Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 28, 2005

by Marianna Schmudlach / March 28, 2005 1:20 AM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 28, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 28, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/HideDial-E
by Marianna Schmudlach / March 28, 2005 1:22 AM PST

Aliases Trojan-Downloader.Win32.Tibser.c
Trojan.Downloader.Tibser-3
Generic

Type Trojan

Troj/HideDial-E is a dialler-related Trojan.
Troj/HideDial-E drops and runs a dialler (detected by Sophos as Dial/Tibsys-A) which attempts to connect to a premium-rate phone number for pornographic material. The Trojan runs in the background and attempts to conceal the dialler application by hiding windows that the dialler would usually display.

http://www.sophos.com/virusinfo/analyses/trojhidediale.html

Collapse -
Troj/Pisaboy-A
by Marianna Schmudlach / March 28, 2005 1:22 AM PST

Aliases Trojan-Dropper.Win32.WinAD.e

Type Trojan

Troj/Pisaboy-A is a backdoor Trojan targeted at users of MSN Messenger.
Troj/Pisaboy-A also installs advertising software without the user's consent.
The backdoor functionality of the Trojan allows a remote user to perform a number of operations related to Messenger, such as spying on messages sent and received or sending messages in the infected user's name. The Trojan may also connect to arbitrary websites or restart the machine.
The Trojan may display the following message:
"People in your MSNlist have been messing around with you... Also wanna be a MSNhacker?"

http://www.sophos.com/virusinfo/analyses/trojpisaboya.html

Collapse -
Troj/Exemas-A
by Marianna Schmudlach / March 28, 2005 1:24 AM PST

Aliases Trojan-Downloader.Win32.Exemas.10

Type Trojan

Troj/Exemas-A is a multi-component downloader Trojan which attempts to download and execute files from remote websites.
Troj/Exemas-A attempts to disable the Windows Service Pack 2 firewall.

http://www.sophos.com/virusinfo/analyses/trojexemasa.html

Collapse -
Troj/Skulls-F
by Marianna Schmudlach / March 28, 2005 1:26 AM PST

Aliases Trojan.SymbOS.Skuller.f
SymbOS/Skulls.g
SymbOS_SKULLS.F

Type Trojan

Troj/Skulls-F is a Trojan for mobile devices compatible with Nokia Series 60 running the Symbian operating system.
The Trojan may have been planted by the Trojan writer on a website containing free and illegal copies of applications for Symbian as a Symbian SIS installation file simworks.sis.
The Trojan drops a variant of the Cabir worm detected by Sophos as Symb/Cabir-C. Troj/Skulls-F also installs the Troj/Mosqit-A Symbian Trojan.
Troj/Skulls-F installs an animated GIF of a skull that is displayed once the device is rebooted. The image flashes and contains the text "WARNING!!! Device Have Been Attact By Virus A,Tee ,yuan ,Blue".

http://www.sophos.com/virusinfo/analyses/trojskullsf.html

Collapse -
Troj/Locknut-B
by Marianna Schmudlach / March 28, 2005 1:27 AM PST

Type Trojan

Troj/Locknut-B is a Trojan for mobile devices compatible with the Nokia Series 60 specification running a Symbian operating system.
The Trojan may be packaged as a Symbian installation system file MMFPatch.sis.
Certain samples of the Trojan may be packaged together with the Symb/Cabir-A worm.
When installing the file on the device the operating system first displays several security warnings. The installation file may be crafted so that the text "MMFPatch" is displayed during the installation.

http://www.sophos.com/virusinfo/analyses/trojlocknutb.html

Collapse -
XM97/Yini-A
by Marianna Schmudlach / March 28, 2005 1:29 AM PST
Collapse -
Troj/Agent-CS
by Marianna Schmudlach / March 28, 2005 1:31 AM PST
Collapse -
W32/Sdbot-WK
by Marianna Schmudlach / March 28, 2005 6:12 AM PST

Type Worm

W32/Sdbot-WK is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-WK is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Sdbot-WK will also attempt to spread by exploiting the following vulnerabilities:
RPC DCOM (MS03-026, MS03-039, MS04-012)
LSASS (MS04-011)
WorKStation service (MS03-049)
Microsoft SQL Server 2000 (pre service pack 3) (CAN-2002-0649)
Microsoft SQL servers with weak passwords
W32/Sdbot-WK will disable DCOM, close restrictions on IPC$ shares and attempt to disable the Windows Internet Connection Firewall and Automatic Updates.

http://www.sophos.com/virusinfo/analyses/w32sdbotwk.html

Collapse -
Troj/Agent-CR
by Marianna Schmudlach / March 28, 2005 6:14 AM PST

Type Trojan

When run Troj/Agent-CR will change your startpage to point at a website called spyeraser which provides internet search capabilities.
While Troj/Agent-CR is running occasionally a new Internet Explorer window will appear with the spyeraser website.
While web browsing Troj/Agent-CR will change the content on some pages. For example Troj/Agent-CR will add hyperlinks to certain words pointing at an internet search site.

http://www.sophos.com/virusinfo/analyses/trojagentcr.html

Collapse -
Troj/Spybot-DM
by Marianna Schmudlach / March 28, 2005 6:16 AM PST
Collapse -
Troj/Bdoor-FX
by Marianna Schmudlach / March 28, 2005 6:18 AM PST

Aliases Trojan-DDoS.Win32.Small.h

Type Trojan

Troj/Bdoor-FX is a backdoor Trojan for the Windows platform.
Troj/Bdoor-FX will copy itself to the Windows system folder with the name NETMONW.EXE. The Trojan will then contact a predefined URL every 30 seconds and download a file containing commands. Depending on the commands that are found Troj/Bdoor-FX may perform one or more of the following:
DDoS on specified URL
Terminate itself
Run specified commands on infected system
Display a message on the infected system

http://www.sophos.com/virusinfo/analyses/trojbdoorfx.html

Collapse -
Troj/Dluca-DN
by Marianna Schmudlach / March 28, 2005 6:19 AM PST

Aliases TROJ_DYFUCA.DN
Trojan-Downloader.Win32.Dyfuca.dn

Type Trojan

Troj/Dluca-DN is a Trojan for the Windows platform.
The Trojan monitors Internet Explorer traffic and may log, modify, create or filter data. The Trojan may also download files from a remote site and then run them.

http://www.sophos.com/virusinfo/analyses/trojdlucadn.html

Collapse -
Troj/Certif-D
by Marianna Schmudlach / March 28, 2005 6:21 AM PST

Aliases Trojan-Spy.Win32.Agent.ch
Downloader-ST

Type Trojan

Troj/Certif-D is a password stealing Trojan.
When run Troj/Certif-D searches for the files called w32upd.exe and certifexp4.exe in the Windows system folder and the corresponding registry entry and deletes them if they exist.
In order to run automatically when Windows starts up the Trojan copies itself to the file microsoftmsn32.exe in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/trojcertifd.html

Collapse -
Troj/Dloader-KC
by Marianna Schmudlach / March 28, 2005 6:23 AM PST
Collapse -
Troj/Banker-MO
by Marianna Schmudlach / March 28, 2005 6:25 AM PST

Aliases Trojan-Spy.Win32.Banker.mo

Type Trojan

Troj/Banker-MO is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Banker-MO attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbankermo.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?