Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 23, 2005

by roddy32 Dec 22, 2005 7:58PM PST

Discussion is locked

1 - 30 of 73 Posts
- Collapse + Expand Details
- Collapse -
Troj/Dloadr-ACT
by roddy32 Dec 22, 2005 8:00PM PST
- Collapse -
Troj/Dloadr-ACS
by roddy32 Dec 22, 2005 8:01PM PST
- Collapse -
Troj/Qoolaid-U
by roddy32 Dec 22, 2005 8:03PM PST
- Collapse -
Troj/Bancban-MW
by roddy32 Dec 22, 2005 8:04PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.abg

Troj/Bancban-MW is a password stealing Trojan for the Windows platform.

Troj/Bancban-MW targets the users of certain Brazilian banking websites, displaying fake interfaces with the aim of harvesting account details.

Troj/Bancban-MW includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbanmw.html

- Collapse -
Troj/BankDl-AD
by roddy32 Dec 22, 2005 8:06PM PST

Type
Trojan

Aliases
TROJ_BANLOAD.AZX
Trojan-Downloader.Win32.VB.sw
Download.Trojan

Troj/BankDl-AD is a downloading Trojan for the Windows platform.

Troj/BankDl-AD includes functionality to access the internet and communicate with a remote server via HTTP.

The file downloaded by the Troj/BankDl-AD is detected as Troj/Bancban-MW

http://www.sophos.com/virusinfo/analyses/trojbankdlad.html

- Collapse -
Troj/ServU-BR
by roddy32 Dec 22, 2005 10:08PM PST

Type
Trojan

Troj/ServU-BR is a hacked version of a commercial FTP application.

By default, the Trojan runs an ftp server on TCP port 43958. This can be overriden by configuration data read from a file called prtprocsw32.dll in the current folder.

Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/ServU-BR (detected as Troj/ServU-Gen) since version 3.85.

http://www.sophos.com/virusinfo/analyses/trojservubr.html

- Collapse -
Troj/Agent-HY
by roddy32 Dec 22, 2005 10:09PM PST

Type
Trojan

Troj/Agent-HY is a Trojan for the Windows platform.

When first run Troj/Agent-HY copies itself to <System> \msvcp.exe.

Troj/Agent-HY will start a copy of Internet Explorer and attempt to inject code into the process memory in order to function without being detected.

http://www.sophos.com/virusinfo/analyses/trojagenthy.html

- Collapse -
Troj/CashGrab-J
by roddy32 Dec 22, 2005 10:12PM PST
- Collapse -
Troj/DNSChan-P
by roddy32 Dec 22, 2005 10:14PM PST
- Collapse -
Troj/Flood-ES
by roddy32 Dec 22, 2005 10:15PM PST

Type
Trojan

Troj/Flood-ES is a Trojan for the Windows platform.

Troj/Flood-ES runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/trojfloodes.html

- Collapse -
Troj/Bander-W
by roddy32 Dec 22, 2005 10:18PM PST
- Collapse -
Troj/Bandler-I
by roddy32 Dec 22, 2005 10:19PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.zp
PWS-Banker.gen.h
PWSteal.Banpaes

Troj/Bandler-I is an Internet banking Trojan for the Windows platform.

Troj/Bandler-I targets the users of certain Brazilian Internet Banking websites, displaying a fake interface to trick the user into entering account details. This information is recorded and sent to a remote user via email.

http://www.sophos.com/virusinfo/analyses/trojbandleri.html

- Collapse -
Troj/Bander-AA
by roddy32 Dec 22, 2005 10:22PM PST
- Collapse -
Troj/Bander-AB
by roddy32 Dec 22, 2005 10:23PM PST
- Collapse -
W32/Sdbot-TQ
by roddy32 Dec 22, 2005 10:49PM PST

Type
Spyware Worm

W32/Sdbot-TQ is a network worm with backdoor functionality for the Windows platform.

The worm spreads through network shares protected by weak passwords. When copying itself across the network, W32/Sdbot-TQ uses the filename msgfix.exe.

The backdoor component joins an IRC channel and awaits further commands from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbottq.html

- Collapse -
VBS/VBuggy-A
by roddy32 Dec 22, 2005 10:51PM PST

Type
Worm

VBS/VBuggy-A is a network worm for the Windows platform.

The worm attempts to copy itself to the Windows system folder as netbug.vbs and to any drive in the range E: through Z:

Due to numerous bugs in the code, VBS/VBuggy-A may fail before accomplishing any of its intended actions.

http://www.sophos.com/virusinfo/analyses/vbsvbuggya.html

- Collapse -
Troj/Socksrv-A
by roddy32 Dec 22, 2005 10:55PM PST
- Collapse -
W32/Crowt-A
by roddy32 Dec 22, 2005 10:57PM PST

Type
Spyware Worm

Aliases
WORM_CROWT.A

W32/Crowt-A is an email worm.

As well as providing keylogging and backdoor functionality, W32/Crowt-A attempts to send itself by email to addresses found on the infected computer as if from other addresses on the infected computer. The email's subject lines, message content and attachment name are generated from headlines gathered real-time from the CNN website.

http://www.sophos.com/virusinfo/analyses/w32crowta.html

- Collapse -
Troj/GDoor-R
by roddy32 Dec 22, 2005 10:58PM PST

Type
Trojan

Aliases
Backdoor.Win32.G_door.r
Backdoor.G_Door.Client

Troj/GDoor-R is a backdoor Trojan.

Troj/GDoor-R will listen on the default port of 7626 for a connection from a remote backdoor client.

Troj/GDoor-R may attempt to disable registry editing tools.

http://www.sophos.com/virusinfo/analyses/trojgdoorr.html

- Collapse -
Troj/Favadd-F
by roddy32 Dec 22, 2005 11:00PM PST

Type
Trojan

Aliases
Trojan.Win32.Favadd.j

Troj/Favadd-F is a Trojan for the windows platform.

Troj/Favadd-F creates shortcuts to pornographic internet sites, installs Browser Helper Objects and blocks access to certain websites

Troj/Favadd-F may be downloaded by malware.

http://www.sophos.com/virusinfo/analyses/trojfavaddf.html

- Collapse -
Dial/Dialer-EB
by roddy32 Dec 22, 2005 11:02PM PST
- Collapse -
Troj/Psyme-BF
by roddy32 Dec 22, 2005 11:03PM PST
- Collapse -
W32/Bobax-N
by roddy32 Dec 22, 2005 11:56PM PST

Type
Virus

Aliases
Net-Worm.Win32.Bobic.d
W32.Bobax.Z@mm
W32.Proxed

W32/Bobax-N is an email virus for the Windows platform.

W32/Bobax-N has the ability to infect executable files.

W32/Bobax-N can send itself to email addresses harvested from the infected computer.

W32/Bobax-N attempts to contact a number of preconfigured internet sites in order to report successful infection.

Emails sent by the worm have the following characteristics:

Subject line:

Cool
Captured..
He has been captured..
Finally! Captured
Finally
God Bless the USA!

Message text (chosen from):

Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found

Osama Bin Laden Captured.
Attached some pics that i found

Testing

Secret!

Hey,
Remember this?

Hello,
Long time! Check this out!

Hey,
I was going through my album, and look what I found..

Hey,
Check this out Happy

+++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ www.pandasoftware.com

+++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ www.norman.com

+++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ www.f-secure.com

+++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ www.symantec.com

"Turn on your TV.
Osama Bin Laden has been captured.

While CNN has no pictures at this point of time, the military channel (PPV) rele
ased some pictures.
I managed to capture a couple of these pictures off my TV.
Ive attached a slideshow containing all the pictures I managed to capture.
I apologize for the low quality, its the best I could do at this point of time.

Hopefully CNN will have pictures and a video soon.

God bless the USA!"

Possible attached filename stubs:

pics
funny
bush
joke
secret

Possible attached file extensions:

pif
exe
scr
zip

W32/Bobax-N also attempts to disable the Windows firewall and attempts to suppress Windows security warnings.

http://www.sophos.com/virusinfo/analyses/w32bobaxn.html

- Collapse -
Troj/Angelfre-D
by roddy32 Dec 23, 2005 12:02AM PST
- Collapse -
W32/Oscabot-M
by roddy32 Dec 23, 2005 12:04AM PST

Type
Worm

Aliases
Backdoor.Win32.Aimbot.g

W32/Oscabot-M is an instant messaging worm that can exploit users of AOL Instant Messaging clients.

W32/Oscabot-M connects to a specific channel on an IRC service and waits for a remote attacker to instruct the worm to send messages to contacts in the infected users AOL contacts list. The message will read:

"Tell me this isn't you!".

The word "this" is a link to the W32/Oscabot-M executable on the infected computer.

http://www.sophos.com/virusinfo/analyses/w32oscabotm.html

- Collapse -
Troj/Winad-K
by roddy32 Dec 23, 2005 12:06AM PST
- Collapse -
Troj/Feutel-P
by roddy32 Dec 23, 2005 12:08AM PST

Type
Spyware Trojan

Aliases
Keylog-CN
BackDoor-AWQ.b.dll.gen

Troj/Feutel-P is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. It can provide keylogging functionality and steal other information about the host.

http://www.sophos.com/virusinfo/analyses/trojfeutelp.html

- Collapse -
W32/Sdbot-ABE
by roddy32 Dec 23, 2005 12:10AM PST
- Collapse -
Troj/Feutel-O
by roddy32 Dec 23, 2005 12:12AM PST
- Collapse -
Troj/BMInst-A
by roddy32 Dec 23, 2005 12:14AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info