Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - July 4, 2005

Discussion is locked
You are posting a reply to: VIRUS ALERTS - July 4, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - July 4, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Sdbot-ZY

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Backdoor.Win32.SdBot.abc

W32/Sdbot-ZY is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ZY spreads by copying itself to network shares protected by weak passwords.
W32/Sdbot-ZY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ZY includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software, including updates of its software

http://www.sophos.com/virusinfo/analyses/w32sdbotzy.html

Collapse -
Troj/HacDef-T

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Backdoor.Win32.HacDef.073.b
Trojan.HacDef.073.B
HackerDefender.gen.c
Trojan.Hackdef.084-prog
BKDR_HACDEF.73.B

Type Trojan

Troj/HacDef-T is a backdoor Trojan for the Windows platform.
As well as allowing unauthorized remote access to the victim's computer, Troj/HacDef-T is able to hide information about the victim's system including files, folders, processes, services and registry entries.

http://www.sophos.com/virusinfo/analyses/trojhacdeft.html

Collapse -
W32/Sdbot-ZZ

In reply to: VIRUS ALERTS - July 4, 2005

Type Worm

W32/Sdbot-ZZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ZZ spreads by copying itself to network shares protected by weak passwords.
W32/Sdbot-ZZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ZZ includes functionality to silently download, install and run new software, including updates of its software.

http://www.sophos.com/virusinfo/analyses/w32sdbotzz.html

Collapse -
Troj/Wollf-A

In reply to: VIRUS ALERTS - July 4, 2005

Type Trojan

Troj/Wollf-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Wollf-A includes functionality to:
- create a FTP/Telnet server
- sniff network packets
- steal confidential information
- provide a proxy server
- display message boxes
- create/delete folders and files
- shutdown/reboot Windows on the infected computer
- inject its code into other processes
- disable other applications and services
- silently download, install and run new software, including updates of its software

http://www.sophos.com/virusinfo/analyses/trojwollfa.html

Collapse -
Troj/Cifond-A

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Trojan-Downloader.Win32.Small.aon

Type Trojan

Troj/Cifond-A is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/Cifond-A includes functionality to access the internet and communicate with a remote server via HTTP and to disable other software, including anti-virus, firewall and security related applications.

http://www.sophos.com/virusinfo/analyses/trojcifonda.html

Collapse -
Troj/Videx-A

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
Troj/Multidr-SD

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
W32/Sdbot-ABD

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Backdoor.Win32.SdBot.abd

Type Worm

W32/Sdbot-ABD is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ABD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ABD spreads by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32sdbotabd.html

Collapse -
Troj/Lineage-Y

In reply to: VIRUS ALERTS - July 4, 2005

Aliases TSPY_LINEAGE.BB
Trojan-PSW.Win32.Lineage.gx

Type Trojan

Troj/Lineage-Y is a password stealing Trojan for the Windows platform that
attempts to steal passwords associated with the online game called "Lineage".
Troj/Lineage-Y modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.

http://www.sophos.com/virusinfo/analyses/trojlineagey.html

Collapse -
W32/MyDoom-AL

In reply to: VIRUS ALERTS - July 4, 2005

Aliases W32/Mydoom.at@MM
WORM_MYDOOM.AL

Type Worm

W32/MyDoom-AL is a mass mailing worm which also attempts to spread via ICQ.
The worm may also attempt to dowload files from a predefined list of remote websites.
In addition W32/MyDoom-AL attempts to disable firewall applications and attempts to prevent access to regedit.

http://www.sophos.com/virusinfo/analyses/w32mydoomal.html

Collapse -
Troj/Agent-BW

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
Troj/Dloader-FA

In reply to: VIRUS ALERTS - July 4, 2005

Aliases TROJ_SMALL.PF
Downloader-TD
W32/Downloader.WA
Trojan-Downloader.Win32.Small.rr

Type Trojan

Troj/Dloader-FA is a Trojan for the Windows platform.
The Trojan attempts to download a file from a remote site and then run it. The downloaded file is placed in the Windows folder with a ten-character filename and the EXE file extension.
At the time of writing, the file downloaded was Troj/Krepper-AE.

http://www.sophos.com/virusinfo/analyses/trojdloaderfa.html

Collapse -
Troj/Flood-EK

In reply to: VIRUS ALERTS - July 4, 2005

Aliases BKDR_IRCFLOOD.EM
IRC/Flood.bk

Type Trojan

Troj/Flood-EK is a Trojan which attempts to flood IRC channels by dropping and executing numerous component parts and other files, many of which are non-malicious applications if run in isolation.

http://www.sophos.com/virusinfo/analyses/trojfloodek.html

Collapse -
Troj/LdPinch-JD

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Trojan-PSW.Win32.LdPinch.jd
PWS-LDPinch
Trojan.LdPinch-19

Type Trojan

Troj/LdPinch-JD is a backdoor and password-stealing Trojan.
Troj/LdPinch-JD steals information relating to a number of applications, including the following:
ICQ
The Bat!
POP3 and IMAP usernames and passwords
Far FTP
AOL Instant Messenger (AIM)
Trillian
Windows Commander and Total Commander
The Trojan may also steal other system information and data relating to dial-up internet settings.
Troj/LdPinch-JD will send stolen information to a remote website or email address.

http://www.sophos.com/virusinfo/analyses/trojldpinchjd.html

Collapse -
Troj/Psyme-BG

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Trojan-Downloader.JS.Psyme.ah
VBS/Psyme

Type Trojan

Troj/Psyme-BG is a downloading Trojan.
Troj/Psyme-BG consists of a number of HTML files which attempt to exploit various vulnerabilities in order to download a malicious executable file.
The file downloaded is likely to be the Trojan Troj/Iyus-I.

http://www.sophos.com/virusinfo/analyses/trojpsymebg.html

Collapse -
Troj/Small-CT

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Trojan-Downloader.Win32.Small.rr
AdClicker-AF.dll
TROJ_SMALL.AAB

Type Trojan

Troj/Small-CT is a downloader Trojan for the Windows platform.
Troj/Small-CT drops a DLL file in the Windows system folder with a random name.
Troj/Small-CT downloads and executes a file from http:\\t34rulit.com.

http://www.sophos.com/virusinfo/analyses/trojsmallct.html

Collapse -
Troj/GrayBird-C

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
W32/Rbot-AGW

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
Troj/LdPinch-BK

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
Troj/QQRob-F

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Trojan-PSW.Win32.QQRob.16.b
TROJ_QQROB.M
PWS-QQRob

Type Trojan

Troj/QQRob-F is a password stealing Trojan for the Windows platform.
Troj/QQRob-F may attempt to turn off various Anti-Virus and security related services in an attempt to stay undetected.
Troj/QQRob-F includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojqqrobf.html

Collapse -
Troj/Vidlo-P

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
Troj/Netdeny-B

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
W32/Mytob-CX

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Net-Worm.Win32.Mytob.bi
W32/Mytob.gen@MM

Type Worm

W32/Mytob-CX is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-CX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Email sent by W32/Mytob-CX have the following properties:
Subject line chosen from:
'Your Account is Suspended'
'*DETECTED* Online User Violation'
'Your Account is Suspended For Security Reasons'
'Warning Message: Your services near to be closed.'
'Important Notification'
'Members Support'
'Security measures'
'Email Account Suspension'
'Notice of account limitation'
Message text chosen from:
'Dear <company name> Member,
We have temporarily suspended your email account <Email address>.
This might be due to either of the following reasons:

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobcx.html

Collapse -
Troj/ServU-BA

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
W32/Dref-C

In reply to: VIRUS ALERTS - July 4, 2005

Aliases Email-Worm.Win32.Drefir.e
W32/Drefir.worm
WORM_DREFIR.C

Type Worm

W32/Dref-C is an internet worm for the Windows platform.
W32/Dref-C spreads via IRC channels and by attaching itself to outgoing emails.
The Worm may begin to delete all files on the system prior to sending any emails.

http://www.sophos.com/virusinfo/analyses/w32drefc.html

Collapse -
W32/Mofei-H

In reply to: VIRUS ALERTS - July 4, 2005

Collapse -
W32/Rbot-AGX

In reply to: VIRUS ALERTS - July 4, 2005

Type Worm

W32/Rbot-AGX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AGX spreads to other network computers by exploiting the WKS (MS03-049) buffer overflow vulnerability.
W32/Rbot-AGX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AGX includes functionality to:
- steal confidential information
- log key strokes to the file <System>\keys.txt
- silently download, install and run new software
W32/Rbot-AGX may also create the file "msdirectx.sys" which is detected by Sophos as Troj/NtRootK-F.
The following patch for the operating system vulnerability exploited by W32/Rbot-AGX can be obtained from the Microsoft website:
MS03-049

http://www.sophos.com/virusinfo/analyses/w32rbotagx.html

Collapse -
W32/Randon-AO

In reply to: VIRUS ALERTS - July 4, 2005

Type Worm

W32/Randon-AO is a multi-component network worm.
W32/Randon-AO contains an IRC backdoor that allows a remote intruder to gain access to and control over the computer.
W32/Randon-AO may attempt to spread to network shares and through the LSASS (MS04-011) vulnerability.

http://www.sophos.com/virusinfo/analyses/w32randonao.html

Collapse -
Troj/Animoo-C

In reply to: VIRUS ALERTS - July 4, 2005

Type Trojan

Troj/Animoo-C is a downloader Trojan that relies on exploiting a vulnerability in the handling of Windows animated cursor (.ANI) files.
Troj/Animoo-C may arrive as an email message with an embedded stylesheet that will load an animated cursor file from a specified URL. The animated cursor file is a copy of Troj/Animoo-C that will in turn download and run the file xpehbamnow.exe on the host computer. Xpehbamnow.exe is detected by Sophos' anti-virus products as Troj/Apher-Fam.
For more information on the animated cursor vulnerability used by Troj/Animoo-C please refer to Microsoft security bulletin MS05-002.

http://www.sophos.com/virusinfo/analyses/trojanimooc.html

Collapse -
Troj/Delf-KQ

In reply to: VIRUS ALERTS - July 4, 2005

Type Trojan

Troj/Delf-KQ is a Trojan for the Windows platform.
Troj/Delf-KQ includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Delf-KQ copies itself to the Windows folder as XPsys.exe.
Troj/Delf-KQ will attempt to download the file 24997.exe to the Windows folder
and run it.
Troj/Delf-KQ will set an number of registry entries to reduce the security levels of the infected system.

http://www.sophos.com/virusinfo/analyses/trojdelfkq.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!