Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 24, 2005

Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 24, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 24, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Kelvir-AG

In reply to: VIRUS ALERTS - June 24, 2005

Aliases IM-Worm.Win32.Kelvir.bz
W32/Kelvir.worm.co

Type Worm

W32/Kelvir-AG is an instant messenging worm for the Windows platform.
W32/Kelvir-AG spreads by sending a message through Windows Messenger to all of an infected user's contacts.
W32/Kelvir-AG sends the following message to all MSN Messenger contacts encouraging recipients to visit a website:
"i think you`ll love this <URL> hehe"
At the time of writing, the URL was not available.

http://www.sophos.com/virusinfo/analyses/w32kelvirag.html

Collapse -
Troj/Bancban-DG

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
W32/Rbot-AGJ

In reply to: VIRUS ALERTS - June 24, 2005

Type Worm

W32/Rbot-AGJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AGJ spreads:
- to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and WKS (MS03-049) (CAN-2003-0812)
- by copying itself to network shares protected by weak passwords
W32/Rbot-AGJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AGJ includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- provide a proxy server
- silently download, install and run new software, including updates of its software
The following patches for the operating system vulnerability exploited by
W32/Rbot-AGJ can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049

http://www.sophos.com/virusinfo/analyses/w32rbotagj.html

Collapse -
W32/Kelvir-AH

In reply to: VIRUS ALERTS - June 24, 2005

Aliases IM-Worm.Win32.Kelvir.at
W32/Kelvir.worm.ax

Type Worm

W32/Kelvir-AH is an instant messenging worm for the Windows platform.
W32/Kelvir-AH sends the following message to all MSN Messenger contacts encouraging recipients to visit a website:
"look at these games <URL>"
At the time of writing, the URL was not available.

http://www.sophos.com/virusinfo/analyses/w32kelvirah.html

Collapse -
W32/Mytob-BV

In reply to: VIRUS ALERTS - June 24, 2005

Aliases Net-Worm.Win32.Mytob.bi
W32/Mytob-BV
W32.Mytob.FA@mm

Type Worm

W32/Mytob-BV is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-BV can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Mytob-BV avoids sending emails to addresses containing certain strings in them.
W32/Mytob-BV processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Mytob-BV spoofs the sender, sending emails as if from one of the following at the same domain as the recipient:

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobbv.html

Collapse -
W32/Opaserv-V

In reply to: VIRUS ALERTS - June 24, 2005

Type Worm

W32/Opaserv-V is a worm which spreads by copying itself to network shares.
The worm drops copies of itself to the Windows folder as Banda!, Podre!! and speedy.pif, then adds an entry to the registry at
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Spees3
to run itself on system restart.
The worm attempts to copy itself to the Windows folder on networked computers with open shared drives. The worm then modifies the win.ini on the remote machine to ensure it will be run on system restart.
W32/Opaserv-V also attempts to update itself periodically from a pre-configured website.

http://www.sophos.com/virusinfo/analyses/w32opaservv.html

Collapse -
Troj/Pyfls-A

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Troj/Torpid-E

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Troj/NtRootk-G

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Troj/DelShare-L

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Troj/Proxy-L

In reply to: VIRUS ALERTS - June 24, 2005

Aliases Trojan-Dropper.Win32.Small.wv
Generic Downloader.g
Download.Trojan
TROJ_SMALL.AFF

Type Trojan

Troj/Proxy-L is a proxy Trojan for the Windows platform that allows a remote user to route traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojproxyl.html

Collapse -
Troj/Agent-EE

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Troj/Banker-DP

In reply to: VIRUS ALERTS - June 24, 2005

Aliases Trojan-Spy.Win32.Banker.cv
PWS-Banker.dr.h
probably.unknown.WIN32.virus

Type Trojan

Troj/Banker-DP is a banking Trojan for the Windows platform.
Troj/Banker-DP may display a fake error message box with the title "Erro de aplicativo" and the message "Aplicativo nao inicializado corretamente (0xc0000005). Clique em OK para finalizar a execucao".

http://www.sophos.com/virusinfo/analyses/trojbankerdp.html

Collapse -
Troj/VB-HD

In reply to: VIRUS ALERTS - June 24, 2005

Collapse -
Sources of Anti-Virus Information

In reply to: VIRUS ALERTS - June 24, 2005

Doug Muth's Anti-Virus Help Page,at http://www.claws-and-paws.com/virus."A fantastically deep collection of information regarding computer viruses with lots of helpful papers,reports,and links to additional resources.One thing that makes this site great is that it's not tied to any commercial concern."

Collapse -
Symantec and McAfee

In reply to: Sources of Anti-Virus Information

Symantec AntiVirus Research Center(SARC),at http://www.sarc.com."An easy enough domain name to remember,especially when you need fast access to the latest virus alerts ."McAfee Virus Information Library,at http://vil.nai.com/vil."This encyclopedic listing of viruses is one of the first places you should look to get help or find out what's going on."

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!