Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 4, 2005

by roddy32 Jan 3, 2006 9:40PM PST

W32/Brontok-M

Type
Worm

W32/Brontok-M is a worm for the Windows platform.

When first run W32/Brontok-M may copy itself to:

<User> \Local Settings\Application Data\br<4 random digits>on.exe
<User> \Local Settings\Application Data\csrss.exe
<User> \Local Settings\Application Data\inetinfo.exe
<User> \Local Settings\Application Data\lsass.exe
<User> \Local Settings\Application Data\services.exe
<User> \Local Settings\Application Data\smss.exe
<User> \Local Settings\Application Data\svchost.exe
<Windows> \ShellNew\bbm-qotkmgfc.exe
<Windows> \sembako-cfzjkmg.exe
<System> \cmd-bro-mkx.exe

and create the following file:

<System> \sistem.sys

http://www.sophos.com/virusinfo/analyses/w32brontokm.html

Discussion is locked

31 - 60 of 72 Posts
- Collapse + Expand Details
- Collapse -
Troj/Agent-IE
by roddy32 Jan 4, 2006 4:21AM PST
- Collapse -
Troj/Stinx-J
by roddy32 Jan 4, 2006 4:25AM PST
- Collapse -
Troj/LowZone-BI
by roddy32 Jan 4, 2006 4:27AM PST
- Collapse -
Troj/Bancos-IQ
by roddy32 Jan 4, 2006 4:29AM PST
- Collapse -
Troj/Pisaboy-B
by roddy32 Jan 4, 2006 4:32AM PST

Type
Trojan

Aliases
Backdoor.Win32.MSNMaker.l
BackDoor-CRS
Download.Trojan

Troj/Pisaboy-B is a backdoor Trojan targeted at users of MSN Messenger.

The backdoor functionality of the Trojan allows a remote user to perform a number of operations related to Messenger, such as spying on messages sent and received or sending messages in the infected user's name. The Trojan may also connect to arbitrary websites or restart the computer.

The Trojan may display a message such as the following:

"People in your MSNlist have been messing around with you... Also wanna be a MSNhacker?"

http://www.sophos.com/virusinfo/analyses/trojpisaboyb.html

- Collapse -
W32/Rbot-BHU
by roddy32 Jan 4, 2006 4:34AM PST

Type
Worm

Aliases
Backdoor.Win32.Aimbot.bs

W32/Rbot-BHU is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BHU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbhu.html

- Collapse -
Troj/RKProc-D
by roddy32 Jan 4, 2006 4:36AM PST

Type
Trojan

Aliases
Hacktool.Rootkit

Troj/RKProc-D is a kernel-mode driver rootkit.

Troj/RKProc-D is capable of hiding information about certain running processes, providing stealthing by patching the kernel service descriptor table.

http://www.sophos.com/virusinfo/analyses/trojrkprocd.html

- Collapse -
W32/IRCbot-BO
by roddy32 Jan 4, 2006 4:42AM PST

Type
Worm

W32/IRCbot-BO is a worm and IRC backdoor Trojan for the Windows platform.

W32/IRCbot-BO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32ircbotbo.html

- Collapse -
Troj/QQRob-AX
by roddy32 Jan 4, 2006 4:44AM PST
- Collapse -
Troj/Hupigon-BS
by roddy32 Jan 4, 2006 4:47AM PST
- Collapse -
W32/Crutle-B
by roddy32 Jan 4, 2006 4:49AM PST
- Collapse -
Troj/Spray-A
by roddy32 Jan 4, 2006 4:51AM PST
- Collapse -
W32/Rbot-BIA
by Marianna Schmudlach Jan 4, 2006 6:07AM PST

Type Worm

Aliases W32/Sdbot.worm.gen.bq

W32/Rbot-BIA is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BIA spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812),MSSQL (MS02-039)and ASN.1 (MS04-007).
W32/Rbot-BIA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbia.html

- Collapse -
W32/Tilebot-CY
by Marianna Schmudlach Jan 4, 2006 6:09AM PST

Type Worm

Aliases Backdoor.Win32.SdBot.xd
W32/Sdbot.worm.gen.g
W32.Spybot.Worm
WORM_SDBOT.CTE

W32/Tilebot-CY is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-CY spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Tilebot-CY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CY includes functionality to access the internet and communicate with a remote server via HTTP.


http://www.sophos.com/virusinfo/analyses/w32tilebotcy.html

- Collapse -
W32/Brontok-N
by Marianna Schmudlach Jan 4, 2006 6:10AM PST
- Collapse -
Troj/SmDown-C
by Marianna Schmudlach Jan 4, 2006 6:11AM PST
- Collapse -
Troj/Banker-TG
by Marianna Schmudlach Jan 4, 2006 6:12AM PST
- Collapse -
Troj/Banload-HL
by Marianna Schmudlach Jan 4, 2006 6:13AM PST
- Collapse -
Troj/Banload-HK
by Marianna Schmudlach Jan 4, 2006 6:14AM PST
- Collapse -
Troj/Banload-HM
by Marianna Schmudlach Jan 4, 2006 6:15AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.ap
Downloader-ABU

Troj/Banload-HM is a downloading Trojan for the Windows platform.
Troj/Banload-HM includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbanloadhm.html

- Collapse -
Troj/DownLdr-QO
by Marianna Schmudlach Jan 4, 2006 6:16AM PST
- Collapse -
Troj/DownLdr-QN
by Marianna Schmudlach Jan 4, 2006 6:17AM PST
- Collapse -
Troj/Agent-AFJ
by Marianna Schmudlach Jan 4, 2006 6:18AM PST
- Collapse -
Troj/Scripdog-A
by Marianna Schmudlach Jan 4, 2006 6:19AM PST

Type Trojan

Troj/Scripdog-A is a Trojan for the Windows platform.
The Trojan is capable of the following:
- creating/listing/terminating processes
- creating/deleting user accounts
- injecting code into running processes
- modifying the system registry
- creating/deleting files and directories
- downloading files from remote sites
- shutting down the computer
- listing open ports
- manipulating EXE files

http://www.sophos.com/virusinfo/analyses/trojscripdoga.html

- Collapse -
Troj/HacDef-AM
by Marianna Schmudlach Jan 4, 2006 6:20AM PST

Type Spyware Trojan

Aliases Backdoor.Win32.HacDef.ae

Troj/HacDef-AM is a backdoor Trojan for the Windows platform.
As well as allowing remote attackers unauthorized access to the infected computer, the Trojan is able to hide its presence by hijacking operating system calls and preventing the user from viewing files, folders, processes, services, registry entries and/or network connections.

http://www.sophos.com/virusinfo/analyses/trojhacdefam.html

- Collapse -
Troj/ServU-BX
by Marianna Schmudlach Jan 4, 2006 6:21AM PST

Type Trojan

Aliases Backdoor.Win32.ServU-based

Troj/ServU-BX is a hacked version of a commercial FTP application.
By default, the Trojan runs an ftp server on TCP port 43958. This can be overriden by configuration data read from a file called SystemSpool.ocx in the current folder.

http://www.sophos.com/virusinfo/analyses/trojservubx.html

- Collapse -
W32/Loosky-M
by Marianna Schmudlach Jan 4, 2006 7:12AM PST
- Collapse -
Troj/Zlob-AL
by Marianna Schmudlach Jan 4, 2006 7:13AM PST
- Collapse -
Troj/Puper-AD
by Marianna Schmudlach Jan 4, 2006 7:14AM PST
- Collapse -
W32/Brontok-K
by Marianna Schmudlach Jan 4, 2006 7:15AM PST

Type Worm

Aliases Email-Worm.Win32.Brontok.c
W32.Rontokbro@mm

W32/Brontok-K is an email worm that sends itself to addresses gathered from the infected computer by searching files with the following extensions:
ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB

http://www.sophos.com/virusinfo/analyses/w32brontokk.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info