Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 5, 2005

W32/Rbot-SQ
Summary

Aliases WORM_RBOT.AJD

Type Worm

W32/Rbot-SQ is a member of the W32/Rbot-Fam family of worms for the
Windows platform with backdoor functionality.
W32/Rbot-SQ targets weakly protected network shares and machines unpatched against known vulnerabilities.
The backdoor component connects to a predefined IRC server and waits for commands from a remote attacker.

http://www.sophos.com/virusinfo/analyses/w32rbotsq.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Liewar-A

In reply to: VIRUS ALERTS - January 5, 2005

Type Trojan

Troj/Liewar-A is a Trojan which pretends to detect spyware.
The Trojan may run any of a fixed list of files if they are not already running. The Trojan may also copy itself or certain files found on the machine to the Windows folder with different names.
Provided there is a file running called IAU.EXE (which the Trojan may start itself) after about two hours the Trojan displays a message box containing the following text:
"Microsoft Windows Alert
Spyware Detected on your PC. Remove it now?"
If the user selects YES, they are taken to a website which advertises spyware removal products.

http://www.sophos.com/virusinfo/analyses/trojliewara.html

Collapse -
Dial/Alife-D

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Dial/Dialer-S

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Lohav-P

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
W32/Sdbot-SY

In reply to: VIRUS ALERTS - January 5, 2005

Aliases WORM_SDBOT.BBL
Backdoor.Win32.SdBot.gen

Type Worm

W32/Sdbot-SY is a worm that attempts to spread via remote network shares. The worm tries to access various network computers with shared folders using weak passwords.
W32/Sdbot-SY contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels while running in the background.

http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html

Collapse -
W32/Rbot-SU

In reply to: VIRUS ALERTS - January 5, 2005

Type Worm

W32/Rbot-SU is a member of the W32/Rbot family of network worms. The worm can spread to weakly protected network shares and to computers vulnerable to the LSASS and DCOM exploits (see Microsoft Security Bulletins MS04-011 and MS04-012 respectively).
The worm has a backdoor component the connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Rbot-SU can be instructed to log any keystrokes made on the computer, scan for vulnerable computers to infect, upload, download and search for files, steal product keys, and take part in distributed denial-of-service (DDoS) attacks.

http://www.sophos.com/virusinfo/analyses/w32rbotsu.html

Collapse -
W32/Rbot-SP

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-SP is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011) and the RPC-DCOM security exploit (MS03-039).

http://www.sophos.com/virusinfo/analyses/w32rbotsp.html

Collapse -
WM97/Lebani-A

In reply to: VIRUS ALERTS - January 5, 2005

Type Virus

WM97/Lebani-A is a macro virus for Microsoft Word.
When an infected document is opened, WM97/Lebani-A will display an error message with title "Virus diz!!" and body "Seu computador esta com problemas!!" The virus will then add text to the opened document with contents "VIVA A FELICIDADE !!!."
On 5, 10, 15, 20 and 25 of each month, WM97/Lebani-A will display a message with title "Virus informa!!" and body "Excel e Power Point foram apagados de sua maquina - Reinstale!!". The virus will then attempt to delete Microsoft Excel and PowerPoint.
When a document is closed, WM97/Lebani-A will display a message with title "Virus recomenda!!" and body "MSN Messenger apagado, reinstale!!". The virus will then attempt to delete MSN Messenger and Toolbar.
WM97/Lebani-A will attempt to change a number of fonts to the "Wingdings" font.
WM97/Lebani-A will attempt to disable Microsoft Word security settings and macro virus protection.

http://www.sophos.com/virusinfo/analyses/wm97lebania.html

Collapse -
Troj/Ranck-BW

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
W32/Sdbot-SW

In reply to: VIRUS ALERTS - January 5, 2005

Type Worm

W32/Sdbot-SW is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32sdbotsw.html

Collapse -
W32/Sdbot-SU

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Ranck-BT

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Bancban-AZ

In reply to: VIRUS ALERTS - January 5, 2005

Aliases TrojanSpy.Win32.Banbra.q
PWS-Bancban.gen.b

Type Trojan

Troj/Bancban-AZ is a password-stealing Trojan targeted at customers of certain Brazilian banks.
Troj/Bancban-AZ attempts to log keypresses entered into certain websites, including Bradesco Internet Banking. The Trojan displays fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbanaz.html

Collapse -
Troj/Goldun-A

In reply to: VIRUS ALERTS - January 5, 2005

Aliases PWS-Banker.d
Trojan-Spy.Win32.Goldun.a

Type Trojan

Troj/Goldun-A is a password stealing Trojan for the Windows platform.
When executed the Trojan copies itself to the Windows folder as wmedia16.exe.
Troj/Goldun-A may steal passwords for the e-gold banking site.
The Trojan may arrive in an email with the following characteristics:
Subject line: photo from you sweet Jessy )
Attached file: foto.rar
Message text: Please don't you show them pictures to anyone! Especially your parents! Otherwise they kill you - they are damn *****!!
Your Jess, kissing you! When you come home, phone me asap! p.s. photos attached, password on archive - foto.

http://www.sophos.com/virusinfo/analyses/trojgolduna.html

Collapse -
Troj/Bancban-AY

In reply to: VIRUS ALERTS - January 5, 2005

Aliases TrojanSpy.Win32.Banker.dr
PWS-Bancban.gen.f

Type Trojan

Troj/Bancban-AY is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-AY attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-AY will also attempt to close Norton Anti-Virus.

http://www.sophos.com/virusinfo/analyses/trojbancbanay.html

Collapse -
Troj/Banpaes-F

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Trojan-Spy.Win32.Banpaes.f
W32/Pate.dr

Type Trojan

Troj/Banpaes-F is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Banpaes-F attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbanpaesf.html

Collapse -
Troj/Bancban-AS

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Trojan.Win32.Delf.gr
W32/Downloader.WM
PWS-Bancban

Type Trojan

Troj/Bancban-AS is a Trojan downloader. The downloaded file is likely to be a Trojan designed to steal confidential details entered into certain banking websites.
When first run, the Trojan displays a message box containing the text "O arquivo esta corrompido".
Troj/Bancban-AS attempts to download and run a file, storing it as C:\WINDOWS\SYSTEM\DADOS.EXE.

http://www.sophos.com/virusinfo/analyses/trojbancbanas.html

Collapse -
JS/Small-B

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Dloader-FI

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Trojan.Win32.Delf.gp
W32/Downloader.WL
PWS-Bancban.dldr
TROJ_BANCOS.HC

Type Trojan

Troj/Dloader-FI is a Trojan downloader.
At the time of writing, Troj/Dloader-FI attempts to download Trojans involved in stealing credit card details.

http://www.sophos.com/virusinfo/analyses/trojdloaderfi.html

Collapse -
Troj/Corpse-A

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Helodor-C

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Skulls-D

In reply to: VIRUS ALERTS - January 5, 2005

Type Trojan

Troj/Skulls-D is a Trojan for mobile devices compatible with Nokia Series 60 running Symbian operating system.
The Trojan may have been planted by the Trojan writer on a website containing free and illegal copies of applications for Symbian as a Symbian SIS installation file Flash_1[1].1_Full_DotSiS.sis.
Troj/Skulls-D drops zero length files in the location of known anti-virus programs and security managers in order to overwrite and disable the security and file management tools.
The Trojan drops a variant of Cabir worm detected by Sophos Anti-Virus as Symb/Cabir-C.
Troj/Skulls-D installs an animated GIF of a skull that is displayed once the device is rebooted.

http://www.sophos.com/virusinfo/analyses/trojskullsd.html

Collapse -
Troj/Agent-BM

In reply to: VIRUS ALERTS - January 5, 2005

Type Trojan

Troj/Agent-BM is an HTTP proxy for the Windows platform. The Trojan runs as a proxy on port 8080 and sets the default HTTP proxy for the system to 127.0.0.1:8080.
The Trojan may also connect to a pornographic website and display images.

http://www.sophos.com/virusinfo/analyses/trojagentbm.html

Collapse -
Troj/Banker-HA

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Trojan-Spy.Win32.Banker.ha
PWS-Bancban.gen.b

Type Trojan

Troj/Banker-HA is a password stealing Trojan aimed at customers of Brazilian banks.
Troj/Banker-HA will monitor a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.
Troj/Banker-HA will then send the stolen details to a Brazilian email address.

http://www.sophos.com/virusinfo/analyses/trojbankerha.html

Collapse -
Troj/Iefeat-T

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Icedoor-A

In reply to: VIRUS ALERTS - January 5, 2005

Type Trojan

Troj/Icedoor-A is a backdoor Trojan for the Windows platform.
Troj/Icedoor-A connects to the internet and tries to establish contact with and download code from several preconfigured locations as well as opening up a backdoor port on the infected computer.

http://www.sophos.com/virusinfo/analyses/trojicedoora.html

Collapse -
Troj/Swizzor-CB

In reply to: VIRUS ALERTS - January 5, 2005

Collapse -
Troj/Hzdoor-A

In reply to: VIRUS ALERTS - January 5, 2005

Aliases Backdoor.Win32.Hzdoor.a

Type Trojan

Troj/Hzdoor-A is a backdoor Trojan for the Windows platform.
The Trojan joins an IRC channel and awaits further commands from a remote user.
Troj/Hzdoor-A drops a file to the Windows system folder as ccSetMngr.exe and then runs it. Sophos Anti-Virus products detect ccSetMngr.exe as Troj/Winser-A.

http://www.sophos.com/virusinfo/analyses/trojhzdoora.html

Collapse -
Troj/Winser-A

In reply to: VIRUS ALERTS - January 5, 2005

Type Trojan

Troj/Winser-A is a Trojan for the Windows platform.
The Trojan can be used to exploit the Windows Internet Naming Service (WINS) buffer overflow vulnerability (MS04-045) to gain remote shell access on Microsoft Windows servers running the WINS service.

http://www.sophos.com/virusinfo/analyses/trojwinsera.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!