Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 1,2004

W32/Agobot-NZ
Summary

Aliases Backdoor.Win32.Agobot.gen


Type Worm

W32/Agobot-NZ is a backdoor Trojan and worm which spreads to computers protected by weak passwords.
Each time the Trojan is run it attempts to connect to a remote IRC server and join a specific channel.
The Trojan then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
The Trojan attempts to terminate and disable various anti-virus and security-related programs and modifies the HOSTS file.

http://www.sophos.com/virusinfo/analyses/w32agobotnz.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 1,2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 1,2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Xupiter-A

In reply to: VIRUS ALERTS - December 1,2004

Collapse -
Troj/Banker-AL

In reply to: VIRUS ALERTS - December 1,2004

Aliases TrojanSpy.Win32.Banker.ek

Type Trojan

Troj/Banker-AL is a multi component Trojan for the Windows platform that attempts to steal online banking information and send it via HTTP to a remote location.
When executed, Troj/Banker-AL extracts lsd_f3.dll and iesprt.sys files to the Windows system folder, where iesprt.sys is a system driver detected as Troj/Haxdoor-M that provides a stealth running mode.
For more details please see Troj/Haxdoor-M.
In order to be able to run automatically when Windows starts up, Troj/Banker-AL sets a number of registry entries related to the loaded DLL and installed driver, including the following entries:
Winlogon Notify:
name = "f3dsl"
path = "lsd_f3.dll"
Driver:
displayname = "KeIE"
imagepath = "iesprt.sys "

http://www.sophos.com/virusinfo/analyses/trojbankeral.html

Collapse -
Troj/Haxdoor-M

In reply to: VIRUS ALERTS - December 1,2004

Aliases TrojanSpy.Win32.Banker.ek
PWS-Banker!sys

Type Trojan

Troj/Haxdoor-M is a variant of the backdoor Trojan for the Windows platform.
Troj/Haxdoor-M may arrive as a system driver with the filename iespr.sys that provides stealthing to prevent the detection and removal of the related files, registry entries and services, as well as providing the means to restore them if they are removed.

http://www.sophos.com/virusinfo/analyses/trojhaxdoorm.html

Collapse -
W32/Zusha-B

In reply to: VIRUS ALERTS - December 1,2004

Aliases Worm.Win32.Zusha.b
W32/Zusha.worm
WORM_ZUSHA.A

Type Worm

W32/Zusha-B is a worm for the Windows platform.
W32/Zusha-B spreads by exploiting the LSASS (MS04-011) vulnerability, causing vulnerable computers to download a copy of the worm from an FTP site.

http://www.sophos.com/virusinfo/analyses/w32zushab.html

Collapse -
W32/Wurmark-A

In reply to: VIRUS ALERTS - December 1,2004

Aliases Email-Worm.Win32.Wurmark.a
W32/Mugly.b@MM

Type Worm

W32/Wurmark-A is a Visual Basic mass-mailing worm.
When run the worm first displays a JPEG graphic using the default viewer and then creates ansmtp.dll, attached.zip, bszip.dll, uglym.jpg, winit.exe and xxz.tmp in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/w32wurmarka.html

Collapse -
W32/Banito-S

In reply to: VIRUS ALERTS - December 1,2004

Aliases Backdoor.Win32.Banito.s
BackDoor-CCL.dr

Type Worm

W32/Banito-S is a worm and backdoor Trojan for the Windows platform.
W32/Banito-S connects to a remote site and then awaits commands from a remote user. The backdoor component may be instructed to spread through network shares.
W32/Banito-S logs keypresses to syskl32.ss in the Windows folder.

http://www.sophos.com/virusinfo/analyses/w32banitos.html

Collapse -
Troj/Istbar-BL

In reply to: VIRUS ALERTS - December 1,2004

Aliases TrojanDownloader.Win32.IstBar.gen

Type Trojan

Troj/Istbar-BL is a downloader Trojan for the Windows platform that sets Internet Explorer's search page to http://www.couldnotfind.com and the start page to http://www.slotch.com.
Troj/Istbar-BL attempts to download and install several adware products without the user's knowledge. The Trojan may also add several adult URLs to the Favorites menu in Internet Explorer.
Troj/Istbar-BL downloads from the following URLs:
http://cdn.climaxbucks.com
http://install.xxxtoolbar.com
http://mt55.mtree.com
http://www.ysbweb.com

http://www.sophos.com/virusinfo/analyses/trojistbarbl.html

Collapse -
W32/Rbot-QS

In reply to: VIRUS ALERTS - December 1,2004

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.i

Type Worm

W32/Rbot-QS is a network worm and IRC backdoor Trojan for the Windows platform.
The worm copies itself to a file named syscfg32.exe in the Windows system folder.
W32/Rbot-QS can be controlled by a remote attacker over IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotqs.html

Collapse -
Troj/BDoor-CJV

In reply to: VIRUS ALERTS - December 1,2004

Collapse -
W32/Rbot-QY

In reply to: VIRUS ALERTS - December 1,2004

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.y
WORM_SPYBOT.HP

Type Worm

W32/Rbot-QY is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).

http://www.sophos.com/virusinfo/analyses/w32rbotqy.html

Collapse -
Troj/Agent-AZ

In reply to: VIRUS ALERTS - December 1,2004

Collapse -
W32/Rbot-QV

In reply to: VIRUS ALERTS - December 1,2004

Collapse -
Troj/Small-BV

In reply to: VIRUS ALERTS - December 1,2004

Collapse -
Troj/Bdoor-TF

In reply to: VIRUS ALERTS - December 1,2004

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.