Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 6, 2006

by roddy32 Jan 6, 2006 12:14AM PST

Troj/Bancban-NI

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.apt
PWS-Banker.gen.i

Troj/Bancban-NI is a password-stealing Trojan for the Windows platform.

Troj/Bancban-NI includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbanni.html

Discussion is locked

31 - 60 of 101 Posts
- Collapse + Expand Details
- Collapse -
Troj/Sdbot-AGX
by roddy32 Jan 6, 2006 4:07AM PST

Type
Spyware Trojan

Troj/Sdbot-AGX is a backdoor Trojan for the Windows platform.

Troj/Sdbot-AGX enables a remote user to perform such actions as:

Record keystrokes and screenshots.
Use the infected computer as a proxy for mail or internet traffic.
Launch DDOS attacks.
Download new files.

http://www.sophos.com/virusinfo/analyses/trojsdbotagx.html

- Collapse -
Troj/Bancj-D
by roddy32 Jan 6, 2006 4:20AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Bancj-D is a Trojan for the Windows platform.

Troj/Bancj-D includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancjd.html

- Collapse -
Troj/Bancban-MA
by roddy32 Jan 6, 2006 4:22AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Bancban-MA is a Trojan for the Windows platform.

Troj/Bancban-MA includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancbanma.html

- Collapse -
Troj/Bancban-MB
by roddy32 Jan 6, 2006 4:24AM PST

Type
Spyware Trojan

Aliases
TSPY_BANBRA.CB
Trojan-Spy.Win32.Banbra.df

Troj/Bancban-MB is a Trojan for the Windows platform.

Troj/Bancban-MB includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

The Trojan monitors Internet Explorer windows for sessions with online banking web sites. The Trojan captures login credentials and sends stolen information to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojbancbanmb.html

- Collapse -
Troj/LewDl-E
by roddy32 Jan 6, 2006 4:25AM PST
- Collapse -
W32/Dasher-B
by roddy32 Jan 6, 2006 4:28AM PST

Type
Worm

Aliases
Net-Worm.Win32.Reporter
W32/Dasher.worm

W32/Dasher-B is a worm for the Windows platform.

W32/Dasher-B spreads by exploiting the MSDTC (MS05-051) vulnerability.

When run the worm creates the following files :
<Windows system folder> \wins\sqlexp.exe
<Windows system folder> \wins\sqlscan.exe
<Windows system folder> \wins\svchost.exe

Sqlscan.exe is a port scanner, used to search networks for open ports.
Sqlexp.exe and svchost.exe are detected as W32/Dasher-B.

W32/Dasher-B searches a set of pre-defined networks for open ports and attempts to exploit and vulnerable computers it finds. The exploit opens a backdoor on the vulnerable computer and causes it to connect to a remote server for further instructions.

At the time of writing the instructions supplied by the remote server cause the exploited computer to download and execute two further programs.

A patch for the operating system vulnerabilty exploited by W32/Dasher-B is available from Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS05-051.mspx

http://www.sophos.com/virusinfo/analyses/w32dasherb.html

- Collapse -
W32/Tilebot-CP
by roddy32 Jan 6, 2006 4:30AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.SdBot.xd

W32/Tilebot-CP is a worm and IRC backdoor Trojan for the Windows platform.

W32/Tilebot-CP spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-CP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32tilebotcp.html

- Collapse -
W32/Spybot-EM
by roddy32 Jan 6, 2006 4:31AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.IRCBot.gv

W32/Spybot-EM is a worm and backdoor Trojan for the Windows platform.

A remote intruder may use W32/Spybot-EM to download and execute further code, and to steal information by (for example) logging keystrokes and taking screenshots.

http://www.sophos.com/virusinfo/analyses/w32spybotem.html

- Collapse -
W32/Spybot-EN
by roddy32 Jan 6, 2006 4:35AM PST
- Collapse -
W32/Antiman-G
by roddy32 Jan 6, 2006 4:37AM PST

Type
Spyware Worm

Aliases
PWS-Banker.gen.p
TSPY_BANCOS.BIA

W32/Antiman-G is an email worm for the Windows platform.

W32/Antiman-G includes functionality to access the internet and communicate with a remote server via HTTP, and may attempt to download a file from a remote website.

W32/Antiman-G may attempt to terminate processes, delete files and close windows related to certain anti-virus and security programs.

W32/Antiman-G logs user information and keystrokes, in particular those related to certain Brazilian banking websites.

W32/Antiman-G may send itself by email to addresses it harvests from the infected computer.

http://www.sophos.com/virusinfo/analyses/w32antimang.html

- Collapse -
Troj/Zlob-CD
by roddy32 Jan 6, 2006 5:24AM PST
- Collapse -
Troj/Bancos-IW
by roddy32 Jan 6, 2006 5:27AM PST
- Collapse -
Troj/Bifrose-CU
by roddy32 Jan 6, 2006 5:29AM PST
- Collapse -
Troj/Bckdr-E
by roddy32 Jan 6, 2006 5:32AM PST
- Collapse -
Troj/ByShell-A
by roddy32 Jan 6, 2006 5:34AM PST

Type
Trojan

Aliases
Backdoor.Win32.ByShell.b
Backdoor.ByShell.a
W32/Byshell.A

Troj/ByShell-A is an NT rootkit which intercepts various system APIs.

Troj/ByShell-A comprises the number of files and includes the functionality to hide processes, insert itself into other applications process space and bypass security applications including firewall.

Troj/ByShell-A allows an unauthorized remote access to the infected computer

http://www.sophos.com/virusinfo/analyses/trojbyshella.html

- Collapse -
Troj/ExpBdoor-A
by roddy32 Jan 6, 2006 5:36AM PST

Type
Trojan

Aliases
Exploit.Win32.MS05-039.ac
Exploit-DcomRpc.g.gen

Troj/ExpBdoor-A is a Trojan for the Windows platform.

Troj/ExpBdoor-A exploits an operating system vulnerability to open a backdoor
on a remote computer.

A patch for the operating system vulnerability exploited by Troj/ExpBdoor-A is available from Microsoft:
MS05-039

http://www.sophos.com/virusinfo/analyses/trojexpbdoora.html

- Collapse -
W32/Netsky-W
by roddy32 Jan 6, 2006 5:38AM PST
- Collapse -
Troj/Dloadr-ACO
by roddy32 Jan 6, 2006 5:41AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.PassAlert.d
StartPage-IC

Troj/Dloadr-ACO is a downloader Trojan for the Windows platform.

Troj/Dloadr-ACO includes functionality to download and run programs from the internet and bypass personal firewall software.

http://www.sophos.com/virusinfo/analyses/trojdloadraco.html

- Collapse -
W32/Sdbot-AJS
by roddy32 Jan 6, 2006 5:43AM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.ajs

W32/Sdbot-AJS is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-AJS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Sdbot-AJS includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32sdbotajs.html

- Collapse -
W32/Loosky-L
by roddy32 Jan 6, 2006 5:45AM PST

Type
Spyware Worm

Aliases
Email-Worm.Win32.Locksky.l
W32/Loosky.gen@MM

W32/Loosky-L is an email worm for the Windows platform.

W32/Loosky-L spreads by sending email with the following characteristics:

Subject line:
Your mail Account is Suspended

Message text:
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attached file:
acc_inf01.exe

The worm also installs a proxy server and opens a backdoor allowing a remote user to take control of the infected computer.

W32/Loosky-L records a user's keystrokes and attemtps to steal and stored passwords.

http://www.sophos.com/virusinfo/analyses/w32looskyl.html

- Collapse -
Troj/AdClick-BJ
by roddy32 Jan 6, 2006 5:47AM PST
- Collapse -
Troj/Bancban-MD
by roddy32 Jan 6, 2006 5:49AM PST
- Collapse -
Troj/Zlob-CE
by Marianna Schmudlach Jan 6, 2006 8:20AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.du
Trojan-Downloader.Win32.Zlob.dq
Trojan-Downloader.Win32.Zlob.dx
Trojan-Downloader.Win32.Zlob.dk
Downloader-AQW
Trojan.Zlob

Troj/Zlob-CE is a Trojan for the Windows platform.
Troj/Zlob-CE may download further malicious code.

http://www.sophos.com/virusinfo/analyses/trojzlobce.html

- Collapse -
Troj/GrayBrd-Y
by Marianna Schmudlach Jan 6, 2006 8:26AM PST

Type Trojan

Aliases Backdoor.Win32.Hupigon.pm
BKDR_HUPIGON.SC
Generic.cc

Troj/GrayBrd-Y is a backdoor Trojan for the Windows platform.
Troj/GrayBrd-Y includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojgraybrdy.html

- Collapse -
W32/Style-B
by Marianna Schmudlach Jan 6, 2006 8:27AM PST
- Collapse -
Troj/DNSBust-G
by Marianna Schmudlach Jan 6, 2006 8:28AM PST
- Collapse -
Troj/Lineage-DX
by Marianna Schmudlach Jan 6, 2006 8:29AM PST
- Collapse -
Troj/Vixup-Z
by Marianna Schmudlach Jan 6, 2006 8:30AM PST
- Collapse -
Troj/Small-IO
by Marianna Schmudlach Jan 6, 2006 8:30AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Small.bvy

Troj/Small-IO is a Trojan for the Windows platform.
Troj/Small-IO includes functionality to download, install and run new software.
Troj/Small-IO attempts to inject code into the Internet Explorer process.

http://www.sophos.com/virusinfo/analyses/trojsmallio.html

- Collapse -
Troj/Agent-MZ
by Marianna Schmudlach Jan 6, 2006 8:31AM PST

Type Trojan

Aliases Trojan-Dropper.Win32.Agent.qz

Troj/Agent-MZ is a backdoor Trojan for the Windows platform.
Troj/Agent-MZ installs several legitimate utilities, including a remote administration tool. The Trojan then runs the remote administration tool in such a way as to provide unauthorized access to the infected computer.
Troj/Agent-MZ comes as a self-extracting archive, labelled as a crack or key generator for a commercial application.

http://www.sophos.com/virusinfo/analyses/trojagentmz.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info