HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 22, 2005

by Marianna Schmudlach / June 22, 2005 1:57 AM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 22, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 22, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Agent-EM
by Marianna Schmudlach / June 22, 2005 1:59 AM PDT
Collapse -
Troj/Radnag-B
by Marianna Schmudlach / June 22, 2005 2:00 AM PDT
Collapse -
W32/Mkar-F
by Marianna Schmudlach / June 22, 2005 2:01 AM PDT

Aliases W32.Marak
Virus.Win32.Mkar.c
W32/Mkar.c

Type Virus

W32/Mkar-F is a prepending virus that infects EXE files.
W32/Mkar-F copies itself to the folder "drivers" under the Windows system folder and drops a components into the folder "001" under the current folder.
On NT-based versions of Windows W32/Mkar-F installs itself as a service process called NetLogSrv with a display name comprised of non-ASCII characters.
Infected EXE files can be disinfected.

http://www.sophos.com/virusinfo/analyses/w32mkarf.html

Collapse -
Troj/Flood-EO
by Marianna Schmudlach / June 22, 2005 2:03 AM PDT

Aliases Trojan-DDoS.Win32.Small.h

Type Trojan

Troj/Flood-EO is a Trojan for the Windows platform.
Troj/Flood-EO will attempt to download a configuration file from a remote website which contains commands to execute. These commands include:
- carry out DDoS flooder attacks
- execute an arbitrary command
- uninstall itself from the computer

http://www.sophos.com/virusinfo/analyses/trojfloodeo.html

Collapse -
W32/Rbot-AGE
by Marianna Schmudlach / June 22, 2005 2:05 AM PDT

Aliases Backdoor.Win32.SdBot.xd

Type Worm

W32/Rbot-AGE is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AGE spreads to other network computers by exploiting the buffer overflow vulnerabilites LSASS (MS04-011), RPC-DCOM (MS04-012) and MSSQL (MS02-039) and by copying itself to network shares protected by weak passwords.
W32/Rbot-AGE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Rbot-AGE copies itself to <Windows>\msdevnull.exe and creates the file <System>\msriv1.sys.
The file msriv1.sys is detected as Troj/Rootkit-W.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AGE can be obtained from the Microsoft website:
MS04-011
MS04-012
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotage.html

Collapse -
Troj/Lydra-B
by Marianna Schmudlach / June 22, 2005 2:06 AM PDT
Collapse -
Troj/Dumaru-BM
by Marianna Schmudlach / June 22, 2005 2:08 AM PDT

Aliases Backdoor.Win32.Dumador.bm
W32/Dumaru.gen@MM

Type Trojan

Troj/Dumaru-BM is a backdoor Trojan with password stealing capabilities.
Troj/Dumaru-BM attempts to steal confidential information and send it to a remote location. The Trojan allows a remote intruder to gain access to and control over the computer
Troj/Dumaru-BM will attempt to deny access to anti-virus and security-related websites and may attempt to disable the firewall.

http://www.sophos.com/virusinfo/analyses/trojdumarubm.html

Collapse -
W32/Mytob-BS
by Marianna Schmudlach / June 22, 2005 2:10 AM PDT

Aliases Net-Worm.Win32.Mytob.w

Type Worm

W32/Mytob-BS is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BS spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: RPC-DCOM (MS04-012) and LSASS (MS04-011) and by copying itself to network shares protected by weak passwords.
W32/Mytob-BS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BS is capable of spreading through email. Email sent by W32/Mytob-BS has the following properties:
Subject line chosen from:

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobbs.html

Collapse -
W32/Tibick-E
by Marianna Schmudlach / June 22, 2005 2:12 AM PDT

Aliases WORM_TIBICK.D
W32.Tibick
P2P-Worm.Win32.Tibick.d

Type Worm

W32/Tibick-E is a P2P worm.
W32/Tibick-E creates a subfolder in the Windows system folder named "msview" and creates several copies of itself in this new folder.
W32/Tibick-E then alters the settings for common Peer to Peer (P2P) applications to share the "msview" folder.
W32/Tibick-E also contains IRC backdoor Trojan functionality. W32/Tibick-E will attempt to connect to a remote IRC server and may attempt to download and execute a file from a specified address. Files are downloaded to the Windows system folder with a random filename followed by the EXE file extension.

http://www.sophos.com/virusinfo/analyses/w32tibicke.html

Collapse -
Troj/Riler-L
by Marianna Schmudlach / June 22, 2005 2:14 AM PDT

Aliases Backdoor.Win32.Riler.b
BackDoor-BCB
Trojan.Riler.C

Type Trojan

Troj/Riler-L is a backdoor Trojan.
Troj/Riler-L spies on network traffic on the infected computer. The Trojan will relay certain types of network traffic to a remote site.
Troj/Riler-L has a backdoor component that will connect to a remote site and await backdoor commands.

http://www.sophos.com/virusinfo/analyses/trojrilerl.html

Collapse -
W32/Rbot-AGC
by Marianna Schmudlach / June 22, 2005 2:15 AM PDT

Aliases Backdoor.Win32.SdBot.aad

Type Worm

W32/Rbot-AGC is a worm for the Windows platform.
W32/Rbot-AGC spreads to other network computers by exploiting the buffer overflow vulnerabilites LSASS (MS04-011) and RPC-DCOM (MS04-012) and by copying itself to network shares protected by weak passwords.
When first run W32/Rbot-AGC copies itself to <Windows>\aim.exe and creates the file <System>\rdriv.sys.
The file rdriv.sys is detected by Sophos as Troj/Rootkit-W.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AGC can be obtained from the Microsoft website:
MS04-011
MS04-012

http://www.sophos.com/virusinfo/analyses/w32rbotagc.html

Collapse -
W32/Mytob-BU
by Marianna Schmudlach / June 22, 2005 10:34 AM PDT

Aliases Net-Worm.Win32.Mytob.bi
W32/Mytob.gen@MM
W32.Mytob.EY@mm
WORM_MYTOB.FO

Type Worm

W32/Mytob-BU is a mass-mailing worm with backdoor functionality.
W32/Mytob-BU can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Mytob-BU avoids sending emails to addresses containing certain strings in them.
W32/Mytob-BU processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Mytob-BU

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobbu.html

Collapse -
Troj/Clsldr-D
by Marianna Schmudlach / June 22, 2005 10:36 AM PDT
Collapse -
Dial/Ployb-A
by Marianna Schmudlach / June 22, 2005 10:38 AM PDT
Collapse -
W32/Rbot-AGF
by Marianna Schmudlach / June 22, 2005 10:41 AM PDT

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.i
W32.Spybot.Worm

Type Worm

W32/Rbot-AGF is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-AGF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access to and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotagf.html

Collapse -
W32/Rbot-AGD
by Marianna Schmudlach / June 22, 2005 10:43 AM PDT

Aliases Backdoor.Win32.SdBot.zy
W32/Sdbot.worm.gen.h

Type Worm

W32/Rbot-AGD is a worm with backdoor functionality for the Windows platform.
W32/Rbot-AGD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Rbot-AGD copies itself to <Windows folder>\lsass.exe and creates the file <Windows system folder>\rdriv.sys.
W32/Rbot-AGD also creates registry entries to run lsass.exe automatically during system startup.

http://www.sophos.com/virusinfo/analyses/w32rbotagd.html

Collapse -
Troj/Animoo-B
by Marianna Schmudlach / June 22, 2005 10:44 AM PDT
Collapse -
Troj/Bankhof-A
by Marianna Schmudlach / June 22, 2005 10:46 AM PDT
Collapse -
W32/Rbot-BAA
by Marianna Schmudlach / June 22, 2005 10:48 AM PDT

Type Worm

W32/Rbot-BAA is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-BAA spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-BAA can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BAA can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)

http://www.sophos.com/virusinfo/analyses/w32rbotbaa.html

Collapse -
Troj/LdPinch-BM
by Marianna Schmudlach / June 22, 2005 10:49 AM PDT

Aliases TROJ_LDPINCH.BM
PWS-LDPinch
PWSteal.Ldpinch.E

Type Trojan

Troj/LdPinch-BM is a Trojan for the Windows platform.
The Trojan reports the infection details to a remote site via HTTP. Troj/LdPinch-BM then starts an FTP server which allows remote attackers full control over the file system. The Trojan harvests information from the infected computer and submits the stolen information to a remote user via email.

http://www.sophos.com/virusinfo/analyses/trojldpinchbm.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.