Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 4, 2005

by roddy32 Jan 3, 2006 9:40PM PST

W32/Brontok-M

Type
Worm

W32/Brontok-M is a worm for the Windows platform.

When first run W32/Brontok-M may copy itself to:

<User> \Local Settings\Application Data\br<4 random digits>on.exe
<User> \Local Settings\Application Data\csrss.exe
<User> \Local Settings\Application Data\inetinfo.exe
<User> \Local Settings\Application Data\lsass.exe
<User> \Local Settings\Application Data\services.exe
<User> \Local Settings\Application Data\smss.exe
<User> \Local Settings\Application Data\svchost.exe
<Windows> \ShellNew\bbm-qotkmgfc.exe
<Windows> \sembako-cfzjkmg.exe
<System> \cmd-bro-mkx.exe

and create the following file:

<System> \sistem.sys

http://www.sophos.com/virusinfo/analyses/w32brontokm.html

Discussion is locked

61 - 90 of 72 Posts
- Collapse + Expand Details
- Collapse -
W32/Sdranck-W
by Marianna Schmudlach Jan 4, 2006 7:16AM PST
- Collapse -
Exp/WMF-A
by Marianna Schmudlach Jan 4, 2006 7:17AM PST

Type Trojan

Exp/WMF-A detects Windows Metafiles (WMF) which exploit a vulnerability in the image rendering functionality of the DLL GDI32.DLL, which allows the execution of arbitrary code.
The exploit runs on several Windows platforms including Windows XP SP2 and affects several image-rendering applications which use GDI32.DLL directly or via the DLL SHIMGVW.DLL, eg Windows Picture and Fax Viewer (and other applications which depend on it, like Windows Explorer when it displays thumbnails).
Microsoft do not have a patch for this vulnerability yet.
For more information please see the following Microsoft advisory:
http://www.microsoft.com/technet/security/advisory/912840.mspx

http://www.sophos.com/virusinfo/analyses/expwmfa.html

- Collapse -
Troj/IRCBot-CX
by Marianna Schmudlach Jan 4, 2006 3:24PM PST
- Collapse -
W32/Rbot-BIW
by Marianna Schmudlach Jan 4, 2006 3:25PM PST
- Collapse -
Troj/Spygal-F
by Marianna Schmudlach Jan 4, 2006 3:26PM PST
- Collapse -
Troj/LegMir-DW
by Marianna Schmudlach Jan 4, 2006 3:27PM PST
- Collapse -
Troj/DownLdr-QZ
by Marianna Schmudlach Jan 4, 2006 3:28PM PST

Type Trojan

Aliases BackDoor-AZV

Troj/DownLdr-QZ is a Trojan for the Windows platform.
The Trojan modifies the Windows firewall settings, downloads and executes files from a remote site. At the time of writing, the downloaded file is detected by Sophos's anti-virus products as Troj/IRCBot-CX.

http://www.sophos.com/virusinfo/analyses/trojdownldrqz.html

- Collapse -
Troj/Dloadr-DQ
by Marianna Schmudlach Jan 4, 2006 3:29PM PST
- Collapse -
Troj/Agent-RI
by Marianna Schmudlach Jan 4, 2006 3:30PM PST
- Collapse -
W32/Allocu-C
by Marianna Schmudlach Jan 4, 2006 3:31PM PST
- Collapse -
Troj/LegMir-DX
by Marianna Schmudlach Jan 4, 2006 3:32PM PST
- Collapse -
Troj/Lineage-DV
by Marianna Schmudlach Jan 4, 2006 3:32PM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info