Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 3, 2006

Jan 2, 2006 11:53PM PST

Discussion is locked

- Collapse -
Troj/Dumaru-AU
Jan 2, 2006 11:55PM PST
- Collapse -
Troj/Banload-HC
Jan 2, 2006 11:56PM PST
- Collapse -
Troj/Dloadr-ARW
Jan 2, 2006 11:58PM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Small.cdd
TROJ_DLOADER.AZK
Downloader-ARW

Troj/Dloadr-ARW is a downloader Trojan for the Windows platform.

Troj/Dloadr-ARW includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloadrarw.html

- Collapse -
Troj/Dloadr-BIJ
Jan 3, 2006 12:00AM PST

Type
Trojan

Aliases
TROJ_DLOADER.BIJ

Troj/Dloadr-BIJ is a downloader Trojan which will download, install and run new software without notification that it is doing so.

Troj/Dloadr-BIJ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloadrbij.html

- Collapse -
Troj/DownLdr-QG
Jan 3, 2006 12:03AM PST

Type
Trojan

Aliases
TROJ_SMALL.ADJ
Trojan-Downloader.Win32.Small.adj

Troj/DownLdr-QG is a Trojan for the Windows platform.

Troj/DownLdr-QG includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/DownLdr-QG is installed it creates the file <Windows> \mscab108. This file may be deleted.

http://www.sophos.com/virusinfo/analyses/trojdownldrqg.html

- Collapse -
W32/Sdbot-ALJ
Jan 3, 2006 12:09AM PST
- Collapse -
W32/Sdbot-ALK
Jan 3, 2006 12:14AM PST

Type
Worm

W32/Sdbot-ALK is a worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-ALK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotalk.html

- Collapse -
Troj/QQPass-BO
Jan 3, 2006 12:16AM PST
- Collapse -
Troj/Banload-HD
Jan 3, 2006 12:18AM PST
- Collapse -
Troj/Puper-AP
Jan 3, 2006 12:20AM PST
- Collapse -
W32/Loosky-M
Jan 3, 2006 1:19AM PST
- Collapse -
Troj/Zlob-AL
Jan 3, 2006 1:21AM PST
- Collapse -
Troj/Puper-AD
Jan 3, 2006 1:23AM PST
- Collapse -
W32/Brontok-K
Jan 3, 2006 1:25AM PST

Type
Worm

Aliases
Email-Worm.Win32.Brontok.c
W32.Rontokbro@mm

W32/Brontok-K is an email worm that sends itself to addresses gathered from the infected computer by searching files with the following extensions:

ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB

http://www.sophos.com/virusinfo/analyses/w32brontokk.html

- Collapse -
W32/Sdranck-W
Jan 3, 2006 1:33AM PST
- Collapse -
Exp/WMF-A
Jan 3, 2006 1:35AM PST
- Collapse -
This is from the tech firm that we employ...
Jan 3, 2006 10:38PM PST

This vulnerability will not be completely eliminated until Microsoft releases an official patch, which is expected to be published after January 9, 2006. However, prominent internet security researchers have released an unofficial patch. The unofficial patch has been examined by the researchers at the SANS Institute?s Internet Storm Center(ISC) and is currently considered the best protection currently available. The unofficial patch blocks the method of execution for the current exploits and is easy to remove from the computer. However, the patch is to be used at your own risk.


How to protect your Windows PC:

Download the exploit checker at http://www.hexblog.com/security/files/wmf_checker_hexblog.exe

Run the exploit checker

Download the unofficial patch at http://www.hexblog.com/security/files/wmffix_hexblog14.exe

Install the patch

Test the installation with the exploit checker


When Microsoft releases a patch:

Uninstall the unofficial patch

Download and install the official Microsoft Patch.

We are currently using this on our office computers. I hope this information can help someone else...

- Collapse -
Troj/Icyfox-B
Jan 3, 2006 1:41AM PST

Type
Trojan

Troj/Icyfox-B is a backdoor Trojan for ASP servers. It allows an intruduer to run arbitary scripts on the server side.

Intruders can access the backdoor through HTTP Submit traffic, and embed the script in the request.

Troj/Icyfox-B may also be packaged with various client side scripts which allow an intruder to carry out various predefined exploits.

http://www.sophos.com/virusinfo/analyses/trojicyfoxb.html

- Collapse -
Troj/Proxyser-Q
Jan 3, 2006 1:43AM PST
- Collapse -
Troj/Bdoor-ND
Jan 3, 2006 1:45AM PST
- Collapse -
W32/Rbot-BHS
Jan 3, 2006 1:46AM PST

Type
Worm

W32/Rbot-BHS is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BHS spreads:

- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BHS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbhs.html

- Collapse -
Troj/LowZone-BH
Jan 3, 2006 1:48AM PST
- Collapse -
W32/Rbot-BHT
Jan 3, 2006 7:19AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.alt
W32/Sdbot.worm.gen.bh
W32.Spybot.Worm
WORM_SDBOT.CTV

W32/Rbot-BHT is a worm with backdoor functionality for the Windows platform.
W32/Rbot-BHT attempts to spread by copying itself to network shares protected by weak passwords.
W32/Rbot-BHT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The worm contains functionality to modify the system hosts file and to terminate certain processes.

http://www.sophos.com/virusinfo/analyses/w32rbotbht.html

- Collapse -
W32/Feebs-C
Jan 3, 2006 7:20AM PST

Type Spyware Worm

Aliases JS/Kmax.gen@MM
JS_FEEBS.A
Worm.Win32.Feebs.g

W32/Feebs-C is a worm for the Windows platform.
The worm may arrive as an attachment to an email claiming to be sent via "Protected E-Mail service" with bogus credentials. The message may lure the recipient into entering the supplied credentials into an attached HTML document.
W32/Feebs-C spreads via file sharing on P2P networks.

http://www.sophos.com/virusinfo/analyses/w32feebsc.html

- Collapse -
Troj/VB-QD
Jan 3, 2006 7:21AM PST
- Collapse -
Troj/PWS-HU
Jan 3, 2006 7:22AM PST

Type Spyware Trojan

Troj/PWS-HU is a password stealing Trojan for the Windows platform.
The Trojan steals usernames, passwords and email addresses from the infected computer.
Troj/PWS-HU may also attempt to download and install additional files.

http://www.sophos.com/virusinfo/analyses/trojpwshu.html

- Collapse -
Troj/Small-IE
Jan 3, 2006 7:23AM PST
- Collapse -
Troj/SmDown-A
Jan 3, 2006 7:24AM PST
- Collapse -
Troj/SmDown-B
Jan 3, 2006 7:24AM PST

Type Trojan

Aliases PWS-Banker.gen.w

Troj/SmDown-B is a Trojan for the Windows platform.
Troj/SmDown-B contains functionality to download further malicious code.
Troj/SmDown-B attempts to terminate certain anti-virus processes.

http://www.sophos.com/virusinfo/analyses/trojsmdownb.html

- Collapse -
Troj/Banker-SV
Jan 3, 2006 7:25AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.b
PWSteal.Bancos

Troj/Banker-SV is a Trojan for the Windows platform which attempts to capture confidential information related to Internet Banking, such as usernames and logon passwords.
Troj/Banker-SV includes functionality to send notification messages to remote locations.
Troj/Banker-SV may display fake login interfaces for certain Brazilian banking websites in order to steal login details. Any information retrieved in this manner is submitted to the author by email.

http://www.sophos.com/virusinfo/analyses/trojbankersv.html