HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - July 11, 2005

by Marianna Schmudlach / July 11, 2005 1:56 AM PDT

Troj/Spexta-A
Summary


Aliases SpamTool.Win32.Delf.h
Spam-SPM
TROJ_DONBOMB.A


Type Trojan

Troj/Spexta-A is a Trojan for the Windows platform.
Troj/Spexta-A may be used to send out spam emails to addresses harvested from the infected system. The Trojan may also download and run further malicious code.
Troj/Spexta-A may arrive as an email attachment in emails claiming to be from "CNN Newsletter" with subject line "TERROR HITS LONDON". The Trojan is included as an attachment with filename "LondonTerrorMovie.zip".

http://www.sophos.com/virusinfo/analyses/trojspextaa.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - July 11, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - July 11, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Ranck-CT
by Marianna Schmudlach / July 11, 2005 2:00 AM PDT
Collapse -
Troj/LegMir-AM
by Marianna Schmudlach / July 11, 2005 2:02 AM PDT
Collapse -
Troj/Delf-KS
by Marianna Schmudlach / July 11, 2005 2:03 AM PDT
Collapse -
Troj/QLowZon-A
by Marianna Schmudlach / July 11, 2005 2:05 AM PDT
Collapse -
Troj/Blacklog-A
by Marianna Schmudlach / July 11, 2005 2:06 AM PDT

Type Trojan

Troj/Blacklog-A is a keylogger Trojan for the Windows platform.
Troj/Blacklog-A displays a fake error message with the title "KB826929 Setup Error" and the text "Setup cannot update your Windows files because the language installed on your system is different from the update language."
The Trojan may inject itself into the explorer process or register itself as a service process in order to prevent itself from being terminated.
Troj/Blacklog-A records keystrokes to the file servms.dll in the Windows system folder. When this file becomes larger than 30kb, its contents are submitted to the author by email. The file servms.dll may be deleted.

http://www.sophos.com/virusinfo/analyses/trojblackloga.html

Collapse -
W32/Monkbd-A
by Marianna Schmudlach / July 11, 2005 2:08 AM PDT

Aliases Backdoor.Win32.Rbot.uj

Type Worm

W32/Monkbd-A is a keylogger and backdoor worm which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Monkbd-A includes functionality to:
- steal computer information
- log keystrokes and send them to a remote location
W32/Monkbd-A may also attempt to copy itself to network shares.

http://www.sophos.com/virusinfo/analyses/w32monkbda.html

Collapse -
Troj/IWDL-A
by Marianna Schmudlach / July 11, 2005 2:10 AM PDT

Aliases Trojan-Dropper.Win32.VB.ga
Hacktool
TROJ_DLOADER.KK

Type Trojan

Troj/IWDL-A is a Trojan creator for the Windows platform.
Files created by Troj/IWDL-A are detected by Sophos's anti-virus products as Troj/Dloader-PO.

http://www.sophos.com/virusinfo/analyses/trojiwdla.html

Collapse -
Troj/Iefeat-AK
by Marianna Schmudlach / July 11, 2005 2:12 AM PDT
Collapse -
Troj/QQPass-I
by Marianna Schmudlach / July 11, 2005 2:13 AM PDT
Collapse -
Troj/QQLoad-A
by Marianna Schmudlach / July 11, 2005 2:15 AM PDT
Collapse -
W32/Mytob-DJ
by Marianna Schmudlach / July 11, 2005 5:53 AM PDT

Aliases Trojan-Downloader.Win32.Agent.mg
W32/Mytob.gen@MM

Type Worm

W32/Mytob-DJ is a mass-mailing worm with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network.
Emails sent by W32/Mytob-DJ have message text in the following format, with details filled in to make the email look more authentic:
"Dear <name> Member,
You have successfully updated the password of your <name> acccount.
If you did not authorize this change or if you need assistance with your account, please contact <name> customer
service
Thank you for using <name>!
The <name> Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.<name>"
"Dear user <name>,
It has come to our attention that your <name> User Profile ( x ) records are out of date. For further details see
the attached document.
Thank you for using <name>.
The <name> Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.<name>"
"Dear <name> Member,
We have temporarily suspended your email account <name>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our
processors.
Sincerely,The <name> Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.<name>"
"Dear <name> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you
could please take 5-10 minutes out of your online experience and confirm the attached document so you will not
run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours,
The <name> Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.<name>"
W32/Mytob-DJ harvests email addresses from files on the infected computer and from the Windows address book as well as the Microsoft

http://www.sophos.com/virusinfo/analyses/w32mytobdj.html

Collapse -
W32/Kangaroo-A
by Marianna Schmudlach / July 11, 2005 5:55 AM PDT

Aliases Virus.Win32.VB.i
Generic VB.c
Trojan.Kangenie

Type Worm

W32/Kangaroo-A is a worm for the Windows platform that usually has a Microsoft Word-related icon.
W32/Kangaroo-A monitors windows, looking for ones with title bars containing text in the format (<drive letter>:) and attempts to copy itself to these drives with the filename kangen.exe.
W32/Kangaroo-A attempts to modify the Windows start button to display its own scrolling message. This is either the lyrics to a pop song in Indonesian or, on certain dates, a birthday message.

http://www.sophos.com/virusinfo/analyses/w32kangarooa.html

Collapse -
Troj/MarktMan-A
by Marianna Schmudlach / July 11, 2005 5:57 AM PDT

Aliases Trojan.Win32.VB.zf

Type Trojan

Troj/MarktMan-A is a downloader Trojan for the Windows platform.
The Trojan will lower the security settings of Internet Explorer and may attempt to modify the Start Page.
Troj/MarktMan-A will attempt to hide its activity by dropping and running Troj/HideProc-G.

http://www.sophos.com/virusinfo/analyses/trojmarktmana.html

Collapse -
Troj/HideProc-G
by Marianna Schmudlach / July 11, 2005 5:58 AM PDT
Collapse -
Troj/ServU-BB
by Marianna Schmudlach / July 11, 2005 5:59 AM PDT
Collapse -
XM97/Yini-B
by Marianna Schmudlach / July 11, 2005 6:01 AM PDT
Collapse -
Troj/Crick-A
by Marianna Schmudlach / July 11, 2005 6:02 AM PDT

Aliases Trojan-Dropper.Win32.VB.zh

Type Trojan

Troj/Crick-A is a dropper Trojan for the Windows platform.
Troj/Crick-A disguises itself as an application used to search for software cracks.
When Troj/Crick-A is run, it will drop and run Troj/MarktMan-A.


Recovery

Summary Description Recovery Advanced

This section tells you how to disinfect.
Please follow the instructions for removing Trojans.


Advanced

Summary Description Recovery Advanced

This section is for technical experts who want to know more.
Troj/Crick-A is a dropper Trojan for the Windows platform.
Troj/Crick-A disguises itself as an application used to search for software cracks.
When Troj/Crick-A is run, it will drop and run the following file:
<Windows folder>\sammp32.exe - Troj/MarktMan-A


http://www.sophos.com/virusinfo/analyses/trojcricka.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.