Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - July 1, 2005

Discussion is locked
You are posting a reply to: VIRUS ALERTS - July 1, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - July 1, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Avette-A

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan.Win32.VB.yy

Type Virus

W32/Avette-A is a virus that infects MP3 files.
W32/Avette-A replaces the default application for playing MP3 files, renaming the original by appending '.COM' to its name. Subsequently, when a file with MP3 extension is opened, the virus prepends itself to the file, also adding '.EXE' to the filename.

http://www.sophos.com/virusinfo/analyses/w32avettea.html

Collapse -
W32/Mytob-CW

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Net-Worm.Win32.Mytob.bi
W32.Mytob.FA@mm
WORM_MYTOB.GE

Type Worm

W32/Mytob-CW is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-CW can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Mytob-CW avoids sending emails to addresses containing certain strings.
W32/Mytob-CW processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Mytob-CW spoofs the sender, sending emails as if from one of the following at the same domain as the recipient:
support
administrator
mail
service
admin
info
register
webmaster
For example if sending itself to name@example.com, W32/Mytob-CW might send the email as if from admin@example.com.

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobcw.html

Collapse -
Troj/ByteVeri-M

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Exploit-ByteVerify
JAVA_BYTEVER.Q
Trojan.Java.ClassLoader.ai

Type Trojan

Troj/ByteVeri-M is a Java Applet that exploits a vulnerability in the Byte Code Verify component of the Microsoft VM to download and run an executable file.

http://www.sophos.com/virusinfo/analyses/trojbyteverim.html

Collapse -
Troj/Banker-DX

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Cheuko-A

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan-Downloader.Win32.Small.ank
MultiDropper-GP.d

Type Trojan

Troj/Cheuko-A is a Trojan for the Windows platform.
Troj/Cheuko-A includes functionality to download, install and run new software.
When Troj/Cheuko-A is installed the following files are created:
<Windows folder>\svchost.exe - this file is also detected as Troj/Cheuko-A
<Windows system folder>\zgfghghgfo.dll - this file may be deleted


http://www.sophos.com/virusinfo/analyses/trojcheukoa.html

Collapse -
Troj/Lineage-X

In reply to: VIRUS ALERTS - July 1, 2005

Aliases TSPY_LINEAGE.M
Trojan-PSW.Win32.Lineage.cb

Type Trojan

Troj/Lineage-X is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".
Troj/Lineage-X includes functionality to disable other software, including anti-virus, firewall and security related applications.

http://www.sophos.com/virusinfo/analyses/trojlineagex.html

Collapse -
Troj/Bancov-A

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan-Downloader.Win32.VB.jj

Type Trojan

Troj/Bancov-A is a Trojan for the Windows platform.
Troj/Bancov-A attempts to steal information related to banking websites. The Trojan also downloads further malicious code by FTP.
Troj/Bancov-A also steals system information about the infected computer.

http://www.sophos.com/virusinfo/analyses/trojbancova.html

Collapse -
Troj/Cass-A

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan-Downloader.Win32.Agent.qg
Adware-CasClient

Type Trojan

Troj/Cass-A is a downloading Trojan for the Windows platform.
Troj/Cass-A downloads a file from a preconfigured URL to the Windows temporary folder and executes it.

http://www.sophos.com/virusinfo/analyses/trojcassa.html

Collapse -
Troj/Instad-A

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan-Dropper.Win32.Small.abp
Trojan-Downloader.Win32.Murlo.aq

Type Trojan

Troj/Instad-A is a downloader Trojan for the Windows platform.
Troj/Instad-A includes functionality to access the internet and communicate with a remote server via HTTP. The Trojan will attempt to download a number of executable files and install them. The files may be adware related.

http://www.sophos.com/virusinfo/analyses/trojinstada.html

Collapse -
Troj/Psyme-CC

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Ablank-AB

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Rider-T

In reply to: VIRUS ALERTS - July 1, 2005

Type Trojan

Troj/Rider-T is an HTML-based script which exploits a vulnerability associated with some versions of Microsoft Internet Explorer to load a malicious script (or HTML page containing a malicious script) via the DATA attribute of an OBJECT element.

http://www.sophos.com/virusinfo/analyses/trojridert.html

Collapse -
Troj/Dadobra-C

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Trojan-Downloader.Win32.Dadobra.cn
W32.Comdor.B@mm

Type Trojan

Troj/Dadobra-C is a downloader Trojan for the Windows platform.
Troj/Dadobra-C connects to a remote internet site and downloads and runs a file. This file is currently detected as Troj/Bancban-DM.

http://www.sophos.com/virusinfo/analyses/trojdadobrac.html

Collapse -
Troj/Bancban-DM

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
W32/Rbot-AGV

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Backdoor.Win32.Rbot.gen
WORM_RBOT.GEN

Type Worm

W32/Rbot-AGV is a worm with backdoor functionality for the Windows platform.
When first run W32/Rbot-AGV copies itself to <Windows system folder>\mcafee32.exe and creatres several registry entries.

http://www.sophos.com/virusinfo/analyses/w32rbotagv.html

Collapse -
Troj/Dropper-AP

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Banker-DZ

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Wordper-B

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
W32/Rbot-AGU

In reply to: VIRUS ALERTS - July 1, 2005

Type Worm

W32/Rbot-AGU is a worm with backdoor functionality for the Windows platform.
W32/Rbot-AGU spreads:
to other network computers infected with: Troj/Kuang, Troj/Sub7, W32/Sasser, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), MSSQL (MS02-039) (CAN-2002-0649) and Dameware (CAN-2003-1030)
by copying itself to network shares protected by weak passwords
W32/Rbot-AGU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AGU can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS03-007
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotagu.html

Collapse -
Troj/DownLdr-AN

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Mifeng-K

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/GrayBird-E

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/BeastDo-Z

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Backdoor.Win32.Beastdoor.l
BackDoor-AMQ

Type Trojan

Troj/BeastDo-Z is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/BeastDo-Z includes functionality to:
access the internet and communicate with a remote server via HTTP
send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbeastdoz.html

Collapse -
Troj/LegMir-AI

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/LegMir-AJ

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Bckdr-CSJ

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Chimo-E

In reply to: VIRUS ALERTS - July 1, 2005

Aliases Email-Worm.Win32.Bagz.j
W32/Bagz.k@MM

Type Trojan

Troj/Chimo-E is a Trojan for the Windows platform.
Troj/Chimo-E connects to a remote site and collects configuration data.
Troj/Chimo-E then acts as an email relay, allowing remote users the capability of sending arbitrary email through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojchimoe.html

Collapse -
Troj/Spyjack-A

In reply to: VIRUS ALERTS - July 1, 2005

Collapse -
Troj/Soleno-A

In reply to: VIRUS ALERTS - July 1, 2005

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.