Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 4, 2005

by roddy32 Jan 3, 2006 9:40PM PST

W32/Brontok-M

Type
Worm

W32/Brontok-M is a worm for the Windows platform.

When first run W32/Brontok-M may copy itself to:

<User> \Local Settings\Application Data\br<4 random digits>on.exe
<User> \Local Settings\Application Data\csrss.exe
<User> \Local Settings\Application Data\inetinfo.exe
<User> \Local Settings\Application Data\lsass.exe
<User> \Local Settings\Application Data\services.exe
<User> \Local Settings\Application Data\smss.exe
<User> \Local Settings\Application Data\svchost.exe
<Windows> \ShellNew\bbm-qotkmgfc.exe
<Windows> \sembako-cfzjkmg.exe
<System> \cmd-bro-mkx.exe

and create the following file:

<System> \sistem.sys

http://www.sophos.com/virusinfo/analyses/w32brontokm.html

Discussion is locked

1 - 30 of 72 Posts
- Collapse + Expand Details
- Collapse -
Troj/QLowZon-H
by roddy32 Jan 3, 2006 9:42PM PST
- Collapse -
Troj/Spyal-A
by roddy32 Jan 3, 2006 9:44PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Agent.iz

Troj/Spyal-A is a Trojan for the Windows platform.

Troj/Spyal-A has the functionality to:

- log key strokes
- communicate with a remote server via email
- act as a proxy server relaying information

http://www.sophos.com/virusinfo/analyses/trojspyala.html

- Collapse -
Troj/Banker-TA
by roddy32 Jan 3, 2006 9:48PM PST
- Collapse -
Troj/DownLdr-QK
by roddy32 Jan 4, 2006 12:30AM PST
- Collapse -
W32/Rbot-BHV
by roddy32 Jan 4, 2006 12:32AM PST

Type
Worm

Aliases
Backdoor.Win32.Rbot.rq

W32/Rbot-BHV is a worm for the Windows platform.

W32/Rbot-BHV spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WINS (MS04-045) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32rbotbhv.html

- Collapse -
Troj/Bancban-NF
by roddy32 Jan 4, 2006 12:34AM PST
- Collapse -
Troj/LewDl-H
by roddy32 Jan 4, 2006 12:36AM PST
- Collapse -
Troj/Lecna-H
by roddy32 Jan 4, 2006 12:37AM PST
- Collapse -
Troj/NtRootK-M
by roddy32 Jan 4, 2006 12:39AM PST

Type
Trojan

Aliases
NTRootKit-S
Backdoor.Win32.Lecna.p

Aliases
NTRootKit-S
Backdoor.Win32.Lecna.p

- Collapse -
Troj/Bancban-NE
by roddy32 Jan 4, 2006 12:41AM PST
- Collapse -
Troj/Bckdr-PS
by roddy32 Jan 4, 2006 12:43AM PST
- Collapse -
W32/Rbot-LT
by roddy32 Jan 4, 2006 1:12AM PST
- Collapse -
Troj/Bckdr-CER
by roddy32 Jan 4, 2006 1:14AM PST
- Collapse -
Troj/TheMouse-A
by roddy32 Jan 4, 2006 1:17AM PST

Type
Trojan

Aliases
Backdoor.Win32.Agent.cx

Troj/TheMouse-A is a backdoor Trojan which can be configured to accept connection on a predefined port. The Trojan will then listen for incoming connections and download and execute files as instructed by an intruder.

http://www.sophos.com/virusinfo/analyses/trojthemousea.html

- Collapse -
W32/Forbot-AX
by roddy32 Jan 4, 2006 1:20AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Agobot.vj
Exploit-MS04-011.gen
WORM_WOOTBOT.GEN

W32/Forbot-AX is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels while running in the background as a service process.

W32/Forbot-AX attempts to terminate several processes related to security and anti-virus programs.

W32/Forbot-AX attempts to spread to network machines using various exploits including the LSASS vulnerability (see MS04-011).

http://www.sophos.com/virusinfo/analyses/w32forbotax.html

- Collapse -
W32/Forbot-AW
by roddy32 Jan 4, 2006 1:30AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Agobot.vj
Exploit-MS04-011.gen
WORM_WOOTBOT.GEN

W32/Forbot-AW is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

W32/Forbot-AW also attempts to copy the W32/Parite-B virus into memory so that it can infect files.

W32/Forbot-AW attempts to spread to network machines using various exploits including the LSASS vulnerability (see MS04-011).

http://www.sophos.com/virusinfo/analyses/w32forbotaw.html

- Collapse -
W32/Sdbot-PW
by roddy32 Jan 4, 2006 1:40AM PST
- Collapse -
W32/Backterra-C
by roddy32 Jan 4, 2006 3:27AM PST
- Collapse -
Troj/Banker-DT
by roddy32 Jan 4, 2006 3:30AM PST
- Collapse -
W32/Rbot-LU
by roddy32 Jan 4, 2006 3:31AM PST
- Collapse -
W32/Rbot-LV
by roddy32 Jan 4, 2006 3:33AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.t

W32/Rbot-LV is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels while running in the background as a service process.

W32/Rbot-LV spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user. The worm may also spread through IRC channels by using DCC.

W32/Rbot-LV may also log keypresses, steal Windows passwords, participate in DDOS attacks and steal keys for certain software products.

http://www.sophos.com/virusinfo/analyses/w32rbotlv.html

- Collapse -
W32/Rbot-BFR
by roddy32 Jan 4, 2006 4:01AM PST

Type
Worm

Aliases
Backdoor.Win32.Rbot.alj
W32/Sdbot.worm.gen.n
W32.Spybot.Worm
WORM_RBOT.DFP

W32/Rbot-BFR is a network worm with backdoor functionality for the Windows platform.

W32/Rbot-BFR spreads:

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BFR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbfr.html

- Collapse -
W32/Rbot-BFS
by roddy32 Jan 4, 2006 4:03AM PST

Type
Worm

Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.bh

W32/Rbot-BFS is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BFS spreads:

- to other network computers infected with: W32/MyDoom and W32/Bagle
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), Veritas (CAN-2004-1172) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BFS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbfs.html

- Collapse -
W32/Brontok-I
by roddy32 Jan 4, 2006 4:05AM PST
- Collapse -
W32/Brontok-H
by roddy32 Jan 4, 2006 4:07AM PST
- Collapse -
Troj/PcClient-X
by roddy32 Jan 4, 2006 4:09AM PST

Type
Spyware Trojan

Aliases
Backdoor.Win32.PcClient.jf
BackDoor-CKB

roj/PcClient-X is a backdoor Trojan for the Windows platform that provides unauthorized remote access to the infected computer.

Troj/PcClient-X includes keylogging functionality.

http://www.sophos.com/virusinfo/analyses/trojpcclientx.html

- Collapse -
Troj/Banload-AI
by roddy32 Jan 4, 2006 4:12AM PST
- Collapse -
Troj/Bander-AD
by roddy32 Jan 4, 2006 4:14AM PST
- Collapse -
Troj/Agent-IG
by roddy32 Jan 4, 2006 4:17AM PST

Type
Spyware Trojan

Troj/Agent-IG is a Trojan for the Windows platform.

Troj/Agent-IG is capable of spying on a user's browsing habits, modifying Microsoft Internet Explorer settings, downloading further executables and displaying popup advertisements.

http://www.sophos.com/virusinfo/analyses/trojagentig.html

- Collapse -
Troj/Agent-IF
by roddy32 Jan 4, 2006 4:19AM PST

Type
Spyware Trojan

Troj/Agent-IF is a Trojan for the Windows platform.

Troj/Agent-IF is capable of spying on a user's browsing habits, modifying Microsoft Internet Explorer settings, downloading further executables and displaying popup advertisements.

http://www.sophos.com/virusinfo/analyses/trojagentif.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info