Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 6, 2007

by Marianna Schmudlach / March 5, 2007 2:12 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 6, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 6, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
TROJ_DADOBRA.SM
by Marianna Schmudlach / March 5, 2007 2:13 PM PST
Collapse -
VBS.Solow.E
by Marianna Schmudlach / March 5, 2007 2:15 PM PST
Collapse -
Win32/Meyfew!generic
by Marianna Schmudlach / March 5, 2007 2:17 PM PST

Type: Trojan
Category: Win32
Also known as Downloader-AAP (McAfee), Troj/Dloadr-ATK (Sophos), TrojanDownloader:Win32/Small!521C (MS OneCare), Trojan-Downloader.Win32.Tiny.eu (Kaspersky)

Win32/Meyfew!generic is a trojan that downloads and executes other malware onto compromised machines.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61583

Collapse -
Win32/Armrems.C
by Marianna Schmudlach / March 5, 2007 2:19 PM PST

Type: Trojan
Category: Win32
Also known as Troj/Dloadr-AQA (Sophos), W32/Downloader.ANVR (F-Secure), Trojan-Downloader.Win32.Delf.azy (Kaspersky)

This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.
This malware is being dissected by the CA Security Advisor Team - a detailed analysis will be available shortly.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61705

Collapse -
Win32/Amahkey.F
by Marianna Schmudlach / March 5, 2007 2:21 PM PST

Type: Trojan
Category: Win32
Also known as W32/Sdbot.worm.gen.ce (McAfee), Backdoor.Win32.IRCBot.zx (Kaspersky)

This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.
This malware is being dissected by the CA Security Advisor Team - a detailed analysis will be available shortly.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61707

Collapse -
Win32/Nirbot.S
by Marianna Schmudlach / March 5, 2007 2:22 PM PST

Type: Worm
Category: Win32
Also known as W32/Delbot-L (Sophos), W32.Rinbot.H (Symantec), W32/Sdbot.worm.gen.h (McAfee), Backdoor.Win32.VanBot.be (Kaspersky)

This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.
This malware is being dissected by the CA Security Advisor Team - a detailed analysis will be available shortly.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61703

Collapse -
Win32/Jowspry!generic
by Marianna Schmudlach / March 5, 2007 2:25 PM PST
Collapse -
Troj/Kelvir-CJ
by Marianna Schmudlach / March 5, 2007 2:51 PM PST

Alert ID : FrSIRT/ALRT-2007-01581
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-06


Description

Troj/Kelvir-CJ is a Trojan for the Windows platform. The Trojan monitors the status of Windows Messenger contacts and sends predefined messages to online contacts.

References

http://www.sophos.com/virusinfo/analyses/trojkelvircj.html

Credits

Reported by Sophos

Collapse -
Troj/Banloa-BCR
by Marianna Schmudlach / March 5, 2007 2:52 PM PST
Collapse -
Troj/Agent-EDA
by Marianna Schmudlach / March 5, 2007 2:53 PM PST
Collapse -
Troj/Nofere-C
by Marianna Schmudlach / March 5, 2007 2:54 PM PST

Alert ID : FrSIRT/ALRT-2007-01578
Aliases : Backdoor.Win32.Agent.air - TROJ_DLOADER.MAR
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-06


Description

Troj/Nofere-C is a Trojan for the Windows platform.

References

http://www.sophos.com/virusinfo/analyses/trojnoferec.html

Credits

Reported by Sophos

Collapse -
Troj/Bckdr-QEP
by Marianna Schmudlach / March 5, 2007 2:55 PM PST
Collapse -
Troj/Delf-EQA
by Marianna Schmudlach / March 5, 2007 2:56 PM PST
Collapse -
Troj/Banloa-BG
by Marianna Schmudlach / March 5, 2007 2:57 PM PST

Alert ID : FrSIRT/ALRT-2007-01575
Aliases : Win32.Banload.bsrW32/Downloader.AXFM
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-06


Description

Troj/Banloa-BG is a banking Trojan downloader for the Windows platform.

References

http://www.sophos.com/virusinfo/analyses/trojbanloabg.html

Credits

Reported by Sophos

Collapse -
Troj/Dloadr-AUT
by Marianna Schmudlach / March 5, 2007 2:58 PM PST

Alert ID : FrSIRT/ALRT-2007-01574
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-06


Description

Troj/Dloadr-AUT is a downloader Trojan for the Windows platform. When run, the Trojan may create and run the following files: C:\WINDOWS\system32\mrxshzk.exe(Detected as Troj/Bancos-BBG) C:\WINDOWS\system32\mrxshzm.exe(Detected as Troj/Kelvir-CJ).

References

http://www.sophos.com/virusinfo/analyses/trojdloadraut.html

Credits

Reported by Sophos

Collapse -
Troj/Banloa-BH
by Marianna Schmudlach / March 5, 2007 2:59 PM PST
Collapse -
Troj/Bancos-BBG
by Marianna Schmudlach / March 5, 2007 3:00 PM PST

Alert ID : FrSIRT/ALRT-2007-01572
Aliases : Trojan-Spy.Win32.Bancos.yt
Size : N/A
Rated as : Low Risk
Release Date : 2007-03-06


Description

Troj/Bancos-BBG is an Internet banking Trojan for the Windows platform. The Trojan has the functionality to steal information and communicate with a remote server.

References

http://www.sophos.com/virusinfo/analyses/trojbancosbbg.html

Credits

Reported by Sophos

Collapse -
Troj/Zlob-AAL
by Marianna Schmudlach / March 5, 2007 11:45 PM PST
Collapse -
Troj/Dropper-NT
by Marianna Schmudlach / March 5, 2007 11:46 PM PST
Collapse -
W32/Sdbot-DAQ
by Marianna Schmudlach / March 5, 2007 11:48 PM PST

Type Worm

Aliases Backdoor.Win32.SdBot.qt

W32/Sdbot-DAQ is a worm for the Windows platform.

W32/Sdbot-DAQ contains IRC backdoor functionality.

W32/Sdbot-DAQ spreads
- to computers vulnerable to common exploits, including: SRVSVC (MS06-040), RPC-DCOM (MS04-012), WKS (MS03-049) and ASN.1 (MS04-007)
- to network shares

http://www.sophos.com/security/analyses/w32sdbotdaq.html

Collapse -
W32/Sdbot-DAL
by Marianna Schmudlach / March 5, 2007 11:50 PM PST

Type Worm

Aliases Backdoor.Win32.SdBot.qt

W32/Sdbot-DAL is a worm for the Windows platform.

W32/Sdbot-DAL contains IRC backdoor functionality.

W32/Sdbot-DAL spreads
- to computers vulnerable to common exploits, including: SRVSVC (MS06-040), RPC-DCOM (MS04-012), WKS (MS03-049) and ASN.1 (MS04-007)
- to network shares

http://www.sophos.com/security/analyses/w32sdbotdal.html

Collapse -
Troj/Virtum-V
by Marianna Schmudlach / March 5, 2007 11:51 PM PST
Collapse -
Troj/Banloa-BCT
by Marianna Schmudlach / March 5, 2007 11:52 PM PST
Collapse -
Trojan.Syginre
by Marianna Schmudlach / March 6, 2007 12:36 AM PST
Collapse -
PE_EXPIRO.A
by Marianna Schmudlach / March 6, 2007 12:38 AM PST

Malware type: File infector

This memory-resident file infector infects all .EXE files in the Windows system folder, as well as in shared folders of the affected system.

It appends its virus code by adding four sections at the last section of its target files and then modifies the header of the infected file to point to its virus code.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE%5FEXPIRO%2EA

Collapse -
W32.Rinbot.T
by Marianna Schmudlach / March 6, 2007 12:41 AM PST
Collapse -
Troj/Delf-EQE
by Marianna Schmudlach / March 6, 2007 1:38 AM PST
Collapse -
W32/Sdbot-DAR
by Marianna Schmudlach / March 6, 2007 1:39 AM PST

Type Worm

W32/Sdbot-DAR is a worm for the Windows platform.

W32/Sdbot-DAR runs continuously in the background, providing an IRC backdoor that listens for commands from a remote user.

W32/Sdbot-DAR contains a rootkit component detected as Troj/Rootkit-W.

http://www.sophos.com/security/analyses/w32sdbotdar.html

Collapse -
Troj/Virtum-AH
by Marianna Schmudlach / March 6, 2007 1:40 AM PST
Collapse -
W32/Delbot-R
by Marianna Schmudlach / March 6, 2007 1:42 AM PST

Type Worm

Aliases W32/Sdbot.worm.gen.h

W32/Delbot-R is a worm with IRC backdoor functionality for the Windows platform.

W32/Delbot-R runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Delbot-R spreads to other network computers by scanning network shares for weak passwords and by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).

W32/Delbot-R includes functionality to download, install and run new software.

http://www.sophos.com/security/analyses/w32delbotr.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.