 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Nuclear-O
Type
Trojan
Aliases
Backdoor.Win32.Nuclear.r
Troj/Nuclear-O is a backdoor Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojnuclearo.html
Discussion is locked
Type
Trojan
Aliases
Trojan-Downloader.Win32.Murlo.cs
Troj/Dloadr-ACC is a downloader Trojan for the Windows platform.
Troj/Dloadr-ACC attempts to download code from a remote location and execute it.
http://www.sophos.com/virusinfo/analyses/trojdloadracc.html
Type
Trojan
Aliases
BKDR_BIFROSE.S
Backdoor.Win32.Bifrose.dg
Troj/Bifrose-S is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbifroses.html
Type
Trojan
Troj/Hupigon-RD is a backdoor Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojhupigonrd.html
Type
Trojan
Troj/Tiny-AD is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojtinyad.html
Type
Trojan
Aliases
Backdoor.IRC.Zapchast
IRC/Flood.gen.dr
Troj/Zapchas-AF is a backdoor Trojan for the Windows platform.
Troj/Zapchas-AF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/trojzapchasaf.html
Type
Trojan
Aliases
Backdoor.Win32.Hupigon.p
Troj/Feutel-BA is a Trojan for the Windows platform.
Troj/Feutel-BA includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojfeutelba.html
Type
Spyware Trojan
Aliases
Backdoor.Win32.Delf.acq
Troj/Kbroy-B is a Windows keylogger Trojan.
When first run Troj/Kbroy-B copies itself to the Windows folder and creates the file <Windows> \systemxpsp2.dll.
http://www.sophos.com/virusinfo/analyses/trojkbroyb.html
Type
Worm
W32/Sdbot-AIP is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AIP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32sdbotaip.html
Type
Trojan
Aliases
BackDoor-AWQ.b
Troj/GrayBrd-AX is a Trojan for the Windows platform.
Troj/GrayBrd-AX includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojgraybrdax.html
Type
Worm
Aliases
Backdoor.Win32.SdBot.xd
W32/Sdbot.worm.gen.ac
WORM_SDBOT.COV
W32/Tilebot-CL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-CL spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Tilebot-CL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CL includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/w32tilebotcl.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Small.bzu
Troj/Vixup-S is a Trojan for the Windows platform.
Troj/Vixup-S includes functionality to download, install and run new software.
http://www.sophos.com/virusinfo/analyses/trojvixups.html
Type Spyware Trojan
Aliases Backdoor.Win32.PcClient.ij
Troj/PcClien-IJ is a Trojan for the Windows platform.
Troj/PcClien-IJ can log keystrokes and includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/PcClien-IJ may use stealthing techniques, such as rootkit technology and injecting code into other processes, in an attempt to avoid detection.
http://www.sophos.com/virusinfo/analyses/trojpcclienij.html
Type Trojan
Aliases Backdoor.Win32.Small.jc
Troj/Bckdr-CHH is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
http://www.sophos.com/virusinfo/analyses/trojbckdrchh.html
Type Spyware Trojan
Aliases W32/IRCbot.gen.b
Troj/Clown-A is a backdoor Trojan for the Windows platform.
Troj Clown-A runs continuously in the background, providing backdoor access which allows a remote intruder to connect and issue further commands via IRC channels.
Troj/Clown-A includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan may attempt to steal product keys and other information for the following game and service:
Quake 4
Steam
http://www.sophos.com/virusinfo/analyses/trojclowna.html
Type Trojan
Troj/Dloadr-ACN is a downloader Trojan for the Windows platform.
Troj/Dloadr-ACN downloads and executes files from a remote server without the user's knowledge.
http://www.sophos.com/virusinfo/analyses/trojdloadracn.html
Type Trojan
Aliases Trojan.Win32.DNSChanger.x
DNSChanger.d
Trojan.Flush.A
Troj/DNSChan-D is a Trojan for the Windows platform.
Troj/DNSChan-D includes functionality to modify the DNS setting, access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdnschand.html
Type Trojan
Aliases Backdoor.Win32.Hupigon.dc
BackDoor-AWQ.b
Troj/GrayBrd-L is a Trojan for the Windows platform.
Troj/GrayBrd-L includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojgraybrdl.html
Type Trojan
Aliases Exploit.Win32.IISInjector
TROJ_IISINJECT.A
Troj/Inject-B is a Trojan component for the Windows platform.
Troj/Inject-B is used for injecting libraries into the Windows Task Manager process in order to prevent malicious code from being detected, terminated or deleted.
http://www.sophos.com/virusinfo/analyses/trojinjectb.html
Type Trojan
Aliases Trojan-Downloader.Win32.Delf.aav
Troj/Lewor-Q is a Trojan for the Windows platform.
Troj/Lewor-Q includes functionality to download, install and run new software.
http://www.sophos.com/virusinfo/analyses/trojleworq.html
Type Trojan
Troj/MisDOM-A exploits a vulnerability in Internet Explorer to download a file and execute it.
The following patch for the operating system vulnerability exploited by Troj/MisDOM-A can be obtained from the Microsoft website:
MS05-054
http://www.sophos.com/virusinfo/analyses/trojmisdoma.html
Type Trojan
Troj/ServU-BN is a modified version of a commercial FTP application.
Troj/ServU-BN runs continuously in the background providing an FTP server on a TCP port specified in its configuration file (the default is port 4395
.
http://www.sophos.com/virusinfo/analyses/trojservubn.html
Type Worm
W32/Dasher-A is a multi-component network worm for the Windows platform.
W32/Dasher-A spreads by exploiting the MSDTC (MS05-051) vulnerability.
When first run W32/Dasher-A creates the following files in the same location :
<Temp>\Sqltob.exe
<Temp>\SqlExp.exe
<Temp>\SqlScan.bat
<Temp>\SqlScan.exe
<Temp>\Sqlrep.exe
<Temp>\Temp.txt
<Temp>\log.txt
The main "parent" component is Sqltob.exe, which uses the other components to perform various aspects of the worm's functionality.
Sqlscan.exe is a port scanner, used to search networks for open ports.
Sqlexp.exe is the component which contains the code that attempts to exploit the MS05-051 vulnerability. However this is based on a proof-of-concept code that appears to have a relatively poor success rate.
W32/Dasher-A searches a set of pre-defined networks for open ports and attempts to exploit and vulnerable computers it finds. The exploit opens a backdoor on the vulnerable computer and causes it to connect to a remote server for further instructions.
A patch for the operating system vulnerability exploited by W32/Dasher-A is available from Microsoft:
MS05-051
http://www.sophos.com/virusinfo/analyses/w32dashera.html
What do these posts mean to a moderate or less user? It looks like the posts say that a person can't count on his antivirus programs to protect him from viruses. But sophos says its programs are for high end users. Where does that leave a low end user who can't afford either the expense or time required by the sophos programs? grandpaw
posting virus alerts for anyone that is interested. Sophos happens to be the easiest for us to use. There is no particular reason other than that. Those that wish to read them can, those that don't wish to read them don't have to. 
I still wonder if sophisticated users don't think users in general should rely just on their antivirus programs for virus protection? Also, Rod, it does seem like the posts are intended to have more use than just providing reading material, no? Thanks, grandpaw
their antivirus programs Grandpaw. The name of this forum is the Virus and Security Alerts forum. These are the virus alerts that SOME poeple like to read just so they are familiar with the threats that are out here. Plus, IF you happen to get one if these viruses and you click on the Sophos link and then on the ''recovery'' tab on the particular link, it tells you how to get rid of it so it DOES serve another purpose than just reading material IMO. Hopefully you will never get infected and need any of them,
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic