Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 6, 2006

Jan 6, 2006 12:14AM PST

Troj/Bancban-NI

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.apt
PWS-Banker.gen.i

Troj/Bancban-NI is a password-stealing Trojan for the Windows platform.

Troj/Bancban-NI includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbanni.html

Discussion is locked

- Collapse -
Troj/Sdbot-AGX
Jan 6, 2006 4:07AM PST

Type
Spyware Trojan

Troj/Sdbot-AGX is a backdoor Trojan for the Windows platform.

Troj/Sdbot-AGX enables a remote user to perform such actions as:

Record keystrokes and screenshots.
Use the infected computer as a proxy for mail or internet traffic.
Launch DDOS attacks.
Download new files.

http://www.sophos.com/virusinfo/analyses/trojsdbotagx.html

- Collapse -
Troj/Bancj-D
Jan 6, 2006 4:20AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Bancj-D is a Trojan for the Windows platform.

Troj/Bancj-D includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancjd.html

- Collapse -
Troj/Bancban-MA
Jan 6, 2006 4:22AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Bancban-MA is a Trojan for the Windows platform.

Troj/Bancban-MA includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancbanma.html

- Collapse -
Troj/Bancban-MB
Jan 6, 2006 4:24AM PST

Type
Spyware Trojan

Aliases
TSPY_BANBRA.CB
Trojan-Spy.Win32.Banbra.df

Troj/Bancban-MB is a Trojan for the Windows platform.

Troj/Bancban-MB includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancbanmb.html

- Collapse -
Troj/LewDl-E
Jan 6, 2006 4:25AM PST
- Collapse -
W32/Dasher-B
Jan 6, 2006 4:28AM PST

Type
Worm

Aliases
Net-Worm.Win32.Reporter
W32/Dasher.worm

W32/Dasher-B is a worm for the Windows platform.

W32/Dasher-B spreads by exploiting the MSDTC (MS05-051) vulnerability.

When run the worm creates the following files :
<Windows system folder> \wins\sqlexp.exe
<Windows system folder> \wins\sqlscan.exe
<Windows system folder> \wins\svchost.exe

Sqlscan.exe is a port scanner, used to search networks for open ports.
Sqlexp.exe and svchost.exe are detected as W32/Dasher-B.

W32/Dasher-B searches a set of pre-defined networks for open ports and attempts to exploit and vulnerable computers it finds. The exploit opens a backdoor on the vulnerable computer and causes it to connect to a remote server for further instructions.

At the time of writing the instructions supplied by the remote server cause the exploited computer to download and execute two further programs.

A patch for the operating system vulnerabilty exploited by W32/Dasher-B is available from Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS05-051.mspx

http://www.sophos.com/virusinfo/analyses/w32dasherb.html

- Collapse -
W32/Tilebot-CP
Jan 6, 2006 4:30AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.SdBot.xd

W32/Tilebot-CP is a worm and IRC backdoor Trojan for the Windows platform.

W32/Tilebot-CP spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-CP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32tilebotcp.html

- Collapse -
W32/Spybot-EM
Jan 6, 2006 4:31AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.IRCBot.gv

W32/Spybot-EM is a worm and backdoor Trojan for the Windows platform.

A remote intruder may use W32/Spybot-EM to download and execute further code, and to steal information by (for example) logging keystrokes and taking screenshots.

http://www.sophos.com/virusinfo/analyses/w32spybotem.html

- Collapse -
W32/Spybot-EN
Jan 6, 2006 4:35AM PST
- Collapse -
W32/Antiman-G
Jan 6, 2006 4:37AM PST

Type
Spyware Worm

Aliases
PWS-Banker.gen.p
TSPY_BANCOS.BIA

W32/Antiman-G is an email worm for the Windows platform.

W32/Antiman-G includes functionality to access the internet and communicate with a remote server via HTTP, and may attempt to download a file from a remote website.

W32/Antiman-G may attempt to terminate processes, delete files and close windows related to certain anti-virus and security programs.

W32/Antiman-G logs user information and keystrokes, in particular those related to certain Brazilian banking websites.

W32/Antiman-G may send itself by email to addresses it harvests from the infected computer.

http://www.sophos.com/virusinfo/analyses/w32antimang.html

- Collapse -
Troj/Zlob-CD
Jan 6, 2006 5:24AM PST
- Collapse -
Troj/Bancos-IW
Jan 6, 2006 5:27AM PST
- Collapse -
Troj/Bifrose-CU
Jan 6, 2006 5:29AM PST
- Collapse -
Troj/Bckdr-E
Jan 6, 2006 5:32AM PST
- Collapse -
Troj/ByShell-A
Jan 6, 2006 5:34AM PST

Type
Trojan

Aliases
Backdoor.Win32.ByShell.b
Backdoor.ByShell.a
W32/Byshell.A

Troj/ByShell-A is an NT rootkit which intercepts various system APIs.

Troj/ByShell-A comprises the number of files and includes the functionality to hide processes, insert itself into other applications process space and bypass security applications including firewall.

Troj/ByShell-A allows an unauthorized remote access to the infected computer

http://www.sophos.com/virusinfo/analyses/trojbyshella.html

- Collapse -
Troj/ExpBdoor-A
Jan 6, 2006 5:36AM PST

Type
Trojan

Aliases
Exploit.Win32.MS05-039.ac
Exploit-DcomRpc.g.gen

Troj/ExpBdoor-A is a Trojan for the Windows platform.

Troj/ExpBdoor-A exploits an operating system vulnerability to open a backdoor
on a remote computer.

A patch for the operating system vulnerability exploited by Troj/ExpBdoor-A is available from Microsoft:
MS05-039

http://www.sophos.com/virusinfo/analyses/trojexpbdoora.html

- Collapse -
W32/Netsky-W
Jan 6, 2006 5:38AM PST
- Collapse -
Troj/Dloadr-ACO
Jan 6, 2006 5:41AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.PassAlert.d
StartPage-IC

Troj/Dloadr-ACO is a downloader Trojan for the Windows platform.

Troj/Dloadr-ACO includes functionality to download and run programs from the internet and bypass personal firewall software.

http://www.sophos.com/virusinfo/analyses/trojdloadraco.html

- Collapse -
W32/Sdbot-AJS
Jan 6, 2006 5:43AM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.ajs

W32/Sdbot-AJS is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-AJS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Sdbot-AJS includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32sdbotajs.html

- Collapse -
W32/Loosky-L
Jan 6, 2006 5:45AM PST

Type
Spyware Worm

Aliases
Email-Worm.Win32.Locksky.l
W32/Loosky.gen@MM

W32/Loosky-L is an email worm for the Windows platform.

W32/Loosky-L spreads by sending email with the following characteristics:

Subject line:
Your mail Account is Suspended

Message text:
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attached file:
acc_inf01.exe

The worm also installs a proxy server and opens a backdoor allowing a remote user to take control of the infected computer.

W32/Loosky-L records a user's keystrokes and attemtps to steal and stored passwords.

http://www.sophos.com/virusinfo/analyses/w32looskyl.html

- Collapse -
Troj/AdClick-BJ
Jan 6, 2006 5:47AM PST
- Collapse -
Troj/Bancban-MD
Jan 6, 2006 5:49AM PST
- Collapse -
Troj/Zlob-CE
Jan 6, 2006 8:20AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.du
Trojan-Downloader.Win32.Zlob.dq
Trojan-Downloader.Win32.Zlob.dx
Trojan-Downloader.Win32.Zlob.dk
Downloader-AQW
Trojan.Zlob

Troj/Zlob-CE is a Trojan for the Windows platform.
Troj/Zlob-CE may download further malicious code.

http://www.sophos.com/virusinfo/analyses/trojzlobce.html

- Collapse -
Troj/GrayBrd-Y
Jan 6, 2006 8:26AM PST

Type Trojan

Aliases Backdoor.Win32.Hupigon.pm
BKDR_HUPIGON.SC
Generic.cc

Troj/GrayBrd-Y is a backdoor Trojan for the Windows platform.
Troj/GrayBrd-Y includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojgraybrdy.html

- Collapse -
W32/Style-B
Jan 6, 2006 8:27AM PST
- Collapse -
Troj/DNSBust-G
Jan 6, 2006 8:28AM PST
- Collapse -
Troj/Lineage-DX
Jan 6, 2006 8:29AM PST
- Collapse -
Troj/Vixup-Z
Jan 6, 2006 8:30AM PST
- Collapse -
Troj/Small-IO
Jan 6, 2006 8:30AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Small.bvy

Troj/Small-IO is a Trojan for the Windows platform.
Troj/Small-IO includes functionality to download, install and run new software.
Troj/Small-IO attempts to inject code into the Internet Explorer process.

http://www.sophos.com/virusinfo/analyses/trojsmallio.html

- Collapse -
Troj/Agent-MZ
Jan 6, 2006 8:31AM PST

Type Trojan

Aliases Trojan-Dropper.Win32.Agent.qz

Troj/Agent-MZ is a backdoor Trojan for the Windows platform.
Troj/Agent-MZ installs several legitimate utilities, including a remote administration tool. The Trojan then runs the remote administration tool in such a way as to provide unauthorized access to the infected computer.
Troj/Agent-MZ comes as a self-extracting archive, labelled as a crack or key generator for a commercial application.

http://www.sophos.com/virusinfo/analyses/trojagentmz.html