Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 14, 2004

by Marianna Schmudlach / December 13, 2004 11:22 PM PST

W32/Atak-G
Summary

Type Worm

W32/Atak-G is a Windows worm that spreads via email. W32/Atak-G copies itself to a file with a random name in the Windows system folder.
W32/Atak-G sends itself to all email addresses found on the computer.
The worm arrives as a ZIP attachment in an email. The subject line, message text and attachment filenames are randomly constructed from the building blocks listed in the Advanced Description.

http://www.sophos.com/virusinfo/analyses/w32atakg.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 14, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 14, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Qlow-F
by Marianna Schmudlach / December 13, 2004 11:24 PM PST

Aliases Trojan.Dropper.Purityscan.F

Type Trojan

Troj/Qlow-F is a Trojan for the Windows platform that modifies internet security settings by changing security settings for the Internet Zone.
Troj/Qlow-F drops installer.exe and Mt-uninstaller.exe files to the Windows Temp and current folders correspondingly.
Troj/Qlow-F attempts to open predefined remote URLs.

http://www.sophos.com/virusinfo/analyses/trojqlowf.html

Collapse -
Troj/Small-RN
by Marianna Schmudlach / December 13, 2004 11:26 PM PST

Aliases Trojan-Downloader.Win32.Small.rn

Type Trojan

Troj/Small-RN is a downloader Trojan for the Windows platform. The Trojan will copy itself to the < Windows system> folder as wuclient.exe and xpsp2fw.exe.
Troj/Small-RN will repeatedly attempt to connect to the internet and download files.


http://www.sophos.com/virusinfo/analyses/trojsmallrn.html

Collapse -
Troj/Bdoor-AZW
by Marianna Schmudlach / December 13, 2004 11:28 PM PST
Collapse -
Troj/Spybot-DH
by Marianna Schmudlach / December 13, 2004 11:29 PM PST

Type Trojan

Troj/Spybot-DH is a backdoor Trojan for the Windows platform.
When first run, Troj/Spybot-DH copies itself to the Windows system folder as winsvc.exe and joins an IRC channel and awaits further commands from a remote user.

http://www.sophos.com/virusinfo/analyses/trojspybotdh.html

Collapse -
W32/Zafi-D
by Marianna Schmudlach / December 13, 2004 11:31 PM PST
Collapse -
AVERT Medium Threat Advisory: W32/Zafi.d@MM
by Marianna Schmudlach / December 13, 2004 11:35 PM PST
Collapse -
W32/Sdbot-SG
by Marianna Schmudlach / December 13, 2004 11:37 PM PST

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.t

Type Worm

W32/Sdbot-SG is a worm with backdoor Trojan functionality.
W32/Sdbot-SG is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.

http://www.sophos.com/virusinfo/analyses/w32sdbotsg.html

Collapse -
Troj/Bancos-AR
by Marianna Schmudlach / December 13, 2004 11:39 PM PST

Aliases Trojan-Spy.Win32.Banker.fo

Type Trojan

Troj/Bancos-AR is a password stealing Trojan for the Windows platform.
Troj/Bancos-AR monitors which URLs are typed into a web browser and creates fake webpages for certain Brazilian banking sites in order to log user account information. This information may then be sent to predetermined email addresses.

http://www.sophos.com/virusinfo/analyses/trojbancosar.html

Collapse -
WM97/Dinela-A
by Marianna Schmudlach / December 13, 2004 11:41 PM PST

Type Virus

WM97/Dinela-A is a macro virus that attempts to modify opened documents and Microsoft Word profile settings.
WM97/Dinela-A deletes files with INI, HTM, COM, TXT, BMP or GIF extensions from the Windows folder, as well as all files from the Outlook Express folder.



http://www.sophos.com/virusinfo/analyses/wm97dinelaa.html

Collapse -
Dial/Odteen-B
by Marianna Schmudlach / December 13, 2004 11:43 PM PST
Collapse -
Troj/Multidr-BD
by Marianna Schmudlach / December 13, 2004 11:45 PM PST

Type Trojan

Troj/Multidr-BD is a Trojan that creates two files in the Windows system folder and then executes them.
The first file created has the name vasdd.exe and is detected as W32/Sdbot-SE. The second file created has the name vbxdd.exe and is detected as Troj/Ranck-BK.

http://www.sophos.com/virusinfo/analyses/trojmultidrbd.html

Collapse -
Troj/Banker-GU
by Marianna Schmudlach / December 13, 2004 11:47 PM PST
Collapse -
FRISK Software Virus Alert: W32/Zafi.D@mm
by Marianna Schmudlach / December 14, 2004 3:22 AM PST

This is a virus alert for W32/Zafi.D@mm, a new member of the Zafi family of mass-mailers. This worm started spreading today, 14 December 2004, and has gained considerable distribution in a short period of time.

W32/Zafi.D@mm was quickly detected by FRISK Software virus analysts and new virus signature files providing protection against this threat were released soon thereafter.

Risk:
Due to its distribution W32/Zafi.D@mm has been classified as high risk.

Collapse -
W32/Agobot-DAA
by Marianna Schmudlach / December 14, 2004 8:33 AM PST

Type Worm

W32/Agobot-DAA is an IRC backdoor and network worm.
W32/Agobot-DAA is capable of spreading to computers on the local network protected by weak passwords.
The Trojan runs continuously in the background providing backdoor access to the computer.

http://www.sophos.com/virusinfo/analyses/w32agobotdaa.html

Collapse -
Troj/BeastDo-V
by Marianna Schmudlach / December 14, 2004 8:35 AM PST

Aliases Backdoor.BeastDoor.206.d
Backdoor-AMQ

Type Trojan

Troj/BeastDo-V is a backdoor Trojan for the Windows platform.
Troj/BeastDo-V opens a backdoor on the infected computer and sends an email containing the connection details to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbeastdov.html

Collapse -
Troj/Bancban-AL
by Marianna Schmudlach / December 14, 2004 8:37 AM PST
Collapse -
W32/Beaker-A
by Marianna Schmudlach / December 14, 2004 8:39 AM PST

Aliases Email-Worm.Win32.Breacuk.a

Type Worm

W32/Beaker-A is a mass-mailing worm for the Windows platform.
As a payload, W32/Beaker-A will overwrite several files with a tag reading:
-=breaKer_cUk-
W32/Beaker-A spreads by sending a ZIP copy of itself to email addresses found on the infected computer.
Possible subject lines include:
Re:FW:Die schlechtere Sache des Jahres, um es zu sehen
Re:FW:impossibile a sia tanto... :P, vederlo
Re:FW:Aid please! :), to see it
Re:FW:Prix! :D, pour le voir
Re:FW:Mejor Foto del a o ;), miralo
Possible message text includes:
Kaspersky-Antivirus.
Kein Virus Gefundenes
State:Ok
Panda ActiveScan-Antivirus.
No se encontraron virus.
Estado:Ok
Possible attached filenames include:
Eskannnichtsein.zip
explodecarros.zip
Itcannotbe.zip
Bonheur.zip
pegote2004.zip

http://www.sophos.com/virusinfo/analyses/w32beakera.html

Collapse -
W32/Banworm-A
by Marianna Schmudlach / December 14, 2004 8:41 AM PST
Collapse -
Troj/Dloader-SX
by Marianna Schmudlach / December 14, 2004 8:44 AM PST
Collapse -
Troj/HideProc-C
by Marianna Schmudlach / December 14, 2004 8:46 AM PST
Collapse -
Troj/Small-BY
by Marianna Schmudlach / December 14, 2004 8:47 AM PST

Aliases Backdoor.Win32.Small.cr

Type Trojan

Troj/Small-BY is a backdoor Trojan for the Windows platform that provides unauthorised remote access.
Troj/Small-BY displays following fake error message "Erreur", "Ce programme n'est pas une application Win32 valide."

http://www.sophos.com/virusinfo/analyses/trojsmallby.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?