Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 9, 2007

W32/QQRob-ABX

Type Spyware Worm

Aliases Trojan-Downloader.Win32.Small.ecw
Generic Downloader.ak
Win32/TrojanDownloader.Small.ECW
WORM_QQROB.ARQ

W32/QQRob-ABX is a worm for the Windows platform.

W32/QQRob-ABX includes functionality to access the internet and communicate with a remote server via HTTP, and attempts to download and execute a number of files to <Temp>\<random digits>.exe.

W32/QQRob-ABX may attempt to steal information from the infected computer.

http://www.sophos.com/security/analyses/w32qqrobabx.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 9, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 9, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-GAH

In reply to: VIRUS ALERTS - January 9, 2007

Type Worm

W32/Rbot-GAH is a Worm for the Windows platform.

W32/Rbot-GAH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-GAH spreads
- to computers vulnerable to common exploits, including: LSASS (MS04-011),
SRVSVC (MS06-040), RPC-DCOM (MS04-012), ASN.1 (MS04-007) and RealVNC (CVE-2006-2369)

- to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotgah.html

Collapse -
Troj/Lineag-AIN

In reply to: VIRUS ALERTS - January 9, 2007

Type Spyware Trojan

Troj/Lineag-AIN is a Trojan downloader for the Windows platform.

Troj/Lineag-AIN includes functionality to download and execute code via HTTP.

Troj/Lineag-AIN also includes functionality to scan ports and SMB shares.

http://www.sophos.com/virusinfo/analyses/trojlineagain.html

Collapse -
Troj/Zlob-XV

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Bancos-AYQ

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
W32/Rbot-GAG

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
W32/Sdbot-CWP

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Everda-C

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Banloa-AY

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Lineag-AIM

In reply to: VIRUS ALERTS - January 9, 2007

Type Spyware Trojan

Aliases Trojan-PSW.Win32.OnLineGames.ey

Troj/Lineag-AIM is a password stealing Trojan for the Windows platform.

Troj/Lineag-AIM records keypresses to a data file and can send the data file
to a remote user through email or through a TCP connection.

http://www.sophos.com/virusinfo/analyses/trojlineagaim.html

Collapse -
Troj/Zlob-XT

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
VBS/Lorena-C

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
PWS-Maran.dr

In reply to: VIRUS ALERTS - January 9, 2007

Alert ID : FrSIRT/ALRT-2007-00172
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-01-09


Description

This threat is currently under analysis.

References

http://vil.nai.com/vil/content/v_141243.htm

Credits

Reported by McAfee

Collapse -
PWS-Maran

In reply to: PWS-Maran.dr

Alert ID : FrSIRT/ALRT-2007-00173
Aliases : Troj/Maran-Gen - Trojan-PSW.Win32.Maran.ba
Size : N/A
Rated as : Low Risk
Release Date : 2007-01-09


Description

PWS-Maran is a password stealing trojan which is registered as a service by its dropper. This is a trojan detection. Unlike viruses, trojans do not self-replicate.

References

http://vil.nai.com/vil/content/v_141233.htm

Credits

Reported by McAfee

Collapse -
PWS-Maran.dll

In reply to: PWS-Maran

Alert ID : FrSIRT/ALRT-2007-00174
Aliases : Troj/Maran-Gen - Trojan-PSW.Win32.Nilage.ajf - TSPY_MARAN.D
Size : N/A
Rated as : Low Risk
Release Date : 2007-01-09


Description

PWS-Maran.dll is the detection for a dll which is installed as a Layered Service Provider (LSP) to WinSock to sniff and steal personal information by PWS-Maran.dr. This is a trojan detection. Unlike viruses, trojans do not self-replicate.

References

http://vil.nai.com/vil/content/v_141234.htm

Credits

Reported by McAfee

Collapse -
Win32/Duiskbot.AH

In reply to: VIRUS ALERTS - January 9, 2007

Type: Worm
Category: Win32
Also known as W32.Randex.GEL (Symantec), Backdoor.Win32.SdBot.bcm (Kaspersky), W32/Sdbot.VUF (F-Secure), W32/Vanebot-AB (Sophos)

Description

Win32/Duiskbot.AH is an IRC-controlled worm that can spread by exploiting a vulnerability in the Server Service. It may additionally send instant messages containing a link which downloads the worm.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=60656

Collapse -
W32/Pardona-G

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Banker-DTD

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/BankDL-BT

In reply to: VIRUS ALERTS - January 9, 2007

Type Trojan

Troj/BankDL-BT is an downloader Trojan for the Windows platform.

The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.

The downloaded file is detected as Troj/Bnkmr-Fam.

http://www.sophos.com/virusinfo/analyses/trojbankdlbt.html

Collapse -
Troj/Banloa-AZ

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Nailuj-A

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/NTRootK-BC

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
W32/SillyFDC-J

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Troj/Clagger-AQ

In reply to: VIRUS ALERTS - January 9, 2007

Type Trojan

Troj/Clagger-AQ is a downloader Trojan for the Windows platform.

Troj/Clagger-AQ attempts to download and execute a number of files from remote websites.

Troj/Clagger-AQ has been seen emailed as an attachment called 1&1Rechnung.pdf.exe.

Upon execution Troj/Clagger-AQ displays the following fake "Acrobat Reader" error message:

"Acrobat Reader ERROR 31847".

http://www.sophos.com/security/analyses/trojclaggeraq.html

Collapse -
Trojan.Schoeberl.E

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
MMS.A

In reply to: VIRUS ALERTS - January 9, 2007

Alert ID : FrSIRT/ALRT-2007-00183
Aliases : Pocket PC MMS exploit
Size : N/A
Rated as : Low Risk
Release Date : 2007-01-09


Description

Exploit/MMS.A is a corrupted MMS message that causes a buffer overflow in Windows Mobile devices that use versions of Arcsoft MMS composer predating August 2006. The exploit code is device specific, so that if the exploit is not crafted for the particular device type that receives the corrupted MMS file, the only result is a crash of MMS reader application.

References

http://www.f-secure.com/v-descs/mms_a.shtml

Credits

Reported by F-Secure

Collapse -
W32.Fujacks!gen

In reply to: VIRUS ALERTS - January 9, 2007

Collapse -
Backdoor.Haxdoor.S

In reply to: VIRUS ALERTS - January 9, 2007

Alert ID : FrSIRT/ALRT-2007-00186
Aliases : N/A
Size : 56058 bytes
Rated as : Low Risk
Release Date : 2007-01-09


Description

Backdoor.Haxdoor.S is a Trojan horse program that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access. It also logs keystrokes, steals passwords, and drops rootkits that run in safe mode.

References

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-010909-1043-99

Credits

Reported by Symantec

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.