HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - July 22, 2005

by roddy32 / July 21, 2005 8:57 PM PDT

Troj/Spexta-A
Summary

Aliases
SpamTool.Win32.Delf.h
Spam-SPM
TROJ_DONBOMB.A

Type Trojan

Troj/Spexta-A is a Trojan for the Windows platform.
Troj/Spexta-A may be used to send out spam emails to addresses harvested from the infected system. The Trojan may also download and run further malicious code.
Troj/Spexta-A may arrive as an email attachment in emails claiming to be from "CNN Newsletter" with subject line "TERROR HITS LONDON". The Trojan is included as an attachment with filename "LondonTerrorMovie.zip".

http://www.sophos.com/virusinfo/analyses/trojspextaa.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - July 22, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - July 22, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Ranck-CT
by roddy32 / July 21, 2005 8:58 PM PDT
Collapse -
Troj/LegMir-AM
by roddy32 / July 21, 2005 9:00 PM PDT
Collapse -
Troj/Delf-KS
by roddy32 / July 21, 2005 9:02 PM PDT
Collapse -
Troj/QLowZon-A
by roddy32 / July 21, 2005 9:04 PM PDT
Collapse -
Troj/Blacklog-A
by roddy32 / July 21, 2005 9:06 PM PDT

Type Spyware Trojan

Troj/Blacklog-A is a keylogger Trojan for the Windows platform.
Troj/Blacklog-A displays a fake error message with the title "KB826929 Setup Error" and the text "Setup cannot update your Windows files because the language installed on your system is different from the update language."
The Trojan may inject itself into the explorer process or register itself as a service process in order to prevent itself from being terminated.
Troj/Blacklog-A records keystrokes to the file servms.dll in the Windows system folder. When this file becomes larger than 30kb, its contents are submitted to the author by email. The file servms.dll may be deleted.

http://www.sophos.com/virusinfo/analyses/trojblackloga.html

Collapse -
W32/Monkbd-A
by roddy32 / July 21, 2005 9:08 PM PDT

Aliases Backdoor.Win32.Rbot.uj

Type Spyware Worm

W32/Monkbd-A is a keylogger and backdoor worm which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Monkbd-A includes functionality to:
- steal computer information
- log keystrokes and send them to a remote location
W32/Monkbd-A may also attempt to copy itself to network shares.

http://www.sophos.com/virusinfo/analyses/w32monkbda.html

Collapse -
Troj/IWDL-A
by roddy32 / July 21, 2005 9:10 PM PDT

Aliases
Trojan-Dropper.Win32.VB.ga
Hacktool
TROJ_DLOADER.KK

Type Trojan

Troj/IWDL-A is a Trojan creator for the Windows platform.
Files created by Troj/IWDL-A are detected by Sophos's anti-virus products as Troj/Dloader-PO.

http://www.sophos.com/virusinfo/analyses/trojiwdla.html

Collapse -
Troj/Iefeat-AK
by roddy32 / July 21, 2005 9:12 PM PDT
Collapse -
Troj/QQPass-I
by roddy32 / July 21, 2005 9:14 PM PDT
Collapse -
Troj/QQLoad-A
by roddy32 / July 21, 2005 9:16 PM PDT
Collapse -
W32/Kelvir-AR
by roddy32 / July 21, 2005 11:57 PM PDT

Aliases
IM-Worm.Win32.Kelvir.cw
W32/Kelvir.worm.ea
Trojan.Kirvo

Type Worm


W32/Kelvir-AR is an instant-messenging worm for the Windows platform.
W32/Kelvir-AR spreads by sending a message through Windows Messenger to the infected user's contacts. The message encourages the recipient to visit a web page to download a file. This website was not available at the time of writing.

http://www.sophos.com/virusinfo/analyses/w32kelvirar.html

Collapse -
Troj/Dloader-QW
by roddy32 / July 21, 2005 11:58 PM PDT

Aliases
Trojan-Downloader.Win32.Agent.fn
Downloader-TZ
TROJ_DOWNLOAD.A

Type Trojan

Troj/Dloader-QW is a Trojan for the Windows platform.
Troj/Dloader-QW includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloaderqw.html

Collapse -
Troj/Spyhoax-A
by roddy32 / July 22, 2005 12:01 AM PDT

Aliases TROJ_DLOADER.SQ

Type Trojan

Troj/Spyhoax-A is a Trojan that downloads executables without the user's consent.
When run, the Trojan creates an icon in the system tray with a white cross on a red circle, and displays the following text:
Your computer is infected!
Windows has detected spyware infection!
Click here to protect your computer from spyware!
At the same time, the Trojan downloads a number of files to the following location:
C:\Program Files\SpySheriff\

http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html

Collapse -
W32/Kelvir-AS
by roddy32 / July 22, 2005 12:03 AM PDT

Aliases
IM-Worm.Win32.Kelvir.cx
W32/Kelvir.worm.dz
W32.Kelvir!gen

Type Worm


W32/Kelvir-AS is an instant-messenging worm for the Windows platform.
W32/Kelvir-AS spreads by sending a message through Windows Messenger to the infected user's contacts. The message encourages the recipient to visit a web page to download a file. This website was not available at the time of writing.

http://www.sophos.com/virusinfo/analyses/w32kelviras.html

Collapse -
W32/Rbot-AIR
by roddy32 / July 22, 2005 12:05 AM PDT

Type Spyware Worm

W32/Rbot-AIR is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AIR spreads:
- to other network computers infected with:
Troj/Kuang,
Troj/Sub7,
Troj/NetDevil,
W32/MyDoom,
W32/Bagle and
Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilites, including:
RPC-DCOM (MS04-012),
WebDav (MS03-007),
MSSQL (MS02-039) (CAN-2002-0649),
UPNP (MS01-059) and
Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-AIR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AIR includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AIR can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotair.html

Collapse -
W32/Antinny-L
by roddy32 / July 22, 2005 12:08 AM PDT

Aliases
Virus.Win32.HLLW.Antinny.n
Win32/Antinny.Q
W32.Antinny.K
WORM_ANTINNY.L


Type Worm

W32/Antinny-L is a P2P worm for the Windows platform. W32/Antinny-L spreads via file sharing on WinNY networks.
When first run W32/Antinny-L enumerates the various folders on the infected computer and randomly selects an existing folder name and then appends the folder name with any of the following strings followed by an '.exe' extension and copies itself to that folder as that name:
'_cfg'
'_config'
'_start'
'_login'
'_setup'
'_env'
'_loader'
'_autorun'
For example, if the randomly chosen folder name is ''example'', the worm may attempt to copy itself to the folder as ''example_config.exe''.
W32/Antinny-L then creates the file <Temp> \<original executable filename>.mp3 which contains only an ID3 tag with corrupt data and runs Windows Media Player to play that corrupt MP3 file. As the file is corrupted, Windows Media Player will not play the file correctly and will report an error message.
W32/Antinny-L includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32antinnyl.html

Collapse -
Troj/Pcikle-A
by roddy32 / July 22, 2005 12:10 AM PDT
Collapse -
Troj/Trog-A
by roddy32 / July 22, 2005 12:12 AM PDT
Collapse -
Troj/Pcik-A
by roddy32 / July 22, 2005 12:14 AM PDT
Collapse -
Troj/Cimuz-B
by roddy32 / July 22, 2005 12:16 AM PDT

Aliases Trojan.Repsamo

Type Trojan

Troj/Cimuz-B is is a Trojan for the Windows platform.
The Trojan starts a proxy server allowing remote users to route HTTP traffic
through the infected computer. The Trojan registers itself on several sites to
report the availability of the listening proxy server.

http://www.sophos.com/virusinfo/analyses/trojcimuzb.html

Collapse -
W32/Sdbot-AAY
by roddy32 / July 22, 2005 8:08 AM PDT

Aliases Backdoor.Win32.SdBot.aad

Type Worm

W32/Sdbot-AAY is network worm with backdoor functionality for the Windows platform.
W32/Sdbot-AAY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotaay.html

Collapse -
Troj/Bancos-DJ
by roddy32 / July 22, 2005 8:10 AM PDT
Collapse -
Troj/WideFTP-A
by roddy32 / July 22, 2005 8:12 AM PDT
Collapse -
Dial/Inoco-G
by roddy32 / July 22, 2005 8:14 AM PDT
Collapse -
W32/Rbot-AIT
by roddy32 / July 22, 2005 8:16 AM PDT

Aliases
Backdoor.Win32.Rbot.ue
W32/Sdbot.worm.gen.j
WORM_RBOT.BVH

Type Worm

W32/Rbot-AIT is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-AIT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotait.html

Collapse -
Troj/Misoska-F
by roddy32 / July 22, 2005 8:17 AM PDT
Collapse -
Troj/Spyjack-B
by roddy32 / July 22, 2005 8:20 AM PDT

Aliases
Trojan.Win32.Agent.ff
Druogna
Trojan.Desktophijack.B
TROJ_MULTIDRP.CD

Type Trojan

Troj/Spyjack-B is a Trojan for the Windows platform.
Troj/Spyjack-B includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojspyjackb.html

Collapse -
Troj/Dloader-QR
by roddy32 / July 22, 2005 8:21 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.