Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 24, 2005

by Marianna Schmudlach / February 24, 2005 12:00 AM PST

W32/Agobot-QE
Summary


Type Worm

W32/Agobot-QE is a backdoor Trojan and worm which spreads to computers protected by weak passwords.
Each time the Trojan is run it attempts to connect to a remote IRC server and join a specific channel.
The Trojan then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotqe.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 24, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 24, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-CH
by Marianna Schmudlach / February 24, 2005 12:03 AM PST

Aliases Trojan-Spy.Win32.Agent.w

Type Trojan

Troj/Agent-CH is a backdoor Trojan for the Windows platform.
Troj/Agent-CH will also create a DLL in the Windows system folder named yemarvdn.dll. This file is currently detected by Sophos as Troj/Iyus-Fam.
Troj/Agent-CH will also modify the HOSTS file in an attempt to block access to a predefined list of Anti-virus vendors.

http://www.sophos.com/virusinfo/analyses/trojagentch.html

Collapse -
Troj/Bancban-BM
by Marianna Schmudlach / February 24, 2005 12:05 AM PST

Aliases Trojan-Spy.Win32.Banker.kk
TROJ_BANCOS.MX

Type Trojan

Troj/Bancban-BM is a password stealing Trojan for the Windows platform.
Troj/Bancban-BM monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email.

http://www.sophos.com/virusinfo/analyses/trojbancbanbm.html

Collapse -
Troj/Bancos-BD
by Marianna Schmudlach / February 24, 2005 12:06 AM PST

Type Trojan

Troj/Bancos-BD is a password stealing Trojan for the Windows platform that targets customers of Brazilian banks.
Troj/Bancos-BD monitors a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into entering their details and will email the information to a predefined email account.

http://www.sophos.com/virusinfo/analyses/trojbancosbd.html

Collapse -
Troj/Bancos-BE
by Marianna Schmudlach / February 24, 2005 12:08 AM PST

Type Trojan

Troj/Bancos-BE is a password stealing Trojan for the Windows platform that targets customers of Brazilian banks.
Troj/Bancos-BE monitors a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into entering their details and will email the information to a predefined email account.

http://www.sophos.com/virusinfo/analyses/trojbancosbe.html

Collapse -
W32/Aimdes-B
by Marianna Schmudlach / February 24, 2005 12:09 AM PST
Collapse -
W32/Codbot-Gen
by Marianna Schmudlach / February 24, 2005 12:11 AM PST

Type Worm

W32/Codbot-Gen detects worms of the W32/Codbot family.
Worms detected as W32/Codbot-Gen provide backdoor Trojan functionality to a remote attacker via IRC channels. Such worms may spread to remote network shares with weak passwords in response to a backdoor command.
W32/Codbot-Gen worms typically attempt to exploit vulnerabilities, such as the LSASS vulnerability (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32codbotgen.html

Collapse -
Troj/Borobt-Gen
by Marianna Schmudlach / February 24, 2005 12:13 AM PST
Collapse -
W32/MyDoom-BD
by Marianna Schmudlach / February 24, 2005 12:15 AM PST
Collapse -
W32/MyDoom-BF
by Marianna Schmudlach / February 24, 2005 12:17 AM PST

Aliases Email-Worm.Win32.Mydoom.am
W32/Mydoom.bf@MM
W32/MyDoom-O
WORM_MYDOOM.BF

Type Worm

W32/MyDoom-BF is an email worm for the Windows platform.
Email sent by the worm has characteristics similar to the following examples:
Subject line:
hi
error
test
Message could not be delivered
Message body:
Dear user of <domain>
Mail server administrator of <domain> would like to inform you that
We have detected that your e-mail account has been used to send a large
amount of unsolicited e-mail messages during this recent week.
We suspect that your computer had been compromised by a recent virus and now
runs a trojan proxy server.
Please follow our instructions in the attachment file
in order to keep your computer safe.
Virtually yours
<domain> user support team.
Attached file:
attachment.com
letter.zip
<username>.exe

http://www.sophos.com/virusinfo/analyses/w32mydoombf.html

Collapse -
Troj/Banker-DL
by Marianna Schmudlach / February 24, 2005 12:18 AM PST

Aliases Trojan-Spy.Win32.Banker.jg
TROJ_BANKER.DL

Type Trojan

Troj/Banker-DL is a Trojan for the Windows platform.
Troj/Banker-DL steals usernames and passwords for banking institutions and sends them via FTP and email to remote users.

http://www.sophos.com/virusinfo/analyses/trojbankerdl.html

Collapse -
W32/Agobot-QD
by Marianna Schmudlach / February 24, 2005 12:20 AM PST

Aliases Backdoor.Win32.Agobot.yq

Type Worm

W32/Agobot-QD is a network worm with backdoor functionality for the Windows platform.
W32/Agobot-QD is capable of spreading to computers on the local network protected by weak passwords.
The backdoor component runs continuously in the background providing backdoor access to the computer through IRC channels. The backdoor component can be instructed to perform the following functions:
harvest email addresses
steal product registration information for certain software
take part in Distributed Denial of Service (DDoS) attacks
scan networks for vulnerabilities
download/execute arbitrary files
start a proxy server (SOCKS4/SOCKS5)
start/stop system services
monitor network communications (packet sniffing)
add/remove network shares
send email
log keypresses

http://www.sophos.com/virusinfo/analyses/w32agobotqd.html

Collapse -
W32/Rbot-AIS
by Marianna Schmudlach / February 24, 2005 12:22 AM PST
Collapse -
W32/Rbot-AHG
by Marianna Schmudlach / February 24, 2005 12:24 AM PST

Aliases WORM_RBOT.AHG
Backdoor.Win32.Rbot.fo

Type Worm

W32/Rbot-AHG is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-AHG spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

http://www.sophos.com/virusinfo/analyses/w32rbotahg.html

Collapse -
Troj/Dloader-IE
by Marianna Schmudlach / February 24, 2005 10:04 AM PST

Aliases Trojan-Downloader.Win32.Delf.ij

Type Trojan

Troj/Dloader-IE is a downloader Trojan for the Windows platform.
Troj/Dloader-IE will download a file from a predefined url. The downloaded file will be in the windows folder as active_url.dll. The downloaded file is a configuration file used to tell the Trojan other files to download. The Trojan will also copy itself to the Windows system folder as msapp.exe.

http://www.sophos.com/virusinfo/analyses/trojdloaderie.html

Collapse -
Troj/AdClick-AJ
by Marianna Schmudlach / February 24, 2005 10:06 AM PST
Collapse -
Troj/Goldun-J
by Marianna Schmudlach / February 24, 2005 10:08 AM PST

Aliases Trojan-Spy.Win32.Goldun.p;

Type Trojan


Troj/Goldun-J is a password-stealing Trojan.
Troj/Goldun-J monitors outgoing HTTP requests for traffic going to specific internet banking sites. On encountering such a request the Trojan will attempt to extract account details from the returned page and submit these details to the Trojan's author using an HTTP form submission.

http://www.sophos.com/virusinfo/analyses/trojgoldunj.html

Collapse -
Troj/Agent-DA
by Marianna Schmudlach / February 24, 2005 10:08 AM PST

Aliases Trojan.Win32.Agent.bh; BackDoor-COK.dr

Type Trojan

Troj/Agent-DA is a Trojan for the Windows platform.
Troj/Agent-DA can be used to steal system information and download files onto the infected computer. When run the Trojan connects to a preconfigured internet site and downloads further instructions.

http://www.sophos.com/virusinfo/analyses/trojagentda.html

Collapse -
W32/Cuebot-C
by Marianna Schmudlach / February 24, 2005 10:10 AM PST

Type Worm

W32/Cuebot-C is a network worm with backdoor functionality for the Windows platform, and can spread to remote computers vulnerable to the LSASS exploit (see Microsoft Security Bulletin MS04-011).
The worm contains a backdoor component that connects to a pre-configured IRC channel, giving a remote intruder access to an infected computer.

http://www.sophos.com/virusinfo/analyses/w32cuebotc.html

Collapse -
Troj/Rider-O
by Marianna Schmudlach / February 24, 2005 10:12 AM PST

Aliases Exploit.HTML.Mht
Exploit-MhtRedir.gen

Type Trojan

Troj/Rider-O is an HTML-based script which exploits a vulnerability associated with some versions of Microsoft Internet Explorer to load a malicious script (or HTML page containing a malicious script) via the DATA attribute of an OBJECT element.
Troj/Rider-O will attempt to load an HTML file detected as Troj/Psyme-BG. The HTML file will attempt to download and run Troj/Padodor-W.

http://www.sophos.com/virusinfo/analyses/trojridero.html

Collapse -
Troj/Padodor-W
by Marianna Schmudlach / February 24, 2005 10:14 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?