 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Dumador-ET
Type
Spyware Trojan
Aliases
Backdoor.Win32.Dumador.et
W32/Dumaru.gen@MM
Troj/Dumador-ET is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdumadoret.html
Discussion is locked
Type
Trojan
Troj/Small-FB is a Trojan for the Windows platform.
Troj/Small-FB includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojsmallfb.html
Type
Trojan
Aliases
DNSChanger.a
Troj/DNSChan-C is a Trojan for the Windows platform.
Troj/DNSChan-C includes functionality to access the internet and communicate
with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdnschanc.html
Type
Trojan
Aliases
Trojan.Win32.Diamin.i
Dial/DialCar-R is a dialer application.
Dial/DialCar-R includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/dialdialcarr.html
Type
Trojan
Aliases
Trojan-PSW.Win32.QQGame.j
PWS-QQGame
Troj/QQRob-AE is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojqqrobae.html
Type
Spyware Trojan
Aliases
Trojan-Spy.Win32.Banker.alv
PWS-Banker.gen.i
Troj/Banker-IR is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbankerir.html
Type
Trojan
Aliases
Trojan-Spy.Win32.Banker.alv
PWS-Banker.gen.i
Troj/Banker-IS is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbankeris.html
Type
Spyware Trojan
Aliases
Trojan-PSW.Win32.Maha.a
Troj/Kbroy-A is a Windows keylogger Trojan.
When first run Troj/Kbroy-A copies itself to:
<Windows> \winupgrm.exe
Troj/Kbroy-A drops the file <windows> \sqlserver.dll which contains keylogging functionality.
http://www.sophos.com/virusinfo/analyses/trojkbroya.html
Type
Worm
Aliases
Backdoor.Win32.Iroffer.w
W32/Sdbot.worm.gen.g
W32/Rbot-BBT is a worm and backdoor Trojan for the Windows platform.
W32/Rbot-BBT spreads via network shares, via MSSQL when it finds weak passwords, and by exploiting common vulnerabilities, including LSASS (MS04-011) and ASN.1 (MS04-007).
W32/Rbot-BBT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-BBT attempts to disable various security related applications, including terminating any Anti-Virus processes it recognises.
http://www.sophos.com/virusinfo/analyses/w32rbotbbt.html
Type
Worm
Aliases
Email-Worm.Win32.Combra.c
W32/Combra-J is a worm for the Windows platform.
W32/Combra-J includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations
http://www.sophos.com/virusinfo/analyses/w32combraj.html
Type
Worm
W32/Rbot-BBO is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBO spreads to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030) and ASN.1 (MS04-007).
W32/Rbot-BBO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbo.html
Type
Worm
Aliases
Backdoor.Win32.Rbot.adf
W32/Sdbot.MFF
W32/Rbot-BBS is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBS spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), WebDav (MS03-007), UPNP (MS01-059) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbs.html
Type
Worm
Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.MFJ
W32/Rbot-BBP is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBP spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), UPNP (MS01-059) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbp.html
Type
Worm
Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.MFG
W32/Rbot-BBG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBG spreads:
- to other network computers infected with: W32/MyDoom and W32/Bagle
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and WebDav (MS03-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbg.html
Type
Trojan
Aliases
Net-Worm.Win32.Dedler.q
Exploit-Lsass.dll
Hacktool.Scan
Troj/Mainzz-F is a Trojan DLL that provides malicious functionality to another worm or Trojan.
Troj/Mainzz-F contains functionality to exploit the LSASS (MS04-011) vulnerability and may be used by a worm to spread to remote network shares with weak passwords.
http://www.sophos.com/virusinfo/analyses/trojmainzzf.html
Type
Trojan
Aliases
Trojan-Clicker.Win32.Agent.dq
Troj/AdClick-BL is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojadclickbl.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Mediket.al
Troj/Dloadr-ABT is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdloadrabt.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Mediket.am
Troj/Dloadr-ABU is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdloadrabu.html
Type
Trojan
Aliases
Backdoor.SunOS.DC.a
Troj/Codorda-A is a backdoor Trojan for the Unix platform.
http://www.sophos.com/virusinfo/analyses/trojcodordaa.html
Type
Worm
Aliases
Backdoor.Win32.Rbot.adf
W32/Sdbot.worm.gen.bh
W32/Rbot-BBV is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBV spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbv.html
Type
Trojan
Aliases
Trojan-Clicker.Win32.Small.jc
Troj/Agent-FV is a Trojan for the Windows platform.
Troj/Agent-FV is capable of spying on a user's browsing habits, modifying Internet Explorer settings, downloading further executables and displaying popup advertisements.
http://www.sophos.com/virusinfo/analyses/trojagentfv.html
Type
Trojan
Aliases
Exploit.HTML.Mht
Troj/Webdrop-D is a Trojan dropper for Windows based systems.
Troj/Webdrop-D is an HTML script that tries to ascertain whether a system viewing that script in a web browser has certain vulnerabilities.
If the system has one or more of these vunlerabilities, Troj/Webdrop-D exploits them to download and run malicious code.
Troj/Webdrop-D checks for computers that have a vulnerable Microsoft Virtual Machine installed, or that are vulnerable to the MhtRedir or IFRAME exploits.
http://www.sophos.com/virusinfo/analyses/trojwebdropd.html
Type
Worm
Aliases
Backdoor.Win32.Rbot.akb
W32/Rbot-BBZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBZ spreads to other network computers infected with Troj/Kuang and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059) and ASN.1 (MS04-007).
W32/Rbot-BBZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbz.html
Type
Worm
W32/Rbot-BBY is a worm for the Windows platform.
W32/Rbot-BBY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-BBY attempts to spread by exploiting the following vulnerabilities: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039), ASN.1 (MS04-007) and by copying itself to remote network shares with weak passwords.
W32/Rbot-BBY includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/w32rbotbby.html
Type
Worm
Aliases
Net-Worm.Win32.Lovesan.m
W32.Blaster.Worm
Exploit-DcomRpc.gen
W32/Blaster-M is a worm for the Windows platform.
W32/Blaster-M attempts to spread to computers vulnerable to the RPC-DCOM vulnerability (MS04-012).
W32/Blaster-M includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/w32blasterm.html
Type
Worm
Aliases
Backdoor.Win32.Virkel.e
W32/NoChod@MM
W32/Chode-P is an instant messaging worm for the Windows platform with IRC backdoor functionality.
W32/Chode-P attempts to spread via MSN Instant Messenger and AOL Instant Messenger by sending users a link to a copy of the worm.
When first run W32/Chode-P copies itself to <System> \tikcfva\csrss.exe and creates the following files:
<Startup> \csrss.lnk
<System> \netstat.com
<System> \taskkill.com
<System> \tikcfva\csrss.ini
<System> \tikcfva\smss.exe
http://www.sophos.com/virusinfo/analyses/w32chodep.html
Type
Trojan
Aliases
Trojan-Dropper.Win32.Agent.adu
Troj/Lewor-P is a Trojan for the Windows platform.
Troj/Lewor-P includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojleworp.html
Type
Trojan
Aliases
Backdoor.Win32.Delf.aka
W32/Backdoor.HKV
Troj/Delf-LV is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdelflv.html
Type
Worm
Aliases
Backdoor.Win32.IRCBot.es
W32/IRCbot.worm.gen
W32/Rbot-BCA is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BCA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-BCA spreads by using AOL Instant Messenger, via network shares and SQL servers with weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-BCA can be obtained from the Microsoft website:
LSASS (MS04-011)
RPC-DCOM (MS04-012)
WKS (MS03-049) (CAN-2003-0812)
PNP (MS05-039)
ASN.1 (MS04-007)
http://www.sophos.com/virusinfo/analyses/w32rbotbca.html
Type Trojan
Troj/Nailpol-A is a Trojan for the Windows platform.
Troj/Nailpol-A contains functionality to download further malicious code.
Troj/Nailpol-A may monitor the internet usage of an infected computer.
http://www.sophos.com/virusinfo/analyses/trojnailpola.html
Type Spyware Worm
Aliases Backdoor.Win32.Rbot.va
WORM_SDBOT.BXK
W32/Sdbot.worm.gen.g
W32/Rbot-AJL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AJL spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649) and Veritas (CAN-2004-1172) and by copying itself to network shares protected by weak passwords.
W32/Rbot-AJL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AJL can be obtained from the Microsoft website:
MS02-039
MS03-049
MS04-011
MS04-012
http://www.sophos.com/virusinfo/analyses/w32rbotajl.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic