Aliases
Trojan.Win32.Dire.c
QDel247
Win32/Dire.C
TROJ_QDEL247.A

Type Trojan

Troj/Whistler-F is a destructive Trojan for the Windows platform.
Troj/Whistler-F will attempt to delete files on the user's computer. The Trojan will also create a file at C:\WXP and copy it over other files. The file contains the message "You did a piracy, you deserve it."

http://www.sophos.com/virusinfo/analyses/trojwhistlerf.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - August 8, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - August 8, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Dial/Scom-D

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Revopdo-A

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Divlo-A

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Nailed-A

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Prutec-E

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/LowZone-AA

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
W32/Rbot-ACF

In reply to: VIRUS ALERTS - August 8, 2005

Aliases W32/Sdbot.worm.gen.bj

Type Spyware Worm

W32/Rbot-ACF is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and the following operating system vulnerabilites:
LSASS (MS04-011)
RPC-DCOM (MS04-012)
WKS (MS03-049)
WebDav (MS03-007)
IIS5SSL (MS04-011)
MSSQL (MS02-039)
UPNP (MS01-059)
Dameware (CAN-2003-1030)
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ACF can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotacf.html

Collapse -
W32/Oscabot-B

In reply to: VIRUS ALERTS - August 8, 2005

Aliases
W32/Opanki.worm
Oscarbot
Doyorg

Type Worm


W32/Oscabot-B is a Windows worm that has backdoor functions that allows unauthorised remote access to the infected computer via IRC channels and may attempt to spread via AOL's instant messenger after receiving the appropriate command from a remote intruder.

http://www.sophos.com/virusinfo/analyses/w32oscabotb.html

Collapse -
Troj/BMDrop-A

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
W32/Rbot-AJX

In reply to: VIRUS ALERTS - August 8, 2005

Aliases Backdoor.Win32.Rbot.xl

Type Worm

W32/Rbot-AJX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AJX spreads by copying itself to network shares protected by weak passwords.
W32/Rbot-AJX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AJX includes functionality to:
carry out DDoS flooder attacks

silently download, install and run new software

access the internet and communicate with a remote server via HTTP

act as a SOCKS4 proxy

disable other software, including anti-virus, firewall and security related applications

http://www.sophos.com/virusinfo/analyses/w32rbotajx.html

Collapse -
Troj/AdClick-AW

In reply to: VIRUS ALERTS - August 8, 2005

Aliases Trojan-Downloader.Win32.Delf.te

Type Trojan

Troj/AdClick-AW is a Trojan for the Windows platform that attempts to connect to various websites and then display selected banner advertisements.
Troj/AdClick-AW queries a remote website in attempt to open a script file that contains redirect instructions.
Troj/AdClick-AW includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojadclickaw.html

Collapse -
Troj/QQRob-G

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Singu-T

In reply to: VIRUS ALERTS - August 8, 2005

Aliases
Backdoor.Win32.Singu.o
BackDoor-CGX
Backdoor.Singu.B
BKDR_SINGU.O

Type Spyware Trojan

Troj/Singu-T is a password stealing backdoor Trojan which attempts to steal confidential information and send it to a remote location.
When first run the Trojan moves itself to a read-only, hidden, system file ''<Windows> \i love you.exe'' and creates:
a hidden system file <Windows> \bubbes.bmp. This file may be deleted.

a read-only, hidden, system file <System> \_UsbDriver_.dll. This file is detected by Sophos as Troj/Singu-O.

Troj/Singu-T also displays a fake message box with the title ''Black Hole 2004.Build20040915'' and the message ''Install Complete!'' Troj/Singu-T will connect to a remote site and then listen for backdoor commands from a remote user. The backdoor can be used to:
copy, delete, run, upload and download files on the infected computer

log keyboard presses

capture images from an attached webcam

listen in using the microphone

list and kill processes running on the computer

steal email account information including usernames and passwords

http://www.sophos.com/virusinfo/analyses/trojsingut.html

Collapse -
Troj/DownLdr-BD

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Bancban-EC

In reply to: VIRUS ALERTS - August 8, 2005

Aliases
Trojan-Spy.Win32.Banker.ju
PWS-Banker.gen.b
PWSteal.Bancos

Type Spyware Trojan

Troj/Bancban-EC is an information stealing Trojan for the Windows platform.
Troj/Bancban-EC includes functionality to send notification messages to remote locations.
Troj/Bancban-EC targets the customers of certain Brazilian internet banking websites, attempting to steal account details.

http://www.sophos.com/virusinfo/analyses/trojbancbanec.html

Collapse -
Troj/LegMir-AR

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Lewor-C

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/Banker-EW

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/HideProc-H

In reply to: VIRUS ALERTS - August 8, 2005

Aliases
Trojan.Win32.HideProc.c
HideProc
PWSteal.Bancos.AA

Type Trojan

Troj/HideProc-H is a DLL used for hiding processes.
Malicious software may install Troj/HideProc-H in order to prevent itself from being listed by the Windows Task Manager.

http://www.sophos.com/virusinfo/analyses/trojhideproch.html

Collapse -
Troj/Banworm-D

In reply to: VIRUS ALERTS - August 8, 2005

Aliases
Trojan-Spy.Win32.Banker.wa
PWSteal.Bancos.AA

Type Spyware Trojan

Troj/Banworm-D is an information-stealing Trojan for the Windows platform.
Troj/Banworm-D records keystrokes and retrieves passwords for email accounts. These details are sent to a preconfigured email address.

http://www.sophos.com/virusinfo/analyses/trojbanwormd.html

Collapse -
Troj/AleSpy-C

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
W32/Sdranck-M

In reply to: VIRUS ALERTS - August 8, 2005

Aliases TROJ_RANKBOT.P

Type Worm

W32/Sdranck-M is a multi-component network worm.
W32/Sdranck-M drops two files in the following locations:
C:\WINNT\SYSTEM32\dingping.exe
C:\WINNT\SYSTEM32\dingpong.exe
W32/Sdranck-M then runs these files.
DINGPING.EXE is a proxy Trojan detected as Troj/Ranck-Gen.
DINGPONG.EXE is a backdoor Trojan detected as W32/Sdbot-Fam.
The file detected as W32/Sdbot-Fam attempts to spread W32/Sdranck-M to network shares with weak passwords and via network security exploits.

http://www.sophos.com/virusinfo/analyses/w32sdranckm.html

Collapse -
Troj/Aduyo-A

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Dial/ExDial-B

In reply to: VIRUS ALERTS - August 8, 2005

Collapse -
Troj/BagleDl-R

In reply to: VIRUS ALERTS - August 8, 2005

Aliases Email-Worm.Win32.Bagle.bq

Type Trojan

Troj/BagleDl-R is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-R includes functionality to:
- inject its code into EXPLORER.EXE
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related applications
Troj/BagleDl-R then attempts to download files from remote websites and run them.
Troj/BagleDl-R may also run MSPAINT.EXE in an attempt to obfuscate itself.

http://www.sophos.com/virusinfo/analyses/trojbagledlr.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.