 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Bancban-NI
Type
Spyware Trojan
Aliases
Trojan-Spy.Win32.Banker.apt
PWS-Banker.gen.i
Troj/Bancban-NI is a password-stealing Trojan for the Windows platform.
Troj/Bancban-NI includes functionality to send notification messages to remote locations.
http://www.sophos.com/virusinfo/analyses/trojbancbanni.html
Discussion is locked
Type Trojan
Aliases Backdoor.Win32.Hupigon.ad
Troj/Feutel-CE is a backdoor Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojfeutelce.html
Type Trojan
Aliases Trojan.Win32.LowZones.bq
QLowZones-25
Trojan.LowZones
Troj/Restrict-D adds registry entries that add certain web sites and certain IP address ranges to Internet Explorer's 'Restricted sites' Web content zone. These web sites and IP addresses are then subject to the security restrictions of the 'Retricted sites' zone.
http://www.sophos.com/virusinfo/analyses/trojrestrictd.html
Type Trojan
Aliases Trojan-Downloader.Win32.Delf.yj
Downloader-AGP
Trojan.StartPage.Q
Troj/Lewor-U is a Trojan for the Windows platform.
Troj/Lewor-U may attempt to terminate processes.
Troj/Lewor-U includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojleworu.html
Type Worm
Aliases W32.Spybot.Worm
P2P-Worm.Win32.SpyBot.gl
W32/Spybot-EV is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-EV spreads to other network computers infected with: Troj/Kuang and Troj/NetDevil.
W32/Spybot-EV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32spybotev.html
Type Trojan
Aliases DNSChanger.a
Troj/DNSBust-H is a Trojan for the Windows platform.
Troj/DNSBust-H includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdnsbusth.html
Type Spyware Trojan
Aliases Trojan-Spy.Win32.Banker.qo
PWS-Banker.gen.b
PWSteal.Bancos
Troj/Bancban-NJ is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Bancban-NJ attempts to log information sent to certain Brazilian websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-NJ may also perform the following functions:
- start a Proxy server
- download and execute additional files
http://www.sophos.com/virusinfo/analyses/trojbancbannj.html
Type Trojan
Aliases Trojan-Proxy.Win32.Daemonize.bv
Troj/Daemoni-T is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
http://www.sophos.com/virusinfo/analyses/trojdaemonit.html
Type Spyware Trojan
Troj/Puper-BA is a Trojan for the Windows platform.
The Trojan creates the files hp<random>.tmp and msvol.tlb in the Windows system folder. Both files are detected as Troj/Puper-BA.
The file hp<random>.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer.
Troj/Puper-BA changes search settings for Microsoft Internet Explorer.
http://www.sophos.com/virusinfo/analyses/trojpuperba.html
Type Trojan
Aliases Trojan-Downloader.Win32.Tibs.be
BackDoor-AZV
Troj/Vixup-AD is a Trojan for the Windows platform.
Troj/Vixup-AD includes functionality to download, install and run new software.
http://www.sophos.com/virusinfo/analyses/trojvixupad.html
Type Trojan
Aliases Trojan-Downloader.Win32.Zlob.dx
Troj/Zlob-CA is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojzlobca.html
Type Spyware Trojan
Aliases Trojan-Spy.Win32.Banker.zn
http://www.sophos.com/virusinfo/analyses/trojbancbannk.html
Type Trojan
Aliases Net-Worm.Win32.Dedler.q
Exploit-Lsass.dll
Hacktool.Scan
Troj/Mainzz-F is a Trojan DLL that provides malicious functionality to another worm or Trojan.
Troj/Mainzz-F contains functionality to exploit the LSASS (MS04-011) vulnerability and may be used by a worm to spread to remote network shares with weak passwords.
http://www.sophos.com/virusinfo/analyses/trojmainzzf.html
Type Trojan
Aliases Trojan-Clicker.Win32.Agent.dq
Troj/AdClick-BL is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojadclickbl.html
Type Trojan
Aliases Trojan-Downloader.Win32.Mediket.al
Troj/Dloadr-ABT is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdloadrabt.html
Type Trojan
Aliases Trojan-Downloader.Win32.Mediket.am
Troj/Dloadr-ABU is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdloadrabu.html
Type Trojan
Aliases Backdoor.SunOS.DC.a
Troj/Codorda-A is a backdoor Trojan for the Unix platform.
http://www.sophos.com/virusinfo/analyses/trojcodordaa.html
Type Worm
Aliases Backdoor.Win32.Rbot.adf
W32/Sdbot.worm.gen.bh
W32/Rbot-BBV is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBV spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbv.html
Type Trojan
Aliases Trojan-Clicker.Win32.Small.jc
Troj/Agent-FV is a Trojan for the Windows platform.
Troj/Agent-FV is capable of spying on a user's browsing habits, modifying Internet Explorer settings, downloading further executables and displaying popup advertisements.
http://www.sophos.com/virusinfo/analyses/trojagentfv.html
Type Trojan
Aliases Exploit.HTML.Mht
Troj/Webdrop-D is a Trojan dropper for Windows based systems.
Troj/Webdrop-D is an HTML script that tries to ascertain whether a system viewing that script in a web browser has certain vulnerabilities.
If the system has one or more of these vunlerabilities, Troj/Webdrop-D exploits them to download and run malicious code.
Troj/Webdrop-D checks for computers that have a vulnerable Microsoft Virtual Machine installed, or that are vulnerable to the MhtRedir or IFRAME exploits.
http://www.sophos.com/virusinfo/analyses/trojwebdropd.html
Type Worm
Aliases Backdoor.Win32.Rbot.akb
W32/Rbot-BBZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBZ spreads to other network computers infected with Troj/Kuang and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059) and ASN.1 (MS04-007).
W32/Rbot-BBZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32rbotbbz.html
Type Worm
W32/Rbot-BBY is a worm for the Windows platform.
W32/Rbot-BBY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-BBY attempts to spread by exploiting the following vulnerabilities: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039), ASN.1 (MS04-007) and by copying itself to remote network shares with weak passwords.
W32/Rbot-BBY includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/w32rbotbby.html
Type Worm
W32/Blaster-M is a worm for the Windows platform.
W32/Blaster-M attempts to spread to computers vulnerable to the RPC-DCOM vulnerability (MS04-012).
W32/Blaster-M includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/w32blasterm.html
Type Worm
Aliases Backdoor.Win32.Virkel.e
W32/NoChod@MM
W32/Chode-P is an instant messaging worm for the Windows platform with IRC backdoor functionality.
W32/Chode-P attempts to spread via MSN Instant Messenger and AOL Instant Messenger by sending users a link to a copy of the worm.
When first run W32/Chode-P copies itself to <System>\tikcfva\csrss.exe and creates the following files:
<Startup>\csrss.lnk
<System>\netstat.com
<System>\taskkill.com
<System>\tikcfva\csrss.ini
<System>\tikcfva\smss.exe
http://www.sophos.com/virusinfo/analyses/w32chodep.html
Type Trojan
Aliases Trojan-Dropper.Win32.Agent.adu
Troj/Lewor-P is a Trojan for the Windows platform.
Troj/Lewor-P includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojleworp.html
Type Trojan
Aliases Backdoor.Win32.Delf.aka
W32/Backdoor.HKV
Troj/Delf-LV is a Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojdelflv.html
Type Worm
Aliases Backdoor.Win32.IRCBot.es
W32/IRCbot.worm.gen
W32/Rbot-BCA is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BCA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-BCA spreads by using AOL Instant Messenger, via network shares and SQL servers with weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-BCA can be obtained from the Microsoft website:
LSASS (MS04-011)
RPC-DCOM (MS04-012)
WKS (MS03-049) (CAN-2003-0812)
PNP (MS05-039)
ASN.1 (MS04-007)
http://www.sophos.com/virusinfo/analyses/w32rbotbca.html
Type Worm
Aliases Email-Worm.Win32.Bagle.ex
W32.Beagle.DB@mm
W32/Bagle-BP is an email worm for the Windows platform.
W32/Bagle-BP does not send email to addresses containing the following:
@derewrdgrs
@eerswqe
@messagelab
@microsoft
anyone@
certific
contract@
f-secur
free-av
gold-certs@
google
icrosoft
listserv
nobody@
noone@
noreply
postmaster@
rating@
samples
support
update
winrar
winzip
Email sent by W32/Bagle-BP contains an attached ZIP file with one of the following names (followed by the ZIP
MORE:
http://www.sophos.com/virusinfo/analyses/w32baglebp.html
Type Trojan
Troj/DNSBust-I is a Trojan for the Windows platform.
Troj/DNSBust-I includes functionality to access the internet and communicate with a remote server via HTTP. Troj/DNSBust-I attempts to modify DNS settings on the computer.
http://www.sophos.com/virusinfo/analyses/trojdnsbusti.html
Type Worm
Aliases Backdoor.Win32.Codbot.bi
W32/Codbot-AV is a worm and IRC backdoor Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/w32codbotav.html
Type Spyware Trojan
Troj/Banker-TM is an internet banking Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojbankertm.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic