Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 16, 2005

by Marianna Schmudlach / March 15, 2005 11:53 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 16, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 16, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloader-JM
by Marianna Schmudlach / March 15, 2005 11:56 PM PST

Aliases Trojan-Downloader.Win32.Murlo.a

Type Trojan

Troj/Dloader-JM is a Trojan which attempts to download and execute components from remote websites.
The Trojan may attempt to delete the file C:\Documents and Settings\qwe.hta and %SYSTEM%\cm.exe

http://www.sophos.com/virusinfo/analyses/trojdloaderjm.html

Collapse -
Troj/Small-DN
by Marianna Schmudlach / March 15, 2005 11:58 PM PST

Aliases Downloader-WG

Type Trojan

Troj/Small-DN is a downloader Trojan for the Windows platform.
Troj/Small-DN will move itself to the Windows temporary folder with the name iexplore.exe. Troj/Small-DN will then attempt to download and execute a file from a predefined url.

http://www.sophos.com/virusinfo/analyses/trojsmalldn.html

Collapse -
Troj/BankAsh-C
by Marianna Schmudlach / March 15, 2005 11:59 PM PST

Type Trojan

Troj/BankAsh-C is a banker and password stealing Trojan.
Troj/BankAsh-C will spy on a user's internet access. When certain banking and finance websites are accessed, the Trojan can display a fake login page or log keyboard presses in order to steal username and password information.

http://www.sophos.com/virusinfo/analyses/trojbankashc.html

Collapse -
W32/Poebot-J
by Marianna Schmudlach / March 16, 2005 12:01 AM PST

Aliases WORM_RBOT.AQY


Type Worm

W32/Poebot-J is a worm which attempts to spread to remote network shares with weak passwords.
The worm also contains backdoor functionality allowing unauthorised remote access to the infected computer via IRC channels.
W32/Poebot-J allows a remote attacker to steal internet account user names and passwords, download and execute files from the Internet, flood other computers with network packets, retrieve system information and execute arbitrary commands by opening a remote shell on the infected computer.

http://www.sophos.com/virusinfo/analyses/w32poebotj.html

Collapse -
W32/Rbot-YD
by Marianna Schmudlach / March 16, 2005 12:03 AM PST

Type Worm

W32/Rbot-YD is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011) and the RPC-DCOM security exploit (MS03-039).
Once installed, W32/Rbot-YD will attempt to participate in denial of service (DoS) attacks, setup a SOCKS4 server and download and run files from the internet when instructed to do so by a remote attacker.

http://www.sophos.com/virusinfo/analyses/w32rbotyd.html

Collapse -
Troj/Istbar-AT
by Marianna Schmudlach / March 16, 2005 12:04 AM PST
Collapse -
Troj/Agent-CL
by Marianna Schmudlach / March 16, 2005 12:06 AM PST

Aliases Trojan-Dropper.Win32.Small.nn

Type Trojan

Troj/Agent-CL is a Windows downloader Trojan.
When run Troj/Agent-CL drops the DLL file ntosv.dll to the Windows System folder.
Troj/Agent-CL then silently downloads executables or DLLs without notification from a fixed website and runs or loads them.

http://www.sophos.com/virusinfo/analyses/trojagentcl.html

Collapse -
Troj/Dloader-JL
by Marianna Schmudlach / March 16, 2005 12:08 AM PST

Aliases Trojan-Downloader.Win32.Small.anh

Type Trojan

Troj/Dloader-JL is a downloader Trojan for the Windows platform.
The Trojan attempts to download files from remote websites and run them while running in the background as a service process. The downloaded files are stored to the following locations:
C:\boot.bak
C:\4591.exe
C:\4592.exe
C:\4594.exe

http://www.sophos.com/virusinfo/analyses/trojdloaderjl.html

Collapse -
Troj/BagDl-Gen
by Marianna Schmudlach / March 16, 2005 12:11 AM PST

Type Trojan

Troj/BagDl-Gen is a family of multi-component Trojans.
Members of this family generally have a dropper component which drops and loads a DLL component. The DLL component attempts to download and execute files from a remote URL.

http://www.sophos.com/virusinfo/analyses/trojbagdlgen.html

Collapse -
W32/Elitper-Gen
by Marianna Schmudlach / March 16, 2005 12:13 AM PST

Type Worm

Sophos anti-virus products detect members of the W32/Elitper family of P2P and email worms as W32/Elitper-Gen.
Members of this family typically copy themselves to the following folders:
<Program Files>\Internet Explorer
<Program Files>\Windows media player
<Windows>

http://www.sophos.com/virusinfo/analyses/w32elitpergen.html

Collapse -
W32/Rbot-YB
by Marianna Schmudlach / March 16, 2005 5:00 AM PST

Aliases backdoor.win32.rbot.gen
w32/sdbot.worm.gen.i
worm_rbot.aub
worm_rbot.gen
trojan.mybot.gen-77

Type Worm

W32/Rbot-YB is a network worm with backdoor functionality for the Windows platform. It allows unauthorised remote access to the infected computer via IRC channels.
It may spread using a variety of techniques, such as exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities, and using backdoors opened by other worms or Trojans.

http://www.sophos.com/virusinfo/analyses/w32rbotyb.html

Collapse -
W32/Rbot-YG
by Marianna Schmudlach / March 16, 2005 5:02 AM PST

Aliases Backdoor.Win32.Rbot.lj
WORM_RBOT.ATY

Type Worm

W32/Rbot-YG is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-YG connects to an IRC channel and listens for commands from a remote attacker. The worm may also spread to remote network shares, or by DCC.
W32/Rbot-YG contains functionality to do any of the following:
- participate in denial of service attacks
- provide a remote command shell
- run a file server
- run services
- download updates
- steal software registration keys
- monitor network traffic

http://www.sophos.com/virusinfo/analyses/w32rbotyg.html

Collapse -
W32/Rbot-YH
by Marianna Schmudlach / March 16, 2005 5:03 AM PST

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.y

Type Worm

W32/Rbot-YH is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-YH is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command. The worm can also spread by exploiting a number of software vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32rbotyh.html

Collapse -
W32/Sdbot-VX
by Marianna Schmudlach / March 16, 2005 5:05 AM PST
Collapse -
W32/Sdbot-VY
by Marianna Schmudlach / March 16, 2005 5:07 AM PST

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.y

Type Worm

W32/Sdbot-VY is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-VY spreads to computers on the local network protected by weak passwords. W32/Sdbot-VY can also spread to computers infected by the W32/MyDoom family of worms.

http://www.sophos.com/virusinfo/analyses/w32sdbotvy.html

Collapse -
Troj/Nice-A
by Marianna Schmudlach / March 16, 2005 5:08 AM PST

Aliases Trojan-Spy.Win32.VB.cs
Generic PWS.e
TROJ_KEYLOGGER.A

Type Trojan

Troj/Nice-A is a configurable keylogger Trojan for the Windows platform that runs in the background and logs the key inputs.
Troj/Nice-A emails the stolen information to the predefined address.

http://www.sophos.com/virusinfo/analyses/trojnicea.html

Collapse -
W32/Rbot-YI
by Marianna Schmudlach / March 16, 2005 5:10 AM PST

Aliases W32/Spybot.FEW
Trojan.Mybot.gen-141

Type Worm

W32/Rbot-YI is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-YI connects to an IRC channel and listens for commands from a remote attacker. The worm may also spread to remote network shares, or by DCC.
W32/Rbot-YI contains functionality to do any of the following:
- terminate processes
- participate in denial of service attacks
- provide a remote command shell
- run a file server
- download further code
- steal software registration keys
- monitor network traffic
- steal Windows passwords and system information
- log keypresses
- delete network shares
In particular, W32/Rbot-YI will attempt to terminate certain processes.

http://www.sophos.com/virusinfo/analyses/w32rbotyi.html

Collapse -
W32/Rbot-YJ
by Marianna Schmudlach / March 16, 2005 5:12 AM PST

Aliases Backdoor.Win32.Rbot.kd
W32/Sdbot.DWT
W32/Gaobot.worm.gen.t

Type Worm

W32/Rbot-YJ is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-YJ connects to an IRC channel and listens for commands from a remote attacker. The worm may also spread to remote network shares, or by DCC.
W32/Rbot-YJ contains functionality to do any of the following:
- participate in denial of service attacks
- provide a remote command shell
- run a file server
- steal Windows passwords

http://www.sophos.com/virusinfo/analyses/w32rbotyj.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?