Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 11, 2005

Dec 11, 2005 1:03AM PST

Troj/Bckdr-AWR

Type
Trojan

Aliases
BackDoor-AWQ.b

Troj/Bckdr-AWR is a Trojan for the Windows platform.

Troj/Bckdr-AWR includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Bckdr-AWR copies itself to <Windows> \Windows.exe.

The file Windows.exe is registered as a new system driver service with a service name and display name that contains non-Roman characters and a startup type of automatic, so that the service is started automatically during system startup

http://www.sophos.com/virusinfo/analyses/trojbckdrawr.html

Discussion is locked

- Collapse -
Troj/Tometa-D
Dec 11, 2005 1:05AM PST

Type
Trojan

Troj/Tometa-D is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When first run Troj/Tometa-D copies itself to &ltWindows> \svchost.exe and creates the file &ltWindows> \plugin1.dat.

http://www.sophos.com/virusinfo/analyses/trojtometad.html

- Collapse -
Troj/Agent-FM
Dec 11, 2005 1:18AM PST

Type
Trojan

Aliases
Trojan.Win32.Agent.mo

Troj/Agent-FM is a Trojan for the Windows platform.

When first executed the Trojan drops the file msctl32.dll in the Windows system folder.

Troj/Agent-FM includes functionality to download, install and run new software.

http://www.sophos.com/virusinfo/analyses/trojagentfm.html

- Collapse -
Troj/Adload-A
Dec 11, 2005 1:20AM PST
- Collapse -
Troj/GrayBir-AC
Dec 11, 2005 1:23AM PST

Type
Trojan

Troj/GrayBir-AC is a backdoor Trojan for the Windows platform.

Troj/GrayBir-AC includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/GrayBir-AC copies itself to <Windows> \svchost.exe.

To hide its activities, Troj/GrayBir-AC injects its backdoor funcionality into
Internet Explorer.

The file svchost.exe is registered as a new system driver service named
''system event log'', with a display name of ''system event log'' and an image path pointing to the copy of the trojan.

http://www.sophos.com/virusinfo/analyses/trojgraybirac.html

- Collapse -
W32/Tufik-B
Dec 11, 2005 1:26AM PST

Type
Virus

Aliases
Virus.Win32.Tufik.b
W32.Bufei
W32/Tufik.worm.gen

W32/Tufik-B is a virus for the Windows platform that infects EXE files.

W32/Tufik-B also has keylogging functionality. Key presses are logged to the
file advkey.dll in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/w32tufikb.html

- Collapse -
Troj/Banload-X
Dec 11, 2005 1:28AM PST
- Collapse -
Troj/DownLdr-EL
Dec 11, 2005 1:30AM PST
- Collapse -
Troj/Banload-W
Dec 11, 2005 1:32AM PST
- Collapse -
Troj/Small-CAM
Dec 11, 2005 7:36AM PST
- Collapse -
Troj/LegMir-BV
Dec 11, 2005 7:37AM PST
- Collapse -
Troj/Dloade-AAE
Dec 11, 2005 7:38AM PST

Type Trojan

Aliases TROJ_DLOADER.AIX

Troj/Dloade-AAE is a Trojan for the Windows platform.
When first run Troj/Dloade-AAE copies itself to <System>\ios.exe.
Troj/Dloade-AAE includes functionality to access the internet and communicate
with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloadeaae.html

- Collapse -
Troj/Banload-AH
Dec 11, 2005 7:39AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.ah

Troj/Banload-AH is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Banload-AH includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbanloadah.html

- Collapse -
Troj/Certif-O
Dec 11, 2005 7:40AM PST
- Collapse -
Troj/Bancban-KU
Dec 11, 2005 7:41AM PST
- Collapse -
Troj/Bancban-KV
Dec 11, 2005 7:42AM PST
- Collapse -
Troj/Bancban-KW
Dec 11, 2005 7:44AM PST
- Collapse -
W32/Combra-H
Dec 11, 2005 7:44AM PST

Type Worm

W32/Combra-H is a worm for the Windows platform.
W32/Combra-H will search the infected computer for email contacts and send an HTML email message to any addresses found. W32/Combra-H will arrive as an HTML email message with a link. The link is unavailable at the time of writing.

http://www.sophos.com/virusinfo/analyses/w32combrah.html

- Collapse -
W32/Combra-I
Dec 11, 2005 7:45AM PST

Type Worm

Aliases WORM_COMBRA.I

W32/Combra-I is a worm for the Windows platform.
W32/Combra-I will send out an email to a Brazilian address in order to inform a remote user that the computer has been infected. W32/Combra-I will then search the infected computer for email contacts and send an HTML email message to any addresses found.

http://www.sophos.com/virusinfo/analyses/w32combrai.html

- Collapse -
W32/Molli-B
Dec 11, 2005 7:46AM PST

Type Worm

Aliases WORM_COMBRA.I

W32/Combra-I is a worm for the Windows platform.
W32/Combra-I will send out an email to a Brazilian address in order to inform a remote user that the computer has been infected. W32/Combra-I will then search the infected computer for email contacts and send an HTML email message to any addresses found.

http://www.sophos.com/virusinfo/analyses/w32combrai.html

- Collapse -
Troj/IRCBot-AU
Dec 11, 2005 3:04PM PST
- Collapse -
Troj/BeastDo-AE
Dec 11, 2005 3:05PM PST
- Collapse -
W32/Sdbot-AGJ
Dec 11, 2005 3:05PM PST

Type Spyware Worm

W32/Sdbot-AGJ is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities including: LSASS (MS04-011), RPC-DCOM (MS04-012) and ASN.1 (MS04-007).
W32/Sdbot-AGJ connects to a predetermined IRC channel and awaits further commands from remote users.

http://www.sophos.com/virusinfo/analyses/w32sdbotagj.html

- Collapse -
Troj/Banker-II
Dec 11, 2005 3:06PM PST
- Collapse -
Troj/Banload-V
Dec 11, 2005 3:07PM PST
- Collapse -
Dial/DialCar-Q
Dec 11, 2005 3:08PM PST

Type Trojan

Aliases Trojan.Win32.Diamin.i

Dial/DialCar-Q is an internet dialer. If the user clicks YES to a message box displayed when executed and accepts the installation of a certificate:
Dial/DialCar-Q will copy itself to the Windows folder as Celebrita.exe and create links to itself by dropping Celebrita.lnk in various places on the drive which may include the desktop, favourites menu, start menu, quick launch taskbar and root folder.
Dial/DialCar-Q will then attempt to dial an international phone number.

http://www.sophos.com/virusinfo/analyses/dialdialcarq.html

- Collapse -
Troj/Dloadr-ABI
Dec 11, 2005 3:09PM PST
- Collapse -
Troj/Mitglie-B
Dec 11, 2005 3:10PM PST
- Collapse -
Troj/Dropper-BT
Dec 11, 2005 3:11PM PST
- Collapse -
Troj/DownLdr-EG
Dec 11, 2005 3:12PM PST
- Collapse -
Troj/DownLdr-EI
Dec 11, 2005 3:13PM PST