Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 17, 2005

Dec 16, 2005 11:57PM PST

Discussion is locked

- Collapse -
Troj/StartPa-IW
Dec 16, 2005 11:59PM PST

Type
Trojan

Aliases
Trojan.Win32.StartPage.aw

Troj/StartPa-IW is a Trojan for the Windows platform.

Troj/StartPa-IW includes functionality to access the internet and communicate with a remote server via HTTP.

The Trojan downloads additional files which may define further behavior.

http://www.sophos.com/virusinfo/analyses/trojstartpaiw.html

- Collapse -
Troj/Drsmartl-C
Dec 17, 2005 12:01AM PST
- Collapse -
Dial/Stardial-D
Dec 17, 2005 12:06AM PST
- Collapse -
Troj/BluEye-D
Dec 17, 2005 12:08AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Agent.t
W32/PWStealer.Z
W32/Agent.AY
PWS-IT
PWS-IT.kit trojan

Troj/BluEye-D is a Backdoor generator toolkit. It is capable of recording keystrokes and opening a backdoor to allow access to the command shell on victim's computer. The keystrokes will be saved in a log file which an intruder can access via the backdoor.

http://www.sophos.com/virusinfo/analyses/trojblueyed.html

- Collapse -
W32/Dasher-C
Dec 17, 2005 10:00AM PST

Type Worm

W32/Dasher-C is a worm for the Windows platform.
W32/Dasher-C spreads by exploiting various vulnerability includes the following:
WINS vulnerability (MS04-045)
WINDOWS PNP vulnerability (MS05-039)
MSDTC vulnerability (MS05-051)
MSSQL Authentication vulnerability (MS02-056)
W32/Dasher-C will attempt to disable auto starting of Windows Update.

http://www.sophos.com/virusinfo/analyses/w32dasherc.html

- Collapse -
W32/Titog-C
Dec 17, 2005 10:01AM PST
- Collapse -
Troj/Winser-C
Dec 17, 2005 10:01AM PST

Type Trojan

Troj/Winser-C is a Trojan for the Windows platform.
The Trojan can be used to exploit the Windows Internet Naming Service (WINS) buffer overflow vulnerability (MS04-045) to gain remote shell access on Microsoft Windows servers running the WINS service.

http://www.sophos.com/virusinfo/analyses/trojwinserc.html

- Collapse -
Troj/SqlHello-A
Dec 17, 2005 10:02AM PST

Type Trojan

Troj/SqlHello-A is a Trojan for the Windows platform.
The Trojan can be used to exploit the SQL buffer overflow vulnerability (MS02-056) to gain remote shell access on Microsoft Windows servers running SQL Server or MSDE (Microsoft Desktop Engine).

http://www.sophos.com/virusinfo/analyses/trojsqlhelloa.html

- Collapse -
W32/Tilebot-CM
Dec 17, 2005 10:03AM PST

Type Worm

Aliases Backdoor.Win32.SdBot.aad

W32/Tilebot-CM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-CM spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), MSSQL (MS02-039) (CAN-2002-0649), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Tilebot-CM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CM includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebotcm.html

- Collapse -
W32/Combra-L
Dec 17, 2005 10:04AM PST

Type Spyware Worm

Aliases Email-Worm.Win32.Combra.c
W32.Comdor.K@mm
WORM_COMBRA.E

W32/Combra-L is a worm for the Windows platform.
W32/Combra-L includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/w32combral.html

- Collapse -
W32/Combra-K
Dec 17, 2005 10:05AM PST

Type Worm

Aliases Email-Worm.Win32.Combra.c

W32/Combra-K is a worm for the Windows platform.
W32/Combra-K includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/w32combrak.html

- Collapse -
W32/Agent-FS
Dec 17, 2005 10:06AM PST

Type Worm

Aliases Backdoor.Win32.Agent.rd

W32/Agent-FS is a worm and backdoor Trojan for the Windows platform.
W32/Agent-FS spreads to other network computers by exploiting common buffer overflow vulnerabilities, including ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32agentfs.html

- Collapse -
W32/Rbot-BBE
Dec 17, 2005 10:07AM PST

Type Worm

Aliases Backdoor.Win32.Pakes
W32/Sdbot.MFK

W32/Rbot-BBE is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBE spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007).
W32/Rbot-BBE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbbe.html

- Collapse -
W32/Sdbot-AGK
Dec 17, 2005 10:08AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.gen
W32/Spybot.NEP

W32/Sdbot-AGK is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGK spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Sdbot-AGK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotagk.html

- Collapse -
Virdem-526
Dec 17, 2005 10:08AM PST
- Collapse -
Troj/Dloadr-ACM
Dec 17, 2005 10:12AM PST
- Collapse -
Troj/StartPa-IW
Dec 17, 2005 10:13AM PST

Type Trojan

Aliases Trojan.Win32.StartPage.aw

Troj/StartPa-IW is a Trojan for the Windows platform.
Troj/StartPa-IW includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan downloads additional files which may define further behavior.

http://www.sophos.com/virusinfo/analyses/trojstartpaiw.html

- Collapse -
Troj/Drsmartl-C
Dec 17, 2005 10:14AM PST
- Collapse -
Dial/Stardial-D
Dec 17, 2005 10:15AM PST
- Collapse -
Troj/BluEye-D
Dec 17, 2005 10:16AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Agent.t
W32/PWStealer.Z
W32/Agent.AY
PWS-IT
PWS-IT.kit trojan

Troj/BluEye-D is a Backdoor generator toolkit. It is capable of recording keystrokes and opening a backdoor to allow access to the command shell on victim's computer. The keystrokes will be saved in a log file which an intruder can access via the backdoor.

http://www.sophos.com/virusinfo/analyses/trojblueyed.html