Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 2, 2006

by roddy32 / March 2, 2006 3:37 AM PST

W32/Rbot-CKP

Type
Worm

W32/Rbot-CKP is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-CKP spreads to remote network shares protected by weak passwords and to computers vulnerable to common exploits, including RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotckp.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 2, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 2, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Lineage-JN
by roddy32 / March 2, 2006 3:39 AM PST
Collapse -
Troj/AdClick-CA
by roddy32 / March 2, 2006 3:40 AM PST
Collapse -
Troj/Peepvie-U
by roddy32 / March 2, 2006 3:42 AM PST

Type
Trojan

Troj/Peepvie-U is a backdoor Trojan for the Windows platform.

Troj/Peepvie-U includes functionalities to:

- access the internet and communicate with a remote server via HTTP
- silently download, install and run new software
- allow authorized access to the infected computer

http://www.sophos.com/virusinfo/analyses/trojpeepvieu.html

Collapse -
Troj/Small-CKK
by roddy32 / March 2, 2006 3:44 AM PST
Collapse -
W32/Rbot-DZW
by roddy32 / March 2, 2006 3:46 AM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Rbot.gen
WORM_RBOT.DZW

W32/Rbot-DZW is a network worm with backdoor functionality for the Windows platform.

W32/Rbot-DZW spreads using a variety of techniques including exploiting weak passwords on network shares and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-DZW can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-DZW can be instructed by a remote user to perform the following functions:

start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotdzw.html

Collapse -
Troj/SysBDr-G
by Marianna Schmudlach / March 2, 2006 7:32 AM PST
Collapse -
Troj/Dloadr-MG
by Marianna Schmudlach / March 2, 2006 7:35 AM PST
Collapse -
Troj/BrontDl-A
by Marianna Schmudlach / March 2, 2006 7:36 AM PST
Collapse -
Troj/Banload-SV
by Marianna Schmudlach / March 2, 2006 7:37 AM PST
Collapse -
W32/Rbot-CLB
by Marianna Schmudlach / March 2, 2006 7:38 AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.arr
WORM_RBOT.DZS

W32/Rbot-CLB is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-CLB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotclb.html

Collapse -
W32/Tilebot-DO
by Marianna Schmudlach / March 2, 2006 7:39 AM PST

Type Worm

W32/Tilebot-DO is a worm and IRC backdoor Trojan for the Windows platform.

W32/Tilebot-DO spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-DO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Tilebot-DO includes functionality to download, install and run new software.

http://www.sophos.com/virusinfo/analyses/w32tilebotdo.html

Collapse -
W32/Bagle-DO
by Marianna Schmudlach / March 2, 2006 10:46 AM PST

Type Worm

W32/Bagle-DO is a mass-mailing and peer-to-peer worm for the Windows platform.

W32/Bagle-DO includes functionality to access the internet and communicate with a remote server via HTTP.

Emails sent by W32/Bagle-DO have the following characteristics:

Subject lines chosen from:

Pay your debts before we come to you
Call to your lawer immidiately
Lawsuit against you
We wait your response.

Message text chosen from:

'LAWSUIT AGAINST YOU (ATTACHMENT HAS MORE INFORMATION)
1550 Peachtree Street
Atlanta, GA 30309

To Whom It May Concern:

Enclosed is a copy of the lawsuit that I filed against you in (my county) court on March 22, 2001. Currently the Pretrail Conference is scheduled for April 10th, 2001 at 9:30 A.M. in courtroom #33. The case number is (insert case #).

The reason the lawsuit was filed was due to a completely inadequate response from your company. When someone is the victim of identity theft, it is simply a nightmare trying to get false information removed from a credit file. I have contacted all of the false creditors listed on my credit file. I have challenged all of the false listings on my credit file. Nothing ever happens to fix the situation.

Over 90 days ago I wrote each the creditors in question and demanded proof that I am their customer. I asked for proof of the alleged debt, including specifically the alleged contract or other instrument bearing my signature. So far none of them has been able to provide such proof to me. I have sent follow-up letters to each of them and there is still no proof. I have attempted phone contact, but I simply get transferred around and nothing ever gets accomplished.

I have fully investigated my rights in this matter. Under the doctrine of estoppel by silence, Engelhardt vGravens (Mo) 281 SW 715, 719, I may presume that no proof of the alleged debt, nor therefore any such debt, in fact exists. I have copies of the certified letters and dates prepared to bring to court on April 10th. Also, under the Fair Credit Reporting Act, these disputed items may not appear on my credit report if they cannot be supported by any evidence.

Under the Fair Credit Reporting Act, if they cannot verify the debt within 30 days, then it must be removed. Your letters to me claim to have ?verified? the debt, but this is in fact not true under law. Simply contacting the alleged creditor and asking them to match up numbers in their database is no sufficient verification for identity theft. Of course the information matches up. Someone clearly used my information without my authorization.

Now I am suing Equifax for being such a pain in the posterior to me. I have provided more than sufficient evidence to get these false accounts removed.

You may contact me before April 10th at (my phone number) or at my address listed at the top of this letter. This matter can be settled simply by your agreement to remove the false information from my credit file.

I require a response, on point, in writing, hand signed, and in a timely manner. If I get another pointless letter from you saying that it has already been ?verified? then there will be no more opportunity for negotiation. This will proceed in court until I have successfully proven to a judge that this false information must be removed from my credit file. I will also be aggressively pursuing the full judgment that I can get against Equifax for violation of the Fair Credit Reporting Act and Defamation.'

'LAWSUIT AGAINST YOU (CLICK TO ATTACHED DOCUMENT FOR MORE INFORMATION)
To Whom It May Concern:

On 02, 2006, you sent a facsimile (the Fax) to my facsimile machine that is connected to my telephone number 678-5713-1571. A copy of your Fax is ENCLOSED IN ATTACHMEN. The Fax is an advertisement for the commercial availability or quality of property, goods, or services. You sent your Fax to me without my prior express invitation or permission. You and I have never had an established business relationship.

A federal law enacted in 1991 called the Telephone Consumer Protection Act (the Act) provides that -It shall be unlawful for any person within the United States . . . to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine. 47 U.S.C.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?