Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 5, 2006

Jan 5, 2006 12:17AM PST

Discussion is locked

- Collapse -
Troj/VBanker-C
Jan 5, 2006 2:57AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Bancos.lo

Troj/VBanker-C is a Trojan for the Windows platform.

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojvbankerc.html

- Collapse -
Troj/Banload-CB
Jan 5, 2006 3:00AM PST
- Collapse -
Troj/VBanker-B
Jan 5, 2006 3:02AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Bancos.jl

Troj/VBanker-B is a Trojan for the Windows platform.

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojvbankerb.html

- Collapse -
Troj/Progent-P
Jan 5, 2006 3:43AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.ProAgent.t
PWS-Progent
Trojan.Progent

Troj/Progent-P is a backdoor Trojan for the Windows platform.

Troj/Progent-P includes functionality to:

- access the internet and communicate with a remote server via HTTP
- steal information and passwords from a number of games and applications
- send notification messages to remote locations
- log key presses

http://www.sophos.com/virusinfo/analyses/trojprogentp.html

- Collapse -
Troj/Mdrop-IX
Jan 5, 2006 3:45AM PST
- Collapse -
W32/Rbot-BIR
Jan 5, 2006 3:46AM PST

Type
Worm

W32/Rbot-BIR is a worm for the Windows platform.

W32/Rbot-BIR spreads:

- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotbir.html

- Collapse -
Troj/VBbot-Q
Jan 5, 2006 3:49AM PST
- Collapse -
W32/Rbot-BIU
Jan 5, 2006 3:51AM PST

Type
Worm

W32/Rbot-BIU is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BIU spreads:

- to other network computers infected with Troj/Kuang
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BIU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbiu.html

- Collapse -
Troj/DownLdr-QQ
Jan 5, 2006 3:53AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Femad.aa

Troj/DownLdr-QQ is a Trojan for the Windows platform.

Troj/DownLdr-QQ includes functionality to access the internet and communicate with a remote server via HTTP.

- Collapse -
Troj/DownLdr-QR
Jan 5, 2006 3:56AM PST
- Collapse -
Troj/Bandler-J
Jan 5, 2006 5:55AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.zp
PWS-Banker.gen.b
PWSteal.Banpaes
Troj/Bandler-J is an information stealing Trojan for the Windows platform.

Troj/Bandler-J includes functionality to:

-access the internet and communicate with a remote server via HTTP
-download, install and run new software
-log keypresses

Troj/Bandler-J will also attempt to terminate Anti-virus and security related applications.

http://www.sophos.com/virusinfo/analyses/trojbandlerj.html

- Collapse -
Troj/DownLdr-QT
Jan 5, 2006 5:57AM PST
- Collapse -
Troj/Antilam-H
Jan 5, 2006 5:59AM PST

Type
Spyware Trojan

Aliases
Backdoor.Win32.Zdemon.126
BackDoor-APT
Backdoor.Zdemon.10
BKDR_ZDEMON.1

Troj/Antilam-H is a backdoor Trojan for the Windows platform that provides unauthorized remote access to the infected computer.

Troj/Antilam-H includes functionality to:

-download files using its own SMTP engine or FTP server
-log keypresses
-steal confidential information
-provide access to the available network drives
-terminate AV and security related applications

http://www.sophos.com/virusinfo/analyses/trojantilamh.html

- Collapse -
Troj/Multidr-FC
Jan 5, 2006 6:01AM PST
- Collapse -
Troj/Small-IL
Jan 5, 2006 6:03AM PST
- Collapse -
Troj/Agent-MS
Jan 5, 2006 6:04AM PST
- Collapse -
Troj/Prosti-S
Jan 5, 2006 6:14AM PST
- Collapse -
Troj/QQHelp-E
Jan 5, 2006 6:15AM PST
- Collapse -
Troj/Lineage-DW
Jan 5, 2006 6:17AM PST
- Collapse -
Troj/Stinx-K
Jan 5, 2006 11:07AM PST
- Collapse -
Troj/Loosky-R
Jan 5, 2006 11:08AM PST

Type Trojan

Aliases Email-Worm.Win32.Locksky.m

Troj/Loosky-R is a downloading Trojan and proxy server.
Troj/Loosky-R downloads and executes files from a preconfigured URL and provides a proxy server, allowing a remote attacker to route TCP traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojlooskyr.html

- Collapse -
Troj/Aolps-Q
Jan 5, 2006 11:09AM PST
- Collapse -
Troj/Small-IM
Jan 5, 2006 11:10AM PST
- Collapse -
Troj/Swizzor-AG
Jan 5, 2006 11:11AM PST
- Collapse -
Troj/Feutel-CD
Jan 5, 2006 11:12AM PST
- Collapse -
Troj/Hackvan-D
Jan 5, 2006 11:12AM PST
- Collapse -
Troj/Banker-TP
Jan 5, 2006 11:14AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banbra.df

Troj/Banker-TP is a password stealing Trojan for the Windows platform.
The Trojan monitors Internet Explorer sessions and captures keypresses when certain banking sites are visited by displaying fake login windows. The harvested information is then sent to a remote user via email.

http://www.sophos.com/virusinfo/analyses/trojbankertp.html

- Collapse -
W32/Feebs-H
Jan 5, 2006 11:15AM PST

Type Spyware Worm

Aliases JS/Kmax.gen@MM
JS_FEEBS.A
Worm.Win32.Feebs.h

W32/Feebs-H is a worm for the Windows platform.
The worm may arrive as an attachment to an email claiming to be sent via "Protected E-Mail service" with bogus credentials. The message may lure the recipient into entering the supplied credentials into an attached HTML document.
W32/Feebs-H spreads via file sharing on P2P networks.
W32/Feebs-H may also harvest information from the infected computer and send stolen data to a remote user via FTP.

http://www.sophos.com/virusinfo/analyses/w32feebsh.html

- Collapse -
W32/IRCBot-BR
Jan 5, 2006 12:58PM PST

Type Worm

Aliases Backdoor.Win32.IRCBot.jm

W32/IRCBot-BR is a worm and IRC backdoor Trojan for the Windows platform.
W32/IRCBot-BR spreads to other network computers by exploiting common buffer overflow vulnerabilities, including ASN.1 (MS04-007).
W32/IRCBot-BR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/IRCBot-BR includes functionality to download, install and run new software.
The following patches for the operating system vulnerabilities exploited by W32/IRCBot-BR can be obtained from the Microsoft website:
MS04-007

http://www.sophos.com/virusinfo/analyses/w32ircbotbr.html

- Collapse -
Troj/ServU-BV
Jan 5, 2006 12:59PM PST