Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 25, 2005

by Marianna Schmudlach / February 25, 2005 1:07 AM PST

W32/Kelvir-A
Summary

Aliases IM-Worm.Win32.Kelvir.a
W32/Kelvir.worm.a

Type Worm

W32/Kelvir-A is an instant messaging worm.
W32/Kelvir-A spreads by sending a message through Windows Messenger to all of an infected user's contacts. The message encourages the recipient to visit a web page to download an update and reads:
*** URGENT *** Download the latest patch from <URL> to prevent getting infected by W32.Bropia.C.

http://www.sophos.com/virusinfo/analyses/w32kelvira.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 25, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 25, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Helodor-D
by Marianna Schmudlach / February 25, 2005 1:12 AM PST
Collapse -
Troj/Iefeat-AF
by Marianna Schmudlach / February 25, 2005 1:15 AM PST

Aliases TROJ_AGENT.ABR
Trojan-Downloader.Win32.Agent.bq

Type Trojan

Troj/Iefeat-AF is a downloader Trojan that downloads files while running in the background as a process.
The Trojan may display a message box with the following characteristics:
<title>
Windows Security Center
<text>
WARNING: Windows Firewall detected suspicious network activity on
your computer. Malicious software codes try to steal your privacy
information, such as credit card numbers, electronic mail accounts,
financial data or passwords.
Do you want to learn how to protect your computer?
When 'YES' is clicked on, the Trojan attempts to open the website using the web browser registered in the computer.

http://www.sophos.com/virusinfo/analyses/trojiefeataf.html

Collapse -
Troj/Iefeat-AG
by Marianna Schmudlach / February 25, 2005 1:16 AM PST

Type Trojan

Troj/Iefeat-AG is a Trojan which changes browser security settings and connects to predetermined websites.
Troj/Iefeat-AG attempts to delete the hosts file located at
<windows>\system32\drivers\etc\hosts
Troj/Iefeat-AG attempts to delete all entries in the registry under the following location:
HKLM\system\currentcontrolset\services\wintrust
Troj/Iefeat-AG attempts to modify entries in the registry in order to change the security settings for Microsoft Internet Explorer, sometimes setting these values back to their original values once Troj/Iefeat-AG has opened up hidden windows to certain websites.

http://www.sophos.com/virusinfo/analyses/trojiefeatag.html

Collapse -
W32/Agobot-QI
by Marianna Schmudlach / February 25, 2005 1:18 AM PST

Type Worm

W32/Agobot-QI is a member of the W32/Agobot family of network worms. The worm can spread the computers vulnerable to the WEBDAV, LSASS, WKS, and UPNP exploits (see Microsoft Security Bulletins MS03-007 and MS04-011, MS03-049, and MS01-059 respectively). The worm can also spread to machines that are infected with W32/MyDoom, W32/Bagle, Troj/Optix and W32/Sasser, as well as to weakly protected network shares.
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Agobot-QI can be instructed to:
Open, upload, download, search for, and execute files
Log any keystrokes made on an infected computer
Examine local network traffic
Scan remote computers for vulnerablilites
Steal product keys
Participate in a distributed denial-of-service (DDoS) attack
Create and delete services in the Service Control Manager
Create and delete autostart entries
List, start, and stop processes and services
Attempt to disable any security software that is running

http://www.sophos.com/virusinfo/analyses/w32agobotqi.html

Collapse -
W32/Rbot-WO
by Marianna Schmudlach / February 25, 2005 1:20 AM PST

Aliases WORM_RBOT.AOU
Backdoor.Win32.Rbot.jf

Type Worm

W32/Rbot-WO is a network worm and backdoor for the Windows platform. The worm spreads to network shares and computers with unpatched operating system vulnerabilities.
The backdoor component connects to a predefined IRC server and waits for commands from a remote attacker.
W32/Rbot-WO spreads using a variety of techniques including exploiting weak password on computers and SQL servers, exploiting operating system vulnerabilites (including DCOM-RPC and LSASS) and using backdoors opened by other worms or Trojans.
W32/Rbot-WO can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-WO can be used issue a range of commands.
Patches for the operating system vulnerabilities exploited by W32/Rbot-WO can be obtained from Microsoft at:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotwo.html

Collapse -
Troj/Borobot-A
by Marianna Schmudlach / February 25, 2005 1:22 AM PST
Collapse -
Troj/Krepper-H
by Marianna Schmudlach / February 25, 2005 1:24 AM PST
Collapse -
Troj/Monurl-A
by Marianna Schmudlach / February 25, 2005 1:26 AM PST
Collapse -
Troj/Dropper-AB
by Marianna Schmudlach / February 25, 2005 1:28 AM PST
Collapse -
W32/Sdbot-VN
by Marianna Schmudlach / February 25, 2005 1:30 AM PST

Type Worm

W32/Sdbot-VN is a network worm with backdoor Trojan functionality for the Windows platform.
The worm joins a predetermined IRC channel and awaits further commands from remote attackers.
The worm spreads through network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32sdbotvn.html

Collapse -
Troj/Goldun-K
by Marianna Schmudlach / February 25, 2005 1:32 AM PST
Collapse -
Troj/Bancos-BF
by Marianna Schmudlach / February 25, 2005 1:34 AM PST
Collapse -
Troj/Banpaes-G
by Marianna Schmudlach / February 25, 2005 1:35 AM PST
Collapse -
Troj/Banker-GP
by Marianna Schmudlach / February 25, 2005 1:37 AM PST

Aliases Trojan-Spy.Win32.Banker.gp

Type Trojan

Troj/Banker-GP is a Trojan for the Windows platform.
The Trojan displays a fake Internet Explorer window which appears to display login pages for certain banking websites. The information collected is sent to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbankergp.html

Collapse -
Troj/Banker-GL
by Marianna Schmudlach / February 25, 2005 1:40 AM PST
Collapse -
Troj/Keylog-AE
by Marianna Schmudlach / February 25, 2005 1:41 AM PST
Collapse -
Troj/Banker-GK
by Marianna Schmudlach / February 25, 2005 1:43 AM PST

Aliases TrojanSpy.Win32.Banker.gk

Type Trojan

Troj/Banker-GK is a Trojan for the Windows platform.
The Trojan displays a fake Internet Explorer window which appears to display login pages for certain banking websites. The information collected is sent to a remote user. Troj/Banker-GK also monitors Internet Explorer sessions for data entered into web forms on certain banking sites.


http://www.sophos.com/virusinfo/analyses/trojbankergk.html

Collapse -
Troj/Bancban-BN
by Marianna Schmudlach / February 25, 2005 1:45 AM PST
Collapse -
Troj/Banker-GO
by Marianna Schmudlach / February 25, 2005 1:47 AM PST

Aliases Trojan-Spy.Win32.Banker.go

Type Trojan

Troj/Banker-GO is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Banker-GO attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbankergo.html

Collapse -
Troj/Iefeat-AE
by Marianna Schmudlach / February 25, 2005 1:49 AM PST

Aliases Trojan-Downloader.Win32.Agent.jb

Type Trojan

Troj/Iefeat-AE is a downloader Trojan for the Windows platform.
Troj/Iefeat-AE attempts to download DLLs from internet locations to the Windows folder and register them as COM servers.
Troj/Iefeat-AE registers itself as a Browser Helper Object for Internet Explorer.
Troj/Iefeat-AE may also create a file which is detected by Sophos as Troj/Dloader-AQ.

http://www.sophos.com/virusinfo/analyses/trojiefeatae.html

Collapse -
W32/Sdranck-B
by Marianna Schmudlach / February 25, 2005 12:53 PM PST

Type Worm

W32/Sdranck-B is a multi-component network worm.
W32/Sdranck-B drops components detected by Sophos's anti-virus products as W32/Sdbot-Fam and Troj/Ranck-CC.
The dropped Sdbot component spreads W32/Sdranck-B to network shares with weak passwords and via network security exploits.


http://www.sophos.com/virusinfo/analyses/w32sdranckb.html

Collapse -
Troj/Multidr-CG
by Marianna Schmudlach / February 25, 2005 12:55 PM PST
Collapse -
Troj/CmjSpy-T
by Marianna Schmudlach / February 25, 2005 12:57 PM PST
Collapse -
W32/Doxpar-A
by Marianna Schmudlach / February 25, 2005 12:58 PM PST

Aliases W32/Doxpar.worm
Net-Worm.Win32.Padobot.x

Type Worm

W32/Doxpar-A is a network worm.
W32/Doxpar-A will spread to remote computers through a number of software vulnerabilities.
W32/Doxpar-A will perform a Denial of Service (DoS) attack against a number of banking web sites.
W32/Doxpar-A will also send and receive data from remote web sites.

http://www.sophos.com/virusinfo/analyses/w32doxpara.html

Collapse -
Troj/Msbho-A
by Marianna Schmudlach / February 25, 2005 1:00 PM PST
Collapse -
W32/Forbot-FQ
by Marianna Schmudlach / February 25, 2005 1:02 PM PST

Aliases WORM_WOOTBOT.FQ

Type Worm

W32/Forbot-FQ is a network worm with backdoor functionality for the Windows platform.
Once installed, W32/Forbot-FQ connects to a preconfigured IRC server and joins a channel from which an attacker can issue further commands.
The worm can spread to unpatched machines affected by the LSASS vulnerability (see MS04-011) and through backdoors left open by the Troj/Optix family of Trojans.

http://www.sophos.com/virusinfo/analyses/w32forbotfq.html

Collapse -
W32/Sdbot-VO
by Marianna Schmudlach / February 25, 2005 1:04 PM PST

Type Worm

W32/Sdbot-VO is a network worm with backdoor functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-VO connects to a predetermined IRC channel and awaits further commands from remote users.

http://www.sophos.com/virusinfo/analyses/w32sdbotvo.html

Collapse -
W32/Forbot-EJ
by Marianna Schmudlach / February 25, 2005 1:06 PM PST

Type Worm

W32/Forbot-EJ is a network worm with backdoor functionality for the Windows platform.
Once installed, W32/Forbot-EJ connects to a preconfigured IRC server and joins a channel from which an attacker can issue further commands.
The worm can spread to unpatched machines affected by the LSASS vulnerability (see MS04-011) and through backdoors left open by the Troj/Optix family of Trojans.

http://www.sophos.com/virusinfo/analyses/w32forbotej.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.