Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 18, 2005

by Marianna Schmudlach / February 18, 2005 12:45 AM PST

W32/Assiral-A

Type Worm

W32/Assiral-A is a mass mailing worm which attempts to spread itself by sending emails with the following characteristics to addresses found in the victim's address book:
Subject: Re: LOV YA!
Body: Kindly read and reply to my LOVE LETTER in the attachments Happy
Attachment: LOVE_LETTER.TXT.exe
W32/Assiral-A will attempt to copy itself to floppy drives and network shares.
On opening the attachment, W32/Assiral-A will open a web page through Internet Explorer at geocities.com. W32/Assiral-A will attempt to modify Internet Explorer's homepage to the same page.
It will also attempt to kill off various security related applications and disable various capabilities of Windows.

http://www.sophos.com/virusinfo/analyses/w32assirala.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 18, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 18, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-WE
by Marianna Schmudlach / February 18, 2005 12:47 AM PST
Collapse -
W32/Sdbot-VI
by Marianna Schmudlach / February 18, 2005 12:49 AM PST

Aliases W32/Gaobot.worm.gen.t
W32/Agobot.CRI

Type Worm

W32/Sdbot-VI is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels while running in the background.
W32/Sdbot-VI will try to spread to network shares with weak passwords.


http://www.sophos.com/virusinfo/analyses/w32sdbotvi.html

Collapse -
W32/MyDoom-AS
by Marianna Schmudlach / February 18, 2005 12:51 AM PST

Aliases W32/Mydoom.ba@MM

Type Worm

W32/MyDoom-AS is a mass-mailing and peer-to-peer worm which emails itself as an attachment to addresses found on the infected computer.
When run W32/MyDoom-AS will launch Notepad with garbage which serves as a decoy.
W32/MyDoom-AS may also create a file hserv.sys in the Windows system folder. This file is non-malicious and can be safely deleted.

http://www.sophos.com/virusinfo/analyses/w32mydoomas.html

Collapse -
Troj/Keylog-AD
by Marianna Schmudlach / February 18, 2005 12:53 AM PST
Collapse -
W32/Poebot-H
by Marianna Schmudlach / February 18, 2005 12:55 AM PST

Aliases Backdoor.Win32.PoeBot.a

Type Worm

W32/Poebot-H is a worm which attempts to spread to remote network shares with weak passwords. It also contains backdoor functionality allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32poeboth.html

Collapse -
Troj/LdPinch-AN
by Marianna Schmudlach / February 18, 2005 12:56 AM PST

Aliases TROJ_LDPINCH.AM

Type Trojan

Troj/LdPinch-AN is a Trojan for the Windows platform.
The Trojan steals information and opens multiple points of entry for remote attackers. The Trojan sends information gathered to remote users via HTTP POST/GET sessions.
Troj/LdPinch-AN steals information including the following:
login/password details for certain chat applications
email usernames, passwords and connection details
dialup connection information
Troj/LdPinch-AN can also be instructed to download/execute arbitrary files.

http://www.sophos.com/virusinfo/analyses/trojldpinchan.html

Collapse -
Troj/Iyus-M
by Marianna Schmudlach / February 18, 2005 12:59 AM PST
Collapse -
Troj/Dropper-U
by Marianna Schmudlach / February 18, 2005 1:00 AM PST
Collapse -
Troj/Bdoor-EP
by Marianna Schmudlach / February 18, 2005 1:02 AM PST
Collapse -
W32/Nodmin-A
by Marianna Schmudlach / February 18, 2005 1:04 AM PST

Aliases Worm.Win32.VB.u

Type Worm

W32/Nodmin-A is a worm which spreads via email,peer-to-peer applications and IRC.
W32/Nodmin-A will also attept to spread via email through Microsoft Outlook Express.
W32/Nodmin-A will copy itself to various peer-to-peer folders.Peer-to-peer applications it copies itself to include:
eDonkey2000
Ares
Emule
Kazza
Kazza Lite
ICQ
W32/Nodmin-A will modify mIRC's script.ini in an attempt to get it to spread via the IRC.
W32/Nodmin-A will also attempt to download and execute a file detected by Sophos as Troj/Bdoor-EP.

http://www.sophos.com/virusinfo/analyses/w32nodmina.html

Collapse -
W32/MyDoom-BC
by Marianna Schmudlach / February 18, 2005 5:44 AM PST

Aliases Email-Worm.Win32.Mydoom.am
W32/Mydoom.bc@MM

Type Worm

W32/MyDoom-BC is an email worm for the Windows platform.
Email sent by the worm has characteristics similar to the following examples:
Subject line:
hi
error
test
Message could not be delivered
Message body:
Dear user of <domain>
Mail server administrator of <domain> would like to inform you that
We have detected that your e-mail account has been used to send a large
amount of unsolicited e-mail messages during this recent week.
We suspect that your computer had been compromised by a recent virus and now
runs a trojan proxy server.
Please follow our instructions in the attachment file
in order to keep your computer safe.
Virtually yours
<domain> user support team.
Attached file:
attachment.com
letter.zip
<username>.exe

http://www.sophos.com/virusinfo/analyses/w32mydoombc.html

Collapse -
Troj/Psyme-BM
by Marianna Schmudlach / February 18, 2005 5:46 AM PST

Aliases Trojan-Downloader.JS.gen

Type Trojan

Troj/Psyme-BM contains functionality to generate webpages which exploit the ADODB stream vulnerability in Microsoft Internet Explorer to silently download executable files from a remote server to the local computer.

http://www.sophos.com/virusinfo/analyses/trojpsymebm.html

Collapse -
W32/Codbot-D
by Marianna Schmudlach / February 18, 2005 5:48 AM PST

Aliases W32/Sdbot.worm.gen.j

Type Worm

W32/Codbot-D is a network worm with backdoor functionality for the Windows platform.
W32/Codbot-D may spread to remote network shares and computers vulnerable to common exploits, including the LSASS exploit (MS04-011) and the RPM-DCOM exploit (MS04-012).
W32/Codbot-D connects to a preconfigured IRC server when an internet connection is available and awaits instructions from a remote attacker. The worm can be commanded to sniff network traffic, download further code, send itself to random IP addresses, start an FTP server and steal passwords and system information.

http://www.sophos.com/virusinfo/analyses/w32codbotd.html

Collapse -
VBS/Roor-A
by Marianna Schmudlach / February 18, 2005 5:50 AM PST

Aliases Virus.VBS.Redlof.k

Type Virus

VBS/Roor-A is a virus that may infect HTML or text files.
VBS/Roor-A infects files with file extension HTM, HTML or HTT in the folder in which it is run.
VBS/Roor-A creates dropper files for the virus with the names DESKTOP.INI and FOLDER.HTT in the current folder, the Windows folder, the Windows system folder, the Windows Desktop and the subfolder WEB of the Windows folder. Dropper files may also be created in the root folders of any other drives.
On the 26th of September, the virus may attempt to shut down windows.

http://www.sophos.com/virusinfo/analyses/vbsroora.html

Collapse -
W32/Codbot-E
by Marianna Schmudlach / February 18, 2005 5:52 AM PST

Aliases Backdoor.Win32.Codbot.i

Type Worm

W32/Codbot-E is a network worm with backdoor functionality for the Windows platform.
W32/Codbot-E may spread to remote network shares and computers vulnerable to common exploits, including the LSASS exploit (MS04-011) and the RPM-DCOM exploit (MS04-012).
W32/Codbot-E connects to a preconfigured IRC server when an internet connection is available and awaits instructions from a remote attacker. The worm can be commanded to sniff network traffic, download further code, send itself to random IP addresses, start an FTP server and steal passwords and system information.

http://www.sophos.com/virusinfo/analyses/w32codbote.html

Collapse -
W32/Sdbot-VJ
by Marianna Schmudlach / February 18, 2005 5:53 AM PST

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.g

Type Worm

W32/Sdbot-VJ is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-VJ connects to an IRC channel and listens for backdoor commands from a remote attacker. The worm may also spread to remote network shares with weak passwords.
The backdoor functionality of the worm includes the ability to run an FTP or TFTP server, download updates or steal system information.

http://www.sophos.com/virusinfo/analyses/w32sdbotvj.html

Collapse -
Troj/AdClick-AI
by Marianna Schmudlach / February 18, 2005 5:55 AM PST
Collapse -
W32/MyDoom-BC
by Marianna Schmudlach / February 18, 2005 9:13 AM PST

Aliases Email-Worm.Win32.Mydoom.am
W32/Mydoom.bc@MM
W32/Mydoom.db@MM
Worm.Mydoom.M-2

Type Worm

W32/MyDoom-BC is an email worm for the Windows platform.
Email sent by the worm has characteristics similar to the following examples:
Subject line:
hi
error
test
Message could not be delivered
Message body:
Dear user of <domain>
Mail server administrator of <domain> would like to inform you that
We have detected that your e-mail account has been used to send a large
amount of unsolicited e-mail messages during this recent week.
We suspect that your computer had been compromised by a recent virus and now
runs a trojan proxy server.
Please follow our instructions in the attachment file
in order to keep your computer safe.
Virtually yours
<domain> user support team.
Attached file:
attachment.com
letter.zip
<username>.exe

http://www.sophos.com/virusinfo/analyses/w32mydoombc.html

Collapse -
Troj/Psyme-BM
by Marianna Schmudlach / February 18, 2005 9:15 AM PST

Aliases Trojan-Downloader.JS.gen

Type Trojan

Troj/Psyme-BM contains functionality to generate webpages which exploit the ADODB stream vulnerability in Microsoft Internet Explorer to silently download executable files from a remote server to the local computer.

http://www.sophos.com/virusinfo/analyses/trojpsymebm.html

Collapse -
W32/Codbot-D
by Marianna Schmudlach / February 18, 2005 9:17 AM PST

Aliases W32/Sdbot.worm.gen.j

Type Worm

W32/Codbot-D is a network worm with backdoor functionality for the Windows platform.
W32/Codbot-D may spread to remote network shares and computers vulnerable to common exploits, including the LSASS exploit (MS04-011) and the RPM-DCOM exploit (MS04-012).
W32/Codbot-D connects to a preconfigured IRC server when an internet connection is available and awaits instructions from a remote attacker. The worm can be commanded to sniff network traffic, download further code, send itself to random IP addresses, start an FTP server and steal passwords and system information.

http://www.sophos.com/virusinfo/analyses/w32codbotd.html

Collapse -
VBS/Roor-A
by Marianna Schmudlach / February 18, 2005 9:19 AM PST

Aliases Virus.VBS.Redlof.k

Type Virus

VBS/Roor-A is a virus that may infect HTML or text files.
VBS/Roor-A infects files with file extension HTM, HTML or HTT in the folder in which it is run.
VBS/Roor-A creates dropper files for the virus with the names DESKTOP.INI and FOLDER.HTT in the current folder, the Windows folder, the Windows system folder, the Windows Desktop and the subfolder WEB of the Windows folder. Dropper files may also be created in the root folders of any other drives.
On the 26th of September, the virus may attempt to shut down windows.

http://www.sophos.com/virusinfo/analyses/vbsroora.html

Collapse -
W32/Codbot-E
by Marianna Schmudlach / February 18, 2005 9:49 AM PST

Aliases Backdoor.Win32.Codbot.i

Type Worm

W32/Codbot-E is a network worm with backdoor functionality for the Windows platform.
W32/Codbot-E may spread to remote network shares and computers vulnerable to common exploits, including the LSASS exploit (MS04-011) and the RPM-DCOM exploit (MS04-012).
W32/Codbot-E connects to a preconfigured IRC server when an internet connection is available and awaits instructions from a remote attacker. The worm can be commanded to sniff network traffic, download further code, send itself to random IP addresses, start an FTP server and steal passwords and system information.

http://www.sophos.com/virusinfo/analyses/w32codbote.html

Collapse -
W32/Sdbot-VJ
by Marianna Schmudlach / February 18, 2005 9:51 AM PST

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.g

Type Worm

W32/Sdbot-VJ is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-VJ connects to an IRC channel and listens for backdoor commands from a remote attacker. The worm may also spread to remote network shares with weak passwords.
The backdoor functionality of the worm includes the ability to run an FTP or TFTP server, download updates or steal system information.

http://www.sophos.com/virusinfo/analyses/w32sdbotvj.html

Collapse -
Troj/AdClick-AI
by Marianna Schmudlach / February 18, 2005 9:53 AM PST
Collapse -
Troj/Surila-P
by Marianna Schmudlach / February 18, 2005 9:54 AM PST

Aliases Backdoor.Win32.Surila.o
W32/Mydoom.AZ@bd
W32/Mydoom.AY@bd
BackDoor-CEB.f
BackDoor-CEB.b
BKDR_SURILA.O
Trojan.Surila.O
Trojan.Surila.O-2

Type Trojan

Troj/Surila-P is a backdoor Trojan.
The Trojan allows a remote attacker to control the infected computer.

http://www.sophos.com/virusinfo/analyses/trojsurilap.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?