Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 18, 2005

by Marianna Schmudlach / June 18, 2005 1:55 AM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 18, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 18, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/StartPa-GV
by Marianna Schmudlach / June 18, 2005 1:57 AM PDT
Collapse -
W32/Antiman-F
by Marianna Schmudlach / June 18, 2005 1:58 AM PDT

Aliases WORM_ANTIMAN.F
Email-Worm.Win32.Antiman.a
W32/Antiman@MM
W32.Antiman.A@mm

Type Worm

W32/Antiman-F is a mass-mailing worm for the Windows platform.
When run the worm copies itself to the Windows folder as funny.scr and to the current user's Startup folder as startwin.exe.
W32/Antiman-F also creates m.txt, a log file in the root folder.
The worm may periodically attempt to copy itself to the A: drive.

http://www.sophos.com/virusinfo/analyses/w32antimanf.html

Collapse -
W32/Lamud-A
by Marianna Schmudlach / June 18, 2005 2:00 AM PDT

Aliases WORM_LAMUD.A
Trojan.Lamud
Trojan-Dropper.Win32.Delf.cq

Type Worm

W32/Lamud-A is a worm for the Windows platform.
W32/Lamud-A makes periodic attempts to copy itself to drives A: and B: and can spread through network shares.
The worm changes the wallpaper for the current user and disables the control panel and registry editing tools.

http://www.sophos.com/virusinfo/analyses/w32lamuda.html

Collapse -
W32/Demotry-A
by Marianna Schmudlach / June 18, 2005 2:02 AM PDT

Aliases Trojan.Win32.Dtray.a
W32/Demotrayo.worm
W32.Demort

Type Worm

W32/Demotry-A is a worm for the Windows platform.
The worm scans network computers on port 445. W32/Demotry-A copies itself through network shares and mapped logical drives.
W32/Demotry-A monitors the A: drive and copies itself to this location upon deteermining the availability.
W32/Demotry-A also contains the functionality to dial a predefined telephone number. The worm may also connect to remote web servers and display web pages.

http://www.sophos.com/virusinfo/analyses/w32demotrya.html

Collapse -
Troj/WinterLv-C
by Marianna Schmudlach / June 18, 2005 2:03 AM PDT
Collapse -
Troj/QQDragon-G
by Marianna Schmudlach / June 18, 2005 2:05 AM PDT
Collapse -
Troj/QQPopoa-A
by Marianna Schmudlach / June 18, 2005 2:07 AM PDT

Aliases Trojan.Win32.StartPage.zu
Downloader-ACA
Trojan.StartPage
TROJ_VB.BT

Type Trojan

Troj/QQPopoa-A is a password-stealing Trojan.
Troj/QQPopoa-A will log key presses and modify Internet Explorer's Start page.
When run, Troj/QQPopoa-A will launch Internet Explorer with a predefined URL.
Troj/QQPopoa-A may attempt to download further files.

http://www.sophos.com/virusinfo/analyses/trojqqpopoaa.html

Collapse -
Troj/Resod-C
by Marianna Schmudlach / June 18, 2005 2:08 AM PDT
Collapse -
Troj/StatDrop-A
by Marianna Schmudlach / June 18, 2005 2:10 AM PDT

Aliases Trojan-Dropper.Win32.Agent.kd
Trojan-Downloader.Win32.Small.aqt
MultiDropper-BU

Type Trojan

Troj/StatDrop-A is a dropper and downloader Trojan.
Troj/StatDrop-A will drop and run Troj/Multidr-DN. The Trojan will also atttempt to download and run files that are likely to be adware related.

http://www.sophos.com/virusinfo/analyses/trojstatdropa.html

Collapse -
W32/Sdbot-YW
by Marianna Schmudlach / June 18, 2005 2:52 AM PDT

Aliases Backdoor.Win32.SdBot.bh
W32/Sdbot.worm.gen.j
W32.Randex
BKDR_NICSHIZ.A

Type Worm

W32/Sdbot-YW is a worm with IRC backdoor functionality for the Windows platform.
W32/Sdbot-YW allows unauthorised remote access to the infected computer via the IRC network. The worm joins a preconfigured IRC channel and waits for instructions from a remote intruder. The worm can be instructed to download updates and run arbitrary files, participate in DDoS attacks and spread to remote network shares.

http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html

Collapse -
W32/Kelvir-AB
by Marianna Schmudlach / June 18, 2005 2:54 AM PDT
Collapse -
W32/Rbot-ADV
by Marianna Schmudlach / June 18, 2005 2:56 AM PDT

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.l

Type Worm

W32/Rbot-ADV is a worm which attempts to spread to remote network shares. It also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotadv.html

Collapse -
Troj/Clecker-A
by Marianna Schmudlach / June 18, 2005 2:57 AM PDT
Collapse -
Troj/Agent-DS
by Marianna Schmudlach / June 18, 2005 2:59 AM PDT

Aliases Trojan-Proxy.Win32.Agent.fe
W32/Agent.MO

Type Trojan

Troj/Agent-DS is a proxy Trojan with backdoor functionality for the Windows platform.
Troj/Agent-DS modifies a Windows HOSTS file prepending it with the list of the popular search engine sites looped to the specific IP address.

http://www.sophos.com/virusinfo/analyses/trojagentds.html

Collapse -
Troj/Duller-B
by Marianna Schmudlach / June 18, 2005 3:01 AM PDT

Aliases Exploit-MS05-016
Bloodhound.Exploit.34
VBS_RUNEXPLT.C

Type Trojan

Troj/Duller-B is a Trojan that attempts to download and run further malware.
The Trojan uses an exploit to drop and run an FTP script file. Using this file, the Trojan attempts to download an executable file from an FTP server and run it.

http://www.sophos.com/virusinfo/analyses/trojdullerb.html

Collapse -
Troj/Dloader-OB
by Marianna Schmudlach / June 18, 2005 3:02 AM PDT
Collapse -
W32/Agobot-SU
by Marianna Schmudlach / June 18, 2005 3:04 AM PDT

Aliases Backdoor.Win32.Agobot.abv

Type Worm

W32/Agobot-SU is a worm and IRC backdoor Trojan for the Windows platform.
W32/Agobot-SU includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- provide a proxy server
- silently download, install and run new software
- disable other applications
W32/Agobot-SU spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.
The following patch for the operating system vulnerability exploited by W32/Agobot-SU can be obtained from the Microsoft website:
MS04-012
MS04-011
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32agobotsu.html

Collapse -
W32/Oscabot-I
by Marianna Schmudlach / June 18, 2005 3:06 AM PDT

Aliases IM-Worm.Win32.Funmov.a

Type Worm

W32/Oscabot-I is an instant messaging worm that can exploit users of AOL Instant Messaging clients.
W32/Oscabot-I connects to a specific channel on an IRC service and waits for a remote attacker to instruct the bot to send messages to contacts in the infected user's AOL contacts list.
W32/Oscabot-I also attempts to download files from a remote website and run them when instructed to do so by the remote attacker.

http://www.sophos.com/virusinfo/analyses/w32oscaboti.html

Collapse -
Troj/Agent-DT
by Marianna Schmudlach / June 18, 2005 3:07 AM PDT

Aliases Trojan-Clicker.Win32.Agent.bo

Type Trojan

Troj/Agent-DT is a Trojan for the Windows platform.
Troj/Agent-DT will download files from a list of predefined URLs. The Trojan will also add several URLs to the user's favorites menu.


http://www.sophos.com/virusinfo/analyses/trojagentdt.html

Collapse -
W32/Sdbot-ZM
by Marianna Schmudlach / June 18, 2005 3:09 AM PDT

Aliases Backdoor.Win32.SdBot.yx

Type Worm

W32/Sdbot-ZM is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-ZM connects to a predetermined IRC channel and awaits further commands from remote users.

http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html

Collapse -
Troj/Delbot-E
by Marianna Schmudlach / June 18, 2005 3:11 AM PDT
Collapse -
W32/Mytob-BN
by Marianna Schmudlach / June 18, 2005 3:13 AM PDT

Aliases Net-Worm.Win32.Mytob.t

Type Worm

W32/Mytob-BN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BN is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-BN harvests email addresses from files on the infected computer and from the Windows address book as well as the Microsoft Internet Account Manager.
W32/Mytob-BN also appends the HOSTS file to deny access to security related websites.
The following patch for the operating system vulnerability exploited by W32/Mytob-BN can be obtained from the Microsoft website:
LSASS (MS04-011) security vulnerability

http://www.sophos.com/virusinfo/analyses/w32mytobbn.html

Collapse -
W32/Mytob-BO
by Marianna Schmudlach / June 18, 2005 3:14 AM PDT

Type Worm

W32/Mytob-BO is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BO also includes functionality to silently download, install and run new software.
W32/Mytob-BO modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.
W32/Mytob-BO disables and terminates processes.

http://www.sophos.com/virusinfo/analyses/w32mytobbo.html

Collapse -
W32/Mytob-BP
by Marianna Schmudlach / June 18, 2005 3:16 AM PDT

Type Worm

W32/Mytob-BP is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BP also includes functionality to silently download, install and run new software.
W32/Mytob-BP harvests email addresses from files on the infected computer and from the Windows address book.
W32/Mytob-BP modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.

http://www.sophos.com/virusinfo/analyses/w32mytobbp.html

Collapse -
W32/Mytob-BM
by Marianna Schmudlach / June 18, 2005 3:17 AM PDT

Type Worm

W32/Mytob-BM is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BM spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: RPC-DCOM (MS04-012) and LSASS (MS04-011) and by copying itself to network shares protected by weak passwords.
W32/Mytob-BM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BM harvests email addresses from files on the infected computer and from the Windows address book as well as the Microsoft Internet Account Manager.
The following patches for the operating system vulnerabilities exploited by W32/Mytob-BM can be obtained from the Microsoft website:
LSASS (MS04-011) security vulnerability
RPC-DCOM (MS04-012) security vulnerability

http://www.sophos.com/virusinfo/analyses/w32mytobbm.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!