Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 29, 2005

W32/Codbot-AG
Summary

Aliases WORM_SDBOT.BLH
Backdoor.Win32.Codbot.ag
W32.Toxbot

Type Worm

W32/Codbot-AG is a network worm with backdoor functionality for the Windows platform.
W32/Codbot-AG can spread to remote network shares protected by weak passwords and to computers vulnerable to common exploits, including the RPC-DCOM, LSASS and MSSQL vulnerabilities.
W32/Codbot-AG can be controlled by a remote attacker via the IRC network. The attacker can issue commands to download and run further malicious code, steal passwords and system information and sniff packets from the local network.

http://www.sophos.com/virusinfo/analyses/w32codbotag.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 29, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 29, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
WM97/Esele-A

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Capedown-A

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Downloader-AAI

Type Trojan

Troj/Capedown-A is a downloader Trojan.
Troj/Capedown-A will contact a remote server via HTTP and download data. The Trojan will then attempt to download a list of executable files and run them without the user's consent.

http://www.sophos.com/virusinfo/analyses/trojcapedowna.html

Collapse -
Troj/Banito-F

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Lofler-A

In reply to: VIRUS ALERTS - June 29, 2005

Type Trojan

Troj/Lofler-A is a downloader Trojan for the Windows platform.
Troj/Lofler-A may arrive on a system as a CHM file, that contains a HTML page that exploits the codebase vulnerability present in some versions of Internet Explorer to install the Trojan.

http://www.sophos.com/virusinfo/analyses/trojloflera.html

Collapse -
Troj/Siggy-A

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/BeastDo-Y

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Webdrop-A

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Dumaru-H

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Backdoor.Win32.Dumador.cx

Type Trojan

Troj/Dumaru-H is a Trojan for the Windows platform.
Troj/Dumaru-H includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan may modify the HOSTS file, preventing access to anti-virus websites.

http://www.sophos.com/virusinfo/analyses/trojdumaruh.html

Collapse -
Troj/Small-EM

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Divo-A

In reply to: VIRUS ALERTS - June 29, 2005

Type Trojan

Troj/Divo-A is a password stealing Trojan for the Windows platform.
Troj/Divo-A will wait for certain websites to be accessed. The Trojan will then log personal information entered on the website. The Trojan may also display a fake message in order to make the user feel more comfortable about entering personal information. This message may be displayed in both English and Spanish.

http://www.sophos.com/virusinfo/analyses/trojdivoa.html

Collapse -
Troj/Multidr-DQ

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Qhosts-F

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Trojan.DOS.Qhost.b
QHosts-32

Type Trojan

Troj/Qhosts-F is a Trojan for the Windows platform.
Troj/Qhosts-F will attempt to modify the hosts files in order to redirect the following URLs to a bogus URL in order to steal information.

http://www.sophos.com/virusinfo/analyses/trojqhostsf.html

Collapse -
W32/Mytob-MA

In reply to: VIRUS ALERTS - June 29, 2005

Type Worm

W32/Mytob-MA is an email relay worm for the Windows platform.
The worm downloads configuration data from a remote site which defines further actions.
Email sent by W32/Mytob-MA may have the following properties or may have properties as determined by the downloaded configuration file:
Subject line:
'A postcard for you!'
'another terrorist?'
'Cool picture'
'crazy housewife'
'employees list'
'Error: could not send message for past 2 days'
'file submission failure'
'Funniest George W. Bush Picture ever'

MORE: http://www.sophos.com/virusinfo/analyses/w32mytobma.html

Collapse -
Troj/Delf-KP

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Trojan.Win32.Delf.jq
BackDoor-CJS

Type Trojan

Troj/Delf-KP is a Trojan for the Windows platform.
When first run Troj/Delf-KP copies itself with a random name and the EXE
extension to the Windows system folder and creates the following files:
<System>\msl_cfx.dll
<System>\mslbsystl.dat

http://www.sophos.com/virusinfo/analyses/trojdelfkp.html

Collapse -
Troj/AleSpy-B

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Trojan.Win32.Agent.eo
Spy-Agent.h
W32.Desktophijack

Type Trojan

Troj/AleSpy-B is a Trojan for the Windows platform.
Troj/AleSpy-B will attempt to spy on web traffic. The Trojan will also attempt to download and run executable files.
When first run, Troj/AleSpy-B will alter the Windows Desktop background. The Trojan will change the color of the Desktop and display a fake blue screen error image with the following text:
Security warning
A fatal error in IE has occured at 0028:c0011e36 in VXD VMM(01) +
00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
* System can not function in normal mode.
Please check you security settings.
* Scan your PC with any avaliable antivirus / spyware remover
program to fix the problem.

http://www.sophos.com/virusinfo/analyses/trojalespyb.html

Collapse -
W32/Sdbot-AYD

In reply to: VIRUS ALERTS - June 29, 2005

Type Worm

W32/Sdbot-AYD is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-AYD connects to a predetermined IRC channel and awaits further commands from remote users.

http://www.sophos.com/virusinfo/analyses/w32sdbotayd.html

Collapse -
W32/Kelvir-AK

In reply to: VIRUS ALERTS - June 29, 2005

Aliases IM-Worm.Win32.Kelvir.af
W32.Kelvir.BF
WORM_KELVIR.AH

Type Worm

W32/Kelvir-AK is an MSN Messenger worm.
W32/Kelvir-AK sends a message to all MSN Messenger contacts with a link to a site that contains a copy of the worm.
The message will be one of the following:
Damn this is cool
Got this from a friend, it's him.
Great preview for the newest movie
Great stuff, check this out
HAHA CHECK THIS!!
I love u, look what i made
Je moeder joh, haha. This is so cool.
Never seen this before Plain
Nice site, i love it
Owwkkeee..., is goed. Check this out!! Grin
This is sick ****, did u ever see this ?
This is u i made it, hehe check it out
W32/Kelvir-AK will attempt to disable Anti-virus and firewall processes and services.
W32/Kelvir-AK includes functionality to silently download, install and run new software.

http://www.sophos.com/virusinfo/analyses/w32kelvirak.html

Collapse -
Troj/LdPinch-BG

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Skulls-E

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Trojan.SymbOS.Skuller.d
SymbOS/Skulls.e
SYMBOS_SKULLS.E

Type Trojan

Troj/Skulls-E is a Trojan developed for mobile phones based on Nokia Series 60 specifications of the Symbian operating system. The Trojan has reportedly been posted on websites containing shareware applications for Symbian phones. The Trojan installation file is added to several SIS files containing the legitimate shareware programs as an addtional component to install to the phone.

http://www.sophos.com/virusinfo/analyses/trojskullse.html

Collapse -
Troj/LdPinch-BI

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Dadobra-A

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Prorat-19

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Win32.Prorat.19.i
BKDR_PRORAT.I

Type Trojan

Troj/Prorat-19 is a Trojan for the Windows platform.
The Trojan attempts to download additional components from a remote site.
Troj/Prorat-19 and its helper DLL files gather information from an infected computer and email it to a remote user.

http://www.sophos.com/virusinfo/analyses/trojprorat19.html

Collapse -
W32/Kelvir-CB

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Dloader-PK

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Multidr-DO

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Dial/Chivio-A

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Trojan.Win32.Dialer.hh


Type Trojan

Dial/Chivio-A is a premium-rate dialer application used to access pornographic material.
When run, Dial/Chivio-A will display a dialog box with the title "Private Internet Zone" and buttons labelled "Si" and "No".
Dial/Chivio-A modifies the Start Page for Microsoft Internet Explorer.
Dial/Chivio-A will reduce internet security settings.

http://www.sophos.com/virusinfo/analyses/dialchivioa.html

Collapse -
Troj/Paymite-A

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
W32/Sdbot-ZU

In reply to: VIRUS ALERTS - June 29, 2005

Type Worm

W32/Sdbot-ZU is a network worm with backdoor functionality for the Windows platform which allows a remote intruder to access and control the computer via IRC channels.
The backdoor component joins a specific channel on an IRC server and then runs continuously in the background as a service process, listening on the IRC channel for specific commands and carrying out the appropriate actions.
The worm will attempt to spread through network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32sdbotzu.html

Collapse -
Troj/Multidr-DP

In reply to: VIRUS ALERTS - June 29, 2005

Collapse -
Troj/Dumaru-G

In reply to: VIRUS ALERTS - June 29, 2005

Aliases Backdoor.Win32.Dumador.cy
BackDoor-CCT.gen
Backdoor.Nibu

Type Trojan

Troj/Dumaru-G is a backdoor Trojan with password stealing capabilities.
Troj/Dumaru-G attempts to steal confidential information and send it to a remote location. The Trojan allows a remote intruder to gain access to and control over the computer.

http://www.sophos.com/virusinfo/analyses/trojdumarug.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.