Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 1,2004

by Marianna Schmudlach / November 30, 2004 11:31 PM PST


Aliases Backdoor.Win32.Agobot.gen

Type Worm

W32/Agobot-NZ is a backdoor Trojan and worm which spreads to computers protected by weak passwords.
Each time the Trojan is run it attempts to connect to a remote IRC server and join a specific channel.
The Trojan then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
The Trojan attempts to terminate and disable various anti-virus and security-related programs and modifies the HOSTS file.


Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 1,2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 1,2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Marianna Schmudlach / November 30, 2004 11:33 PM PST
Collapse -
by Marianna Schmudlach / November 30, 2004 11:36 PM PST

Aliases TrojanSpy.Win32.Banker.ek

Type Trojan

Troj/Banker-AL is a multi component Trojan for the Windows platform that attempts to steal online banking information and send it via HTTP to a remote location.
When executed, Troj/Banker-AL extracts lsd_f3.dll and iesprt.sys files to the Windows system folder, where iesprt.sys is a system driver detected as Troj/Haxdoor-M that provides a stealth running mode.
For more details please see Troj/Haxdoor-M.
In order to be able to run automatically when Windows starts up, Troj/Banker-AL sets a number of registry entries related to the loaded DLL and installed driver, including the following entries:
Winlogon Notify:
name = "f3dsl"
path = "lsd_f3.dll"
displayname = "KeIE"
imagepath = "iesprt.sys "


Collapse -
by Marianna Schmudlach / November 30, 2004 11:37 PM PST

Aliases TrojanSpy.Win32.Banker.ek

Type Trojan

Troj/Haxdoor-M is a variant of the backdoor Trojan for the Windows platform.
Troj/Haxdoor-M may arrive as a system driver with the filename iespr.sys that provides stealthing to prevent the detection and removal of the related files, registry entries and services, as well as providing the means to restore them if they are removed.


Collapse -
by Marianna Schmudlach / November 30, 2004 11:39 PM PST

Aliases Worm.Win32.Zusha.b

Type Worm

W32/Zusha-B is a worm for the Windows platform.
W32/Zusha-B spreads by exploiting the LSASS (MS04-011) vulnerability, causing vulnerable computers to download a copy of the worm from an FTP site.


Collapse -
by Marianna Schmudlach / November 30, 2004 11:41 PM PST

Aliases Email-Worm.Win32.Wurmark.a

Type Worm

W32/Wurmark-A is a Visual Basic mass-mailing worm.
When run the worm first displays a JPEG graphic using the default viewer and then creates ansmtp.dll, attached.zip, bszip.dll, uglym.jpg, winit.exe and xxz.tmp in the Windows system folder.


Collapse -
by Marianna Schmudlach / November 30, 2004 11:43 PM PST

Aliases Backdoor.Win32.Banito.s

Type Worm

W32/Banito-S is a worm and backdoor Trojan for the Windows platform.
W32/Banito-S connects to a remote site and then awaits commands from a remote user. The backdoor component may be instructed to spread through network shares.
W32/Banito-S logs keypresses to syskl32.ss in the Windows folder.


Collapse -
by Marianna Schmudlach / November 30, 2004 11:44 PM PST

Aliases TrojanDownloader.Win32.IstBar.gen

Type Trojan

Troj/Istbar-BL is a downloader Trojan for the Windows platform that sets Internet Explorer's search page to http://www.couldnotfind.com and the start page to http://www.slotch.com.
Troj/Istbar-BL attempts to download and install several adware products without the user's knowledge. The Trojan may also add several adult URLs to the Favorites menu in Internet Explorer.
Troj/Istbar-BL downloads from the following URLs:


Collapse -
by Marianna Schmudlach / November 30, 2004 11:46 PM PST

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-QS is a network worm and IRC backdoor Trojan for the Windows platform.
The worm copies itself to a file named syscfg32.exe in the Windows system folder.
W32/Rbot-QS can be controlled by a remote attacker over IRC channels.


Collapse -
by Marianna Schmudlach / November 30, 2004 11:48 PM PST
Collapse -
by Marianna Schmudlach / November 30, 2004 11:50 PM PST

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-QY is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).


Collapse -
by Marianna Schmudlach / November 30, 2004 11:52 PM PST
Collapse -
by Marianna Schmudlach / November 30, 2004 11:54 PM PST
Collapse -
by Marianna Schmudlach / November 30, 2004 11:55 PM PST
Collapse -
by Marianna Schmudlach / November 30, 2004 11:56 PM PST
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?