 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Keylog-BL
Type
Spyware Trojan
Troj/Keylog-BL is a keylogging Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojkeylogbl.html
Discussion is locked
Type
Spyware Trojan
Aliases
Backdoor.Win32.Dumador.et
BKDR_DUMADOR.BS
Troj/Dumaru-AU is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdumaruau.html
Type
Trojan
Troj/Banload-HC is a Trojan downloader for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbanloadhc.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Small.cdd
TROJ_DLOADER.AZK
Downloader-ARW
Troj/Dloadr-ARW is a downloader Trojan for the Windows platform.
Troj/Dloadr-ARW includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdloadrarw.html
Type
Trojan
Aliases
TROJ_DLOADER.BIJ
Troj/Dloadr-BIJ is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/Dloadr-BIJ includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdloadrbij.html
Type
Trojan
Aliases
TROJ_SMALL.ADJ
Trojan-Downloader.Win32.Small.adj
Troj/DownLdr-QG is a Trojan for the Windows platform.
Troj/DownLdr-QG includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/DownLdr-QG is installed it creates the file <Windows> \mscab108. This file may be deleted.
http://www.sophos.com/virusinfo/analyses/trojdownldrqg.html
Type
Worm
Aliases
W32/Sdbot.worm.gen.h
W32/Sdbot-ALJ is a worm and IRC backdoor Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/w32sdbotalj.html
Type
Worm
W32/Sdbot-ALK is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ALK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32sdbotalk.html
Type
Spyware Trojan
Aliases
TSPY_QQPASS.DV
Trojan-PSW.Win32.QQGame.h
Troj/QQPass-BO is an information stealing Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojqqpassbo.html
Type
Trojan
Aliases
TROJ_BANLOAD.AE
Troj/Banload-HD is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbanloadhd.html
Type
Trojan
Aliases
TROJ_PUPER.BA
Troj/Puper-AP is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojpuperap.html
Type
Worm
Aliases
Trojan-Dropper.Win32.Agent.afj
W32/Loosky-M is a worm for the Windows platform.
http://www.sophos.com/virusinfo/analyses/w32looskym.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Zlob.dl
Troj/Zlob-AL is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojzlobal.html
Type
Trojan
Aliases
Trojan.Zlob
Trojan-Downloader.Win32.Zlob.dl
Troj/Puper-AD is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojpuperad.html
Type
Worm
Aliases
Email-Worm.Win32.Brontok.c
W32.Rontokbro@mm
W32/Brontok-K is an email worm that sends itself to addresses gathered from the infected computer by searching files with the following extensions:
ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB
http://www.sophos.com/virusinfo/analyses/w32brontokk.html
Type
Worm
W32/Sdranck-W is a multi-component network worm for the Windows platform.
http://www.sophos.com/virusinfo/analyses/w32sdranckw.html
Type
Trojan
Exp/WMF-A is a Windows Metafile (WMF) file which exploits a vulnerability associated with Windows Picture and Fax Viewer allowing arbitrary code execution.
For more information please see the following Microsoft advisory:
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.sophos.com/virusinfo/analyses/expwmfa.html
This vulnerability will not be completely eliminated until Microsoft releases an official patch, which is expected to be published after January 9, 2006. However, prominent internet security researchers have released an unofficial patch. The unofficial patch has been examined by the researchers at the SANS Institute?s Internet Storm Center(ISC) and is currently considered the best protection currently available. The unofficial patch blocks the method of execution for the current exploits and is easy to remove from the computer. However, the patch is to be used at your own risk.
How to protect your Windows PC:
Download the exploit checker at http://www.hexblog.com/security/files/wmf_checker_hexblog.exe
Run the exploit checker
Download the unofficial patch at http://www.hexblog.com/security/files/wmffix_hexblog14.exe
Install the patch
Test the installation with the exploit checker
When Microsoft releases a patch:
Uninstall the unofficial patch
Download and install the official Microsoft Patch.
We are currently using this on our office computers. I hope this information can help someone else...
Type
Trojan
Troj/Icyfox-B is a backdoor Trojan for ASP servers. It allows an intruduer to run arbitary scripts on the server side.
Intruders can access the backdoor through HTTP Submit traffic, and embed the script in the request.
Troj/Icyfox-B may also be packaged with various client side scripts which allow an intruder to carry out various predefined exploits.
http://www.sophos.com/virusinfo/analyses/trojicyfoxb.html
Type
Trojan
Troj/Proxyser-Q is a SOCKS proxy server.
http://www.sophos.com/virusinfo/analyses/trojproxyserq.html
Type
Trojan
Troj/Bdoor-ND is a backdoor Trojan for the Windows platform.
The Trojan drops files are detected as Troj/ServU-Gen, Troj/Small-AO, W32/IrcBounce-A and Troj/RKFu-B.
http://www.sophos.com/virusinfo/analyses/trojbdoornd.html
Type
Worm
W32/Rbot-BHS is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BHS spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BHS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbhs.html
Type
Trojan
Troj/LowZone-BH is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojlowzonebh.html
Type Worm
Aliases Backdoor.Win32.Rbot.alt
W32/Sdbot.worm.gen.bh
W32.Spybot.Worm
WORM_SDBOT.CTV
W32/Rbot-BHT is a worm with backdoor functionality for the Windows platform.
W32/Rbot-BHT attempts to spread by copying itself to network shares protected by weak passwords.
W32/Rbot-BHT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The worm contains functionality to modify the system hosts file and to terminate certain processes.
http://www.sophos.com/virusinfo/analyses/w32rbotbht.html
Type Spyware Worm
Aliases JS/Kmax.gen@MM
JS_FEEBS.A
Worm.Win32.Feebs.g
W32/Feebs-C is a worm for the Windows platform.
The worm may arrive as an attachment to an email claiming to be sent via "Protected E-Mail service" with bogus credentials. The message may lure the recipient into entering the supplied credentials into an attached HTML document.
W32/Feebs-C spreads via file sharing on P2P networks.
http://www.sophos.com/virusinfo/analyses/w32feebsc.html
Type Trojan
Aliases Trojan-Downloader.Win32.VB.ji
Troj/VB-QD is a Trojan for the Windows platform.
Troj/VB-QD includes functionality to download further malicious code.
http://www.sophos.com/virusinfo/analyses/trojvbqd.html
Type Spyware Trojan
Troj/PWS-HU is a password stealing Trojan for the Windows platform.
The Trojan steals usernames, passwords and email addresses from the infected computer.
Troj/PWS-HU may also attempt to download and install additional files.
http://www.sophos.com/virusinfo/analyses/trojpwshu.html
Type Trojan
Aliases Trojan-Downloader.Win32.Small.gen
Troj/Small-IE is a Trojan for the Windows platform.
Troj/Small-IE includes functionality to download, install and run new software.
http://www.sophos.com/virusinfo/analyses/trojsmallie.html
Type Trojan
Aliases Trojan-Downloader.Win32.Banload.o
Troj/SmDown-A is a Trojan for the Windows platform.
Troj/SmDown-A includes functionality to download further malicious code.
http://www.sophos.com/virusinfo/analyses/trojsmdowna.html
Type Trojan
Aliases PWS-Banker.gen.w
Troj/SmDown-B is a Trojan for the Windows platform.
Troj/SmDown-B contains functionality to download further malicious code.
Troj/SmDown-B attempts to terminate certain anti-virus processes.
http://www.sophos.com/virusinfo/analyses/trojsmdownb.html
Type Spyware Trojan
Aliases Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.b
PWSteal.Bancos
Troj/Banker-SV is a Trojan for the Windows platform which attempts to capture confidential information related to Internet Banking, such as usernames and logon passwords.
Troj/Banker-SV includes functionality to send notification messages to remote locations.
Troj/Banker-SV may display fake login interfaces for certain Brazilian banking websites in order to steal login details. Any information retrieved in this manner is submitted to the author by email.
http://www.sophos.com/virusinfo/analyses/trojbankersv.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic