Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 12, 2005

W32/Agobot-SF
Summary

Type Worm

W32/Agobot-SF is a network worm with backdoor functionality for the Windows platform.
W32/Agobot-SF is capable of spreading to computers on the local network protected by weak passwords.
The backdoor component runs continuously in the background providing backdoor access to the computer through IRC channels.
W32/Agobot-SF also attempts to disable anti-virus and security applications.

http://www.sophos.com/virusinfo/analyses/w32agobotsf.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 12, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 12, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
WM97/Haptime-D

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
VBS/Haptime-E

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
W32/Eyeveg-F

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Worm.Win32.Eyeveg.f
W32/Eyeveg.worm.gen

Type Worm

W32/Eyeveg-F is a worm for the Windows platform with backdoor capabilities.
W32/Eyeveg-F will send itself to email addresses found on the infected computer as a ZIP file.
W32/Eyeveg-F will also attempt to contact a predefined URL in order to get commands. The tasks that the worm can be instructed to perform are:
Keylogging
Monitoring web traffic
Sending email
Stealing passwords from infected computer

http://www.sophos.com/virusinfo/analyses/w32eyevegf.html

Collapse -
W32/Sdbot-YF

In reply to: VIRUS ALERTS - May 12, 2005

Type Worm

W32/Sdbot-YF is a network worm and backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.
When executed W32/Sdbot-YF copies itself to the Windows system folder with the filename happy.exe and sets registry entries so that it is automatically executed every time the computer restarts.

http://www.sophos.com/virusinfo/analyses/w32sdbotyf.html

Collapse -
W32/Sdbot-YG

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Backdoor.Win32.SdBot.xd
WORM_RBOT.AXU

Type Worm

W32/Sdbot-YG is a network worm and backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.
When executed W32/Sdbot-YG copies itself to the Windows system folder with the filename winsvcmgr.exe and sets registry entries so that it is automatically executed every time the computer restarts.

http://www.sophos.com/virusinfo/analyses/w32sdbotyg.html

Collapse -
W32/Anav-A

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Worm.Win32.Heher.j
Win32/Anav.B

Type Worm

W32/Anav-A is a network worm which will attempt to copy itself to the startup folders of computers that have backdoors left behind by Trojans and worms which exploit the RPC-DCOM vulnerability.

http://www.sophos.com/virusinfo/analyses/w32anava.html

Collapse -
Troj/Dloader-NH

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Downloader-OV

Type Trojan

Troj/Dloader-NH is a Trojan downloader for the Windows platform.
When run Troj/Dloader-NH will download files from the internet and and save them to the Windows system folder. At the time of writing the urls were not available.


http://www.sophos.com/virusinfo/analyses/trojdloadernh.html

Collapse -
W32/Rbot-ACI

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Backdoor.Win32.Rbot.oo
WORM_SPYBOT.AIQ

Type Worm

W32/Rbot-ACI is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the following security exploits:
LSASS (MS04-011)
RPC-DCOM (MS03-039)
WKS (MS03-049) (CAN-2003-0812)
MSSQL (MS02-039) (CAN-2002-0649)
Once installed, W32/Rbot-ACI will attempt to perform the following actions when instructed to do so by a remote attacker:
terminate threads and processes
perform port scanning on IP addresses
steal computer system hardware information
copy itself to network shared folders
download files from the internet and run them
participate in denial of service (DoS) attacks
capture keystrokes
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ACI can be obtained from the Microsoft website:
MS04-011
MS03-039
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotaci.html

Collapse -
Troj/Dloader-NI

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/Banker-HB

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Trojan-Spy.Win32.Banker.ju

Type Trojan

Troj/Banker-HB is a password stealing Trojan for the Windows platform.
Troj/Banker-HB monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email.

http://www.sophos.com/virusinfo/analyses/trojbankerhb.html

Collapse -
W32/Kelvir-Gen

In reply to: VIRUS ALERTS - May 12, 2005

Type Worm

W32/Kelvir-Gen is a family of instant-messenging worms.
Members of W32/Kelvir-Gen spread by sending a message through Windows Messenger to the infected user's contacts. The message encourages the recipient to visit a web page to download a file that is often itself a member of W32/Kelvir-Gen.
Some members of W32/Kelvir-Gen also attempt to download and execute files from remote websites.

http://www.sophos.com/virusinfo/analyses/w32kelvirgen.html

Collapse -
Troj/Sqdrop-A

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/Sqdload-A

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Trojan-Downloader.Win32.Small.sc
Downloader-MA
TROJ_SMALL.SC

Type Trojan

Troj/Sqdload-A is a downloader Trojan for the Windows platform.
Troj/Sqdload-A will download and execute a file from a predefined URL to the Windows system folder as divxencoder.exe.


http://www.sophos.com/virusinfo/analyses/trojsqdloada.html

Collapse -
Dial/Derbiz-A

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/LowZone-AC

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/BeastPWS-A

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Dial/Senow-B

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/Bancos-CQ

In reply to: VIRUS ALERTS - May 12, 2005

Collapse -
Troj/LowZone-AB

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Trojan.Win32.LowZones.as
QLowZones-18

Type Trojan

Troj/LowZone-AB is a Trojan for the Windows platform that attempts to
reset the internet security levels of infected systems by modifying the
registry entries under the following registry key:
HKCU\Software\Microsoft\Windows\Current Version\Internet Settings\Zones\3


http://www.sophos.com/virusinfo/analyses/trojlowzoneab.html

Collapse -
W32/Rbot-ACJ

In reply to: VIRUS ALERTS - May 12, 2005

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-ACJ is a member of the W32/Rbot family of network worms. The worm can spread to via weakly protected network shares, NETBios, to weakly protected MSSQL servers, and to computers vulnerable to the RPC-DCOM, LSASS, and Workstation service exploits.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ACJ can be
obtained from the Microsoft website:
MS04-012
MS04-011
MS03-049
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Rbot-ACJ can be instructed to scan for remote computers to spread to; steal product keys; search for, upload, download, delete, and execute files; log any keystrokes made on an infected computer; and retrieve information about an infected system.

http://www.sophos.com/virusinfo/analyses/w32rbotacj.html

Collapse -
W32/Opanki-A

In reply to: VIRUS ALERTS - May 12, 2005

Aliases IM-Worm.Win32.Opanki.a
WORM_OPANKI.A
W32/Opanki.worm.gen

Type Worm

W32/Opanki-A is a worm for the Windows platform that attempts to spread via AOL Instant Messenger (AIM).
Upon execution W32/Opanki-A sends the following message with a link to a copy of the worm or another malware to all infected user's AIM contacts :
'Hey check out this'

http://www.sophos.com/virusinfo/analyses/w32opankia.html

Collapse -
W32/Opanki-C

In reply to: VIRUS ALERTS - May 12, 2005

Aliases IM-Worm.Win32.Opanki.a
WORM_OPANKI.C
W32/Opanki.worm.gen

Type Worm

W32/Opanki-C is a worm for the Windows platform that attempts to spread via AOL Instant Messenger (AIM).
Upon execution W32/Opanki-C sends the following message with the link to a copy of the worm or another malware to all infected user's AIM contacts :
"Omg check this out!"

http://www.sophos.com/virusinfo/analyses/w32opankic.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.