Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 27, 2005

Dec 26, 2005 11:30PM PST

W32/Brontok-J

Type
Worm

Aliases
W32.Rontokbro@mm
Email-Worm.Win32.Brontok.c

W32/Brontok-J is an email worm for the Windows platform.

W32/Brontok-J attempts to send itself to email addresses harvested from the computer. It will also attempt to modify various Windows Explorer settings.

W32/Brontok-J will restart the computer if it finds a window title containing certain strings such as ".EXE".

http://www.sophos.com/virusinfo/analyses/w32brontokj.html

Discussion is locked

- Collapse -
Troj/Agent-IK
Dec 26, 2005 11:32PM PST
- Collapse -
Troj/Agent-IJ
Dec 26, 2005 11:35PM PST
- Collapse -
Troj/MarktMan-C
Dec 26, 2005 11:37PM PST
- Collapse -
Troj/Agent-II
Dec 26, 2005 11:40PM PST

Type
Trojan

Troj/Agent-II is a Trojan for the Windows platform.

Troj/Agent-II runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/trojagentii.html

- Collapse -
W32/Sweate-A
Dec 26, 2005 11:41PM PST
- Collapse -
W32/Chode-Q
Dec 27, 2005 6:33AM PST

Type
Worm

Aliases
Backdoor.Win32.Landis.q
W32/NoChod@MM
Virkel.F

W32/Chode-Q is an instant messaging worm for the Windows platform with IRC backdoor functionality.

W32/Chode-Q attempts to spread via MSN Instant Messenger and AOL Instant Messenger by sending users a link to a copy of the worm.

http://www.sophos.com/virusinfo/analyses/w32chodeq.html

- Collapse -
Troj/Bander-X
Dec 27, 2005 6:37AM PST
- Collapse -
Troj/Bander-Y
Dec 27, 2005 6:41AM PST
- Collapse -
Troj/Bander-Z
Dec 27, 2005 6:43AM PST
- Collapse -
Troj/VB-NV
Dec 27, 2005 6:45AM PST
- Collapse -
Troj/Puper-AB
Dec 27, 2005 6:46AM PST
- Collapse -
Troj/StartPa-IP
Dec 27, 2005 6:48AM PST
- Collapse -
W32/Hazif-C
Dec 27, 2005 7:47AM PST

Type Spyware Worm

W32/Hazif-C is a password stealing worm for the Windows platform.
W32/Hazif-C can spread to the floppy drive with a preconfigured filename.
W32/Hazif-C can be used to steal passwords for Yahoo Instant Messenger and can be preconfigured to send stolen passwords via email, Yahoo IM, or by accessing a remote URL.

http://www.sophos.com/virusinfo/analyses/w32hazifc.html

- Collapse -
Troj/Borobot-V
Dec 27, 2005 7:48AM PST
- Collapse -
Troj/Small-FS
Dec 27, 2005 7:49AM PST
- Collapse -
Troj/Dloadr-AH
Dec 27, 2005 7:50AM PST
- Collapse -
W32/Rbot-BFV
Dec 27, 2005 7:51AM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.alk
W32/Sdbot.worm.gen.ae

W32/Rbot-BFV is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFV spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFV can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFV can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotbfv.html

- Collapse -
W32/Rbot-BFU
Dec 27, 2005 7:52AM PST

Type Spyware Worm

Aliases Backdoor.Win32.IRCBot.az

W32/Rbot-BFU is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFU spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFU can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFU can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotbfu.html

- Collapse -
Troj/HazifKit-B
Dec 27, 2005 7:52AM PST
- Collapse -
Troj/Agent-IH
Dec 27, 2005 7:53AM PST

Type Trojan

Troj/Agent-IH is a Trojan for the Windows platform.
Troj/Agent-IH will harvest email addresses from the infected computer and report them to a remote URL.
Troj/Agent-IH may inject code into running processes in order to avoid detection.

http://www.sophos.com/virusinfo/analyses/trojagentih.html

- Collapse -
Troj/Iyus-P
Dec 27, 2005 7:54AM PST
- Collapse -
Troj/Agent-HZ
Dec 27, 2005 7:55AM PST

Type Spyware Trojan

Aliases Trojan-PSW.Win32.Agent.an

Troj/Agent-HZ is a password stealing Trojan for the Windows platform.
Troj/Agent-HZ has the functionalities to:
- steal email server passwords
- send notification messages to remote locations
- access the Internet and communicate with a remote server via HTTP

http://www.sophos.com/virusinfo/analyses/trojagenthz.html

- Collapse -
Troj/LegMir-CN
Dec 27, 2005 7:56AM PST
- Collapse -
W32/Erkez-G
Dec 27, 2005 7:59AM PST

Type Worm

Aliases Email-Worm.Win32.Zafi.g
W32.Erkez.G@mm

W32/Erkez-G is an email and peer-to-peer worm for the Windows platform.
W32/Erkez-G sends emails in the following format, where the subject and message are chosen depending upon the email address the worm is being sent to:
Subject:
msn photo ecard,commercial ecard Happy)
broma Happy),humor Happy)
rolig reklam Happy),haha - rolig Happy)
witzig reklame Happy),witzig bild Grin
grappig beeld Happy),een grappig reclame Grin
blague Happy),humour - reclame Happy)
cherzo Happy),comico quadro Happy)
Message:
ImageFormat: <Size>
ImageSize: <Size Kb>
Message: you need to see this Happy)
From: <Name>
Date: <Date sent>
AV-Control: <Filename>
Cuadro/Format: <Size>
Cuadro/Medida: <Size Kb>
Mensaje: Sexo y humor para pasar un buen rato! Happy)
Expedidor: <Name>
Data: <Date sent>
Control: <Filename>

MORE: http://www.sophos.com/virusinfo/analyses/w32erkezg.html

- Collapse -
W32/Rbot-AQM
Dec 27, 2005 8:00AM PST

Type Worm

W32/Rbot-AQM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AQM spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-AQM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaqm.html

- Collapse -
W32/Poebot-N
Dec 27, 2005 8:00AM PST

Type Worm

Aliases Rootkit.Win32.Agent.ap
W32.IRCBot
W32/Poebot.gen

W32/Poebot-N is a worm for the Windows platform.
W32/Poebot-N spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32poebotn.html

- Collapse -
Troj/Daemoni-N
Dec 27, 2005 8:02AM PST

Type Trojan

Aliases Trojan-Proxy.Win32.Daemonize.bl
PWS-Vipgsm

Troj/Daemoni-N is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Daemoni-N includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdaemonin.html

- Collapse -
Troj/PSPBrick-A
Dec 27, 2005 8:04AM PST

Type Trojan

Aliases Trojan.PSP.Brick.a
Trojan.PSPBrick

Troj/PSPBrick-A is a trojan for the Sony Playstation Station Portable (PSP).
WhenTroj/PSPBrick-A is executed it displays a message which claims it is a hack for the PSP 2.0 firmware. The following files are then deleted resulting in the device being unusable.
/vsh/etc/index.dat
/kd/loadcore.prx
/kd/loadexec.prx
/kd/init.prx

http://www.sophos.com/virusinfo/analyses/trojpspbricka.html

- Collapse -
W32/Rbot-AQO
Dec 27, 2005 8:05AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.aeh
W32.IRCBot
W32/Kelvir.worm.gen virus

W32/Rbot-AQO is a worm and IRC backdoor Trojan for the Windows platform which allows a remote intruder to gain access and control over the computer.
When first run W32/Rbot-AQO copies itself to <System>\winl32xe.exe and creates registry entries to run winl32xe.exe on startup.

http://www.sophos.com/virusinfo/analyses/w32rbotaqo.html

- Collapse -
W32/Rbot-AQP
Dec 27, 2005 8:06AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.adf
W32/Sdbot.worm.gen.ar
W32.Spybot.Worm

W32/Rbot-AQP is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AQP spreads to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030) and ASN.1 (MS04-007).
W32/Rbot-AQP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaqp.html