Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 27, 2005

Troj/BagleDl-R
Summary

Aliases Email-Worm.Win32.Bagle.bq


Type Trojan

Troj/BagleDl-R is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-R includes functionality to:
- inject its code into EXPLORER.EXE
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related applications
Troj/BagleDl-R then attempts to download files from remote websites and run them.
Troj/BagleDl-R may also run MSPAINT.EXE in an attempt to obfuscate itself.


http://www.sophos.com/virusinfo/analyses/trojbagledlr.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 27, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 27, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Sdbot-AYF

In reply to: VIRUS ALERTS - June 27, 2005

Type Worm

W32/Sdbot-AYF is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-AYF connects to a predetermined IRC channel and awaits further commands from remote users.
Patches for the vulnerabilities exploited by W32/Sdbot-AYF can be obtained from Microsoft at:
MS02-039
MS04-011
MS04-012

http://www.sophos.com/virusinfo/analyses/w32sdbotayf.html

Collapse -
Troj/Rootkit-X

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
W32/Rbot-AGK

In reply to: VIRUS ALERTS - June 27, 2005

Aliases WORM_RBOT.BQY

Type Worm

W32/Rbot-AGK is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AGK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotagk.html

Collapse -
Dial/TlfLic-D

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Trojan.Win32.Dialer.ay

Type Trojan

Dial/TlfLic-D tries to create a dialup connection to a remote server and then loads web pages which may give access to further pages relating to online gambling and sex. Internet shortcuts to these web sites may be created on the Desktop.
The main executable component of Dial/TlfLic-D drops a executable from its resource section to the Windows TEMP folder as h91746.exe and uses it to perform the dialup connection. Dial/TlfLic-D then deletes h91746.exe.
A file with an extension of INI may also be created in the TEMP folder.

http://www.sophos.com/virusinfo/analyses/dialtlflicd.html

Collapse -
W32/Kedebe-F

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
W32/Sdbot-AYE

In reply to: VIRUS ALERTS - June 27, 2005

Type Worm

W32/Sdbot-AYE is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-AYE connects to a predetermined IRC channel and awaits further commands from remote users.
Patches for the vulnerabilities exploited by W32/Sdbot-AYE can be obtained from Microsoft at:
MS02-039
MS04-011
MS04-012

http://www.sophos.com/virusinfo/analyses/w32sdbotaye.html

Collapse -
Troj/HacDef-S

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/ServU-AY

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Vixup-E

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Vixup-D

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Bdoor-IS

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Vixup-C

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
W32/Kelvir-AJ

In reply to: VIRUS ALERTS - June 27, 2005

Aliases IM-Worm.Win32.Prex.d

Type Worm

W32/Kelvir-AJ is an instant messenging worm for the Windows platform.
W32/Kelvir-AJ spreads by sending a message through Windows Messenger to all of an infected user's contacts.
W32/Kelvir-AJ sends the following message to all MSN Messenger contacts encouraging recipients to visit a website:
"hahaaaa you are in the weebs picture Wink <URL>"
At the time of writing, the URL was not available.

http://www.sophos.com/virusinfo/analyses/w32kelviraj.html

Collapse -
W32/Kelvir-AI

In reply to: VIRUS ALERTS - June 27, 2005

Aliases IM-Worm.Win32.Kelvir.as
W32.Kelvir.BF
WORM_KELVIR.AQ

Type Worm

W32/Kelvir-AI is an MSN Messenger worm.
W32/Kelvir-AI sends a message to all MSN Messenger contacts with a link to a
site that contains a copy of the worm.
The message will be one of the following:
:D:D wow check it
:):) haha, this is cool
(L) you check what i made
Silly Great stuff
OMG Grin THIS IS GREAT
BLA Grin BLABLA, im bored, look what i made.
W32/Kelvir-AI will attempt to disable Anti-virus and firewall processes and
services.
W32/Kelvir-AI includes functionality to silently download, install and run new software.

http://www.sophos.com/virusinfo/analyses/w32kelvirai.html

Collapse -
Troj/Dropper-AN

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/AdClick-AQ

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Dloader-PH

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Lineage-T

In reply to: VIRUS ALERTS - June 27, 2005

Aliases TSPY_LINEAGE.O
Trojan-Downloader.Win32.Agent.ni

Type Trojan

Troj/Lineage-T is a password stealing Trojan for the Windows platform that
attempts to steal passwords associated with the online game called "Lineage".
Troj/Lineage-T includes functionality to access the internet and communicate
with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojlineaget.html

Collapse -
Troj/Bifrose-AZ

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Backdoor.Win32.Bifrose.az
BackDoor-CKA

Type Trojan

Troj/Bifrose-AZ is a backdoor Trojan generation tool.
Troj/Bifrose-AZ may create registry entries under the following key:
HKCU\software\EES\BIFROST1.1
The backdoor Trojan generated by Troj/Bifrose-AZ is detected by Sophos as Troj/Bckdr-CKA.

http://www.sophos.com/virusinfo/analyses/trojbifroseaz.html

Collapse -
Troj/Cozdoor-B

In reply to: VIRUS ALERTS - June 27, 2005

Type Trojan

Troj/Cozdoor-B is a backdoor Trojan DLL helper component for the Windows platform.
Once run Troj/Cozdoor-B connects to a pre-specified website where it can receive further commands.
Troj/Cozdoor-B can be instructed to upload, download, and execute files.
Troj/Cozdoor-B can also transfer files using FTP and as attachments via SMTP.
Troj/Cozdoor-B modifies the HOSTS file.

http://www.sophos.com/virusinfo/analyses/trojcozdoorb.html

Collapse -
W32/Codbot-N

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Backdoor.Win32.Codbot.ag
W32.Toxbot
WORM_SPYBOT.ABN

Type Worm

W32/Codbot-N is a worm and IRC backdoor Trojan for the Windows platform.
W32/Codbot-N runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32codbotn.html

Collapse -
Troj/LSAExp-A

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Net-Worm.Win32.Xatch.a

Type Trojan

Troj/LSAExp-A is a backdoor Trojan which allows a remote intruder to gain access
and control over the computer.
Troj/LSAExp-A also attempts to open a backdoor to other network computers by
exploiting common buffer overflow vulnerabilites, including LSASS (MS04-011).
The following patch for the operating system vulnerability exploited by Troj/LSAExp-A can be obtained from the Microsoft website:
MS04-011

http://www.sophos.com/virusinfo/analyses/trojlsaexpa.html

Collapse -
Troj/Dloader-PJ

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Bancban-DH

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Feutel-J

In reply to: VIRUS ALERTS - June 27, 2005

Aliases backdoor.win32.hupigon.z
backdoor.win32.hupigon.ae
backdoor.win32.hupigon.ad

Type Trojan

Troj/Feutel-J is a Trojan for the Windows platform.
The Trojan contains keylogging functionality which may be used to steal passwords or other sensitive information.
Troj/Feutel-J may also download further files from the internet.

http://www.sophos.com/virusinfo/analyses/trojfeutelj.html

Collapse -
Troj/BagleDl-R

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Email-Worm.Win32.Bagle.bq

Type Trojan

Troj/BagleDl-R is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-R includes functionality to:
- inject its code into EXPLORER.EXE
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related applications
Troj/BagleDl-R then attempts to download files from remote websites and run them.
Troj/BagleDl-R may also run MSPAINT.EXE in an attempt to obfuscate itself.

http://www.sophos.com/virusinfo/analyses/trojbagledlr.html

Collapse -
W32/Kelvir-CB

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Dloader-PK

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Troj/Multidr-DO

In reply to: VIRUS ALERTS - June 27, 2005

Collapse -
Dial/Chivio-A

In reply to: VIRUS ALERTS - June 27, 2005

Aliases Trojan.Win32.Dialer.hh

Type Trojan

Dial/Chivio-A is a premium-rate dialer application used to access pornographic material.
When run, Dial/Chivio-A will display a dialog box with the title "Private Internet Zone" and buttons labelled "Si" and "No".
Dial/Chivio-A modifies the Start Page for Microsoft Internet Explorer.
Dial/Chivio-A will reduce internet security settings.

http://www.sophos.com/virusinfo/analyses/dialchivioa.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.