Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 1, 2006

Dec 31, 2005 8:39PM PST

Troj/DownLdr-QB

Type
Trojan

Aliases
Exploit.Win32.IMG-WMF.a

Troj/DownLdr-QB is a downloader Trojan which will download, install and run new
software without notification that it is doing so.

The file downloaded by Troj/DownLdr-QB is detected by Sophos as Troj/Bifrose-CS.

http://www.sophos.com/virusinfo/analyses/trojdownldrqb.html

Discussion is locked

- Collapse -
Troj/Bifrose-CS
Dec 31, 2005 8:44PM PST
- Collapse -
W32/Loosky-M
Dec 31, 2005 11:51PM PST
- Collapse -
Troj/Zlob-AL
Dec 31, 2005 11:53PM PST
- Collapse -
Troj/Puper-AD
Dec 31, 2005 11:55PM PST
- Collapse -
W32/Brontok-K
Jan 1, 2006 12:00AM PST

Type
Worm

Aliases
Email-Worm.Win32.Brontok.c
W32.Rontokbro@mm

W32/Brontok-K is an email worm that sends itself to addresses gathered from the infected computer by searching files with the following extensions:

ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB

http://www.sophos.com/virusinfo/analyses/w32brontokk.html

- Collapse -
W32/Sdranck-W
Jan 1, 2006 12:02AM PST
- Collapse -
Exp/WMF-A
Jan 1, 2006 12:03AM PST
- Collapse -
W32/Rbot-BHQ
Jan 1, 2006 10:32AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.aie
W32/Sdbot.worm.gen.bi

W32/Rbot-BHQ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BHQ spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BHQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbhq.html

- Collapse -
Troj/DownLdr-PZ
Jan 1, 2006 10:33AM PST
- Collapse -
Troj/DownLdr-QA
Jan 1, 2006 10:33AM PST
- Collapse -
Troj/LdPinch-DH
Jan 1, 2006 10:34AM PST

Type Spyware Trojan

Aliases Trojan-Proxy.Win32.Agent.iq
PWS-LDPinch

Troj/LdPinch-DH is a password-stealing Trojan with backdoor functionality.
Troj/LdPinch-DH attempts to steal confidential information and send it to a remote location via HTTP or email.
Troj/LdPinch-DH provides a backdoor server on a pre-configured port (the default is 175Cool. A remote intruder will be able to connect to this port and receive command shell access.

http://www.sophos.com/virusinfo/analyses/trojldpinchdh.html

- Collapse -
W32/Tilebot-CU
Jan 1, 2006 10:35AM PST

Type Worm

Aliases Backdoor.Win32.SdBot.ajw
W32/Opanki.worm.gen
W32.Spybot.Worm
WORM_SDBOT.CVG

W32/Tilebot-CU is a worm for the Windows platform.
W32/Tilebot-CU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CU includes functionality to:
- set up an FTP server
- spread via AOL Instant Messager by sending messages automatically
- change Internet Explorer start page
- set or remove network shares
- port scanning
- packet sniffing
- access the internet and communicate with a remote server via HTTP
- harvest information from clipboard

http://www.sophos.com/virusinfo/analyses/w32tilebotcu.html

- Collapse -
Troj/DownLdr-HV
Jan 1, 2006 10:36AM PST
- Collapse -
Troj/LegMir-DM
Jan 1, 2006 10:37AM PST
- Collapse -
Troj/Dloadr-DN
Jan 1, 2006 10:38AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.PassAlert.h
StartPage-IH

Troj/Dloadr-DN is a downloader Trojan for the Windows platform.
Troj/Dloadr-DN includes functionality to:
- access the internet and communicate with a remote server via HTTP
- disable Windows warning messages

http://www.sophos.com/virusinfo/analyses/trojdloadrdn.html