Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 18, 2005

Dec 18, 2005 12:02AM PST

Discussion is locked

- Collapse -
Troj/ByShell-A
Dec 18, 2005 12:04AM PST

Type
Trojan

Aliases
Backdoor.Win32.ByShell.b
Backdoor.ByShell.a
W32/Byshell.A

Troj/ByShell-A is an NT rootkit which intercepts various system APIs.

Troj/ByShell-A comprises the number of files and includes the functionality to hide processes, insert itself into other applications process space and bypass security applications including firewall.

Troj/ByShell-A allows an unauthorized remote access to the infected computer

http://www.sophos.com/virusinfo/analyses/trojbyshella.html

- Collapse -
Troj/ExpBdoor-A
Dec 18, 2005 12:06AM PST

Type
Trojan

Aliases
Exploit.Win32.MS05-039.ac
Exploit-DcomRpc.g.gen

Troj/ExpBdoor-A is a Trojan for the Windows platform.

Troj/ExpBdoor-A exploits an operating system vulnerability to open a backdoor
on a remote computer.

A patch for the operating system vulnerability exploited by Troj/ExpBdoor-A is available from Microsoft:
MS05-039

http://www.sophos.com/virusinfo/analyses/trojexpbdoora.html

- Collapse -
W32/Netsky-W
Dec 18, 2005 12:22AM PST
- Collapse -
Troj/Dloadr-ACO
Dec 18, 2005 12:25AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.PassAlert.d
StartPage-IC

Troj/Dloadr-ACO is a downloader Trojan for the Windows platform.

Troj/Dloadr-ACO includes functionality to download and run programs from the internet and bypass personal firewall software.

http://www.sophos.com/virusinfo/analyses/trojdloadraco.html

- Collapse -
W32/Sdbot-AJS
Dec 18, 2005 12:27AM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.ajs

W32/Sdbot-AJS is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-AJS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Sdbot-AJS includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32sdbotajs.html

- Collapse -
W32/Loosky-L
Dec 18, 2005 12:30AM PST

Type
Spyware Worm

Aliases
Email-Worm.Win32.Locksky.l
W32/Loosky.gen@MM

W32/Loosky-L is an email worm for the Windows platform.

W32/Loosky-L spreads by sending email with the following characteristics:

Subject line:
Your mail Account is Suspended

Message text:
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attached file:
acc_inf01.exe

The worm also installs a proxy server and opens a backdoor allowing a remote user to take control of the infected computer.

W32/Loosky-L records a user's keystrokes and attemtps to steal and stored passwords.

http://www.sophos.com/virusinfo/analyses/w32looskyl.html

- Collapse -
Troj/AdClick-BJ
Dec 18, 2005 12:31AM PST

Type
Trojan

Aliases
Trojan-Clicker.Win32.Small.jf

Troj/AdClick-BJ is a Trojan for the Windows platform.

- Collapse -
Troj/Bancban-MD
Dec 18, 2005 12:33AM PST
- Collapse -
W32/Rbot-BCQ
Dec 18, 2005 2:04PM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.aeu

W32/Rbot-BCQ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BCQ spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BCQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-BCQ can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS03-007
MS01-059
MS04-007

http://www.sophos.com/virusinfo/analyses/w32rbotbcq.html

- Collapse -
Troj/QQPass-AO
Dec 18, 2005 2:05PM PST
- Collapse -
Troj/Kbroy-C
Dec 18, 2005 2:06PM PST

Type Spyware Trojan

Aliases Trojan-Dropper.Win32.Small.ajq

Troj/Kbroy-C is a Windows keylogger Trojan which may arrive with pornographic material.
When first run Troj/Kbroy-C copies itself to <Program Files>\Internet Explorer\svchst.exe

http://www.sophos.com/virusinfo/analyses/trojkbroyc.html

- Collapse -
Troj/LegMir-CA
Dec 18, 2005 2:07PM PST
- Collapse -
Troj/Brospy-I
Dec 18, 2005 2:08PM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Goldun.bw
Spy-Agent.k

Troj/Brospy-I is a Trojan for the Windows platform.
Troj/Brospy-I monitors browser activity, and attempts to steal passwords that are cached or in protected storage, and email usernames and passwords. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Brospy-I attempts to disable some anti-spyware applications.

http://www.sophos.com/virusinfo/analyses/trojbrospyi.html

- Collapse -
Troj/LowZone-BB
Dec 18, 2005 2:09PM PST
- Collapse -
Troj/AdClick-BM
Dec 18, 2005 2:09PM PST
- Collapse -
Troj/Bancban-ME
Dec 18, 2005 2:10PM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ans

Troj/Bancban-ME is an Internet banking Trojan for the Windows platform.
Troj/Bancban-ME includes functionalities to:
- send notification messages to remote locations
- steal confidential information

http://www.sophos.com/virusinfo/analyses/trojbancbanme.html

- Collapse -
W32/Rbot-BDB
Dec 18, 2005 2:11PM PST

Type Worm

W32/Rbot-BDB is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BDB spreads to other network computers by exploiting the buffer overflow vulnerabilities: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-BDB can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS03-007
MS01-059
MS04-007

http://www.sophos.com/virusinfo/analyses/w32rbotbdb.html