Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 8, 2005

Dec 7, 2005 8:17PM PST

Discussion is locked

- Collapse -
Troj/Orse-L
Dec 8, 2005 12:35AM PST

Type
Trojan

Aliases
Packed.Win32.Klone.b
Galapoper
TROJ_GALAPOPER.A

Troj/Orse-L is a Trojan for the Windows platform.

Troj/Orse-L includes functionality to silently download, install and run new software. Troj/Orse-L will also attempt to download configuration data from preconfigured websites which may instruct the Trojan to send emails.

http://www.sophos.com/virusinfo/analyses/trojorsel.html

- Collapse -
Troj/Bancban-IY
Dec 8, 2005 12:36AM PST
- Collapse -
Troj/Bahnhof-B
Dec 8, 2005 12:39AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Small.ayl

Troj/Bahnhof-B is a downloader Trojan.

Troj/Bahnhof-B includes functionality to download, install and run new software.

Troj/Bahnhof-B will download and decrypt a file to either the Temporary folder or the Windows folder. The Trojan will then run the decrypted executable.

http://www.sophos.com/virusinfo/analyses/trojbahnhofb.html

- Collapse -
Troj/Bancban-IX
Dec 8, 2005 1:05AM PST
- Collapse -
Troj/QQRob-X
Dec 8, 2005 1:08AM PST
- Collapse -
Troj/Dumaru-W
Dec 8, 2005 3:51AM PST

Type
Spyware Trojan

Aliases
Backdoor.Win32.Dumador.ew

Troj/Dumaru-W is a Trojan for the Windows platform.

Troj/Dumaru-W attempts to log keystrokes and other data from the infected computer and periodically sends this data to a remote website.

Troj/Dumaru-W changes settings for Microsoft Internet Explorer.

Troj/Dumaru-W attempts to bypass the Windows firewall.

Troj/Dumaru-W modifies the HOSTS file.

http://www.sophos.com/virusinfo/analyses/trojdumaruw.html

- Collapse -
W32/Rbot-AZA
Dec 8, 2005 3:53AM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.aib
W32/Sdbot.worm.gen.bh

W32/Rbot-AZA is a Trojan for the Windows platform.

W32/Rbot-AZA spreads:

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

W32/Rbot-AZA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-AZA includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32rbotaza.html

- Collapse -
W32/Ixbot-E
Dec 8, 2005 3:55AM PST

Type
Worm

Aliases
W32/Opanki.worm.gen

W32/Ixbot-E is a worm and IRC backdoor Trojan for the Windows platform.

W32/Ixbot-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Ixbot-E spreads using the AOL Instant Messenger service.

When first run W32/Ixbot-E copies itself to <System>
\ebmqbx.exe.

http://www.sophos.com/virusinfo/analyses/w32ixbote.html

- Collapse -
Troj/Dloadr-ABJ
Dec 8, 2005 3:57AM PST
- Collapse -
Troj/Clicker-AG
Dec 8, 2005 3:59AM PST
- Collapse -
Troj/Bancban-KQ
Dec 8, 2005 4:03AM PST
- Collapse -
Troj/Bancban-KY
Dec 8, 2005 4:04AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.bb

Troj/Bancban-KY is a password-stealing Trojan for the Windows platform.

Troj/Bancban-KY includes functionality to send notification messages to remote locations.

Troj/Bancban-KY may display fake login interfaces for certain Brazilian banking websites in order to steal login details. Any information retrieved in this manner is submitted to the author by email.

http://www.sophos.com/virusinfo/analyses/trojbancbanky.html

- Collapse -
Troj/Bankhof-E
Dec 8, 2005 4:08AM PST
- Collapse -
W32/Opanki-W
Dec 8, 2005 4:15AM PST

Type
Worm

Aliases
Trojan.Win32.Pakes
W32/Opanki.worm

W32/Opanki-W is a worm and IRC backdoor Trojan for the Windows platform.

W32/Opanki-W spreads via AOL Instant Messenger and via weak passwords.

W32/Opanki-W runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32opankiw.html

- Collapse -
Troj/Banker-IL
Dec 8, 2005 4:17AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.cc

Troj/Banker-IL is a password stealing Trojan for the Windows platform.

Troj/Banker-IL targets the customers of certain Brazilian online banking websites by displaying fake interfaces and recording any details that are entered.

http://www.sophos.com/virusinfo/analyses/trojbankeril.html

- Collapse -
Troj/Agent-FJ
Dec 8, 2005 4:19AM PST
- Collapse -
Troj/PWSSagi-F
Dec 8, 2005 4:21AM PST
- Collapse -
W32/Zusha-D
Dec 8, 2005 4:23AM PST

Type
Worm

Aliases
W32/Zusha.worm

W32/Zusha-D is a worm for the Windows platform.

W32/Zusha-D spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012).

W32/Zusha-D includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32zushad.html

- Collapse -
Troj/DelAll-F
Dec 8, 2005 4:25AM PST
- Collapse -
Troj/DownLdr-EK
Dec 8, 2005 4:31AM PST
- Collapse -
Troj/Funot-A
Dec 8, 2005 6:42AM PST

Type Trojan

Troj/Funot-A is a Trojan for the Windows platform that includes functionality to
replace exist files using the original filenames with the text file, rename exist files using names contructed from the predefined list, creates text files, to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojfunota.html

- Collapse -
Troj/Keylog-AU
Dec 8, 2005 6:43AM PST
- Collapse -
Troj/Krepper-Y
Dec 8, 2005 6:44AM PST
- Collapse -
Troj/Ranck-DG
Dec 8, 2005 6:45AM PST

Type Trojan

Aliases Trojan-Proxy.Win32.Ranky.cv

Troj/Ranck-DG is a Trojan for the Windows platform.
When run, Troj/Ranck-DG opens a random port and allows remote attackers the ability to route HTTP traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojranckdg.html

- Collapse -
Troj/Bifrose-HM
Dec 8, 2005 6:46AM PST
- Collapse -
Troj/Zlob-Q
Dec 8, 2005 6:47AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.ci

Troj/Zlob-Q is a downloading Trojan for the Windows platform.
The following registry entry is created to run Troj/Zlob-Q on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
kernel32.dll
<pathname of the Trojan executable>

http://www.sophos.com/virusinfo/analyses/trojzlobq.html

- Collapse -
Troj/Zlob-CC
Dec 8, 2005 6:48AM PST
- Collapse -
Troj/Bckdr-CKC
Dec 8, 2005 6:49AM PST

Type Trojan

Aliases Backdoor.Win32.PcClient.gf
BackDoor-CKB
Backdoor.Pcclient

Troj/Bckdr-CKC is a multicomponent backdoor Trojan for the Windows platform.
Troj/Bckdr-CKC includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbckdrckc.html

- Collapse -
Troj/Banker-IH
Dec 8, 2005 6:49AM PST
- Collapse -
Troj/Banker-AHZ
Dec 8, 2005 6:50AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.ba

Troj/Banker-AHZ is a Trojan for the Windows platform.
The Trojan monitors internet sessions and displays fake login pages when certain banking web sites are visited. Stolen credentials are sent to a remote attacker via email.

http://www.sophos.com/virusinfo/analyses/trojbankerahz.html