Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 13, 2005

Troj/Banker-HC
Summary

Aliases Trojan-Spy.Win32.Banker.ju

Type Trojan

Troj/Banker-HC is a password stealing Trojan for the Windows platform.
Troj/Banker-HC monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email.


http://www.sophos.com/virusinfo/analyses/trojbankerhc.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 13, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 13, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Dloader-NK

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Trojan-Downloader.Win32.Delf.ei

Type Trojan

Troj/Dloader-NK is a downloader Trojan for the Windows platform that may download and execute files that are detected by Sophos's anti-virus products as Troj/Banker-CQ, Troj/Bancban-CN and Troj/Banker-CR.

http://www.sophos.com/virusinfo/analyses/trojdloadernk.html

Collapse -
Troj/Bancban-CN

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Trojan-Spy.Win32.Banker.ig

Type Trojan

Troj/Bancban-CN is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-CN attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbancn.html

Collapse -
Troj/Banker-CQ

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Trojan-Spy.Win32.Banker.dq

Type Trojan

Troj/Banker-CQ is a password stealing Trojan aimed at customers of a Brazilian
banks, in particulary, "Banco do Brasil."
Troj/Banker-CQ will monitor a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.
Troj/Banker-CQ will then send the stolen details to a Brazilian email address.
Troj/Banker-CQ will attempt to disable some anti-virus products.

http://www.sophos.com/virusinfo/analyses/trojbankercq.html

Collapse -
Troj/Banker-CR

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Trojan-Spy.Win32.Banker.dr

Type Trojan

Troj/Banker-CR is a password stealing Trojan aimed at customers of the
Brazilian banks, in particular, "Bradesco Internet Banking."
Troj/Banker-CR will monitor a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.
Troj/Banker-CR will then send the stolen details to a Brazilian email address.
Troj/Banker-CR will attempt to disable some anti-virus products.

http://www.sophos.com/virusinfo/analyses/trojbankercr.html

Collapse -
Troj/MBRWipe-B

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
W32/Rbot-ACM

In reply to: VIRUS ALERTS - May 13, 2005

Type Worm

W32/Rbot-ACM is a member of the W32/Rbot family of network worms. The worm can spread to weakly protected network shares, via NETBios, and to computers vulnerable to the RPC-DCOM, LSASS, and the Workstation service exploits.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ACM can be obtained from the Microsoft website:
MS04-012
MS04-011
MS03-049
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Rbot-ACM can be instructed to scan for remote computers to spread to; steal product keys; search for, upload, download, delete, and execute files; log any keystrokes made on an infected computer; and participate in a distributed denial-of-service (DDoS) attack.

http://www.sophos.com/virusinfo/analyses/w32rbotacm.html

Collapse -
Troj/TntKit-A

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Constructor.Win32.Delf.g

Type Trojan

TntKit-A is a Trojan generator kit. It is used to generate a batch script that, when run on a computer, will set up a and install a Telnet server to run as a service, thus allowing a remote intruder to gain access to that computer.


http://www.sophos.com/virusinfo/analyses/trojtntkita.html

Collapse -
W32/Anzae-A

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Favadd-C

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Dloader-EF

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Startpa-DV

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Dloader-SN

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Downloader-SN

Type Trojan

Troj/Dloader-SN is a downloader Trojan that will repeatedly attempt to download files from a number of different websites. The Trojan may copy itself to "C:\Arquivos de programas" as svchost32.EXE.
The websites the Trojan attempts to download from are:
paginas.aol.com.br
takumasan.hpgvip.com.br
www.gentoo.hpg.com.br
hdvirtual.zil.com.br

http://www.sophos.com/virusinfo/analyses/trojdloadersn.html

Collapse -
Troj/Delf-IU

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
W32/Forbot-CS

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Backdoor.Win32.Wootbot.gen

Type Worm

W32/Forbot-CS is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels.
Once installed, W32/Forbot-CS will attempt to set up an HTTP proxy server, delete connections to network shares, partake in distributed denial-of-service (DDoS) attacks and steal CD keys when instructed to do so by a remote attacker.
W32/Forbot-CS can spread to unpatched machines affected by the LSASS vulnerability (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32forbotcs.html

Collapse -
Troj/Haxdoor-N

In reply to: VIRUS ALERTS - May 13, 2005

Aliases Backdoor.Win32.Haxdoor.at

Type Trojan

Troj/Haxdoor-N is a backdoor Trojan that provides remote attackers with access to the infected computer.
Once installed, Troj/Haxdoor-N will attempt to open an HTTP server, adjust process privileges and steal computer information such as Internet Account Manager and Internet mail settings.

http://www.sophos.com/virusinfo/analyses/trojhaxdoorn.html

Collapse -
W32/Bagz-B

In reply to: VIRUS ALERTS - May 13, 2005

Aliases I-Worm.Bagz.b
W32/Bagz.b@MM

Type Worm

W32/Bagz-B is mass mailing network worm. It also contains a backdoor which allows an intruder to instruct it to download and install further components.
W32/Bagz-B may also try to disable the Windows default firewall on startup.
W32/Bagz-B will attempt to harvest email addresses from the "Document and setting" folder on the local machine with names such as *.txt, *.htm, *.htm, *,dbx, *.tbi, *.tbb.


http://www.sophos.com/virusinfo/analyses/w32bagzb.html

Collapse -
Troj/Adclick-X

In reply to: VIRUS ALERTS - May 13, 2005

Type Trojan

Troj/Adclick-X is adware/spyware software which overwrites the HOSTS file in order to deny access to selected sites.
Troj/Adclick-X is typically installed/bundled alongside the installation for other third party software (typically shareware or freeware downloaded from the internet).

http://www.sophos.com/virusinfo/analyses/trojadclickx.html

Collapse -
Troj/LdPinch-W

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Servu-AM

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Agent-V

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/Bancban-T

In reply to: VIRUS ALERTS - May 13, 2005

Type Trojan

Troj/Bancban-T is a password stealing Trojan aimed primarily at customers of Brazilian banks.
The Trojan also has the ability to steal account information from the computer's hard-drive including Outlook Express account details and passwords entered into Internet Explorer.

http://www.sophos.com/virusinfo/analyses/trojbancbant.html

Collapse -
W32/Helex-A

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
Troj/DelShare-I

In reply to: VIRUS ALERTS - May 13, 2005

Type Trojan

Troj/DelShare-I is a batch file which makes changes to the system registry.
In particular, the Trojan ensures that network shares are deleted each time the machine boots up. The Trojan also makes changes to default system security settings.
It is likely that Troj/DelShare-I is dropped by other malware and used in conjunction with a backdoor Trojan.

http://www.sophos.com/virusinfo/analyses/trojdelsharei.html

Collapse -
Troj/Tofger-AE

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
VBS/Inor-Z

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
W32/Bagz-D

In reply to: VIRUS ALERTS - May 13, 2005

Aliases I-Worm.Bagz.d

Type Worm

W32/Bagz-D is mass mailing network worm that also contains a backdoor which allows an intruder to download and install further components.
W32/Bagz-D will attempt to harvest email addresses from TXT, HTM, DBX, TBI and TBB files, which it will use for both the to and from addresses of emails that it sends.
The worm will also attempt to terminate anti-virus software.

http://www.sophos.com/virusinfo/analyses/w32bagzd.html

Collapse -
W32/Bagz-C

In reply to: VIRUS ALERTS - May 13, 2005

Aliases I-Worm.Bagz.c
W32/Bagz.d@MM

Type Worm

W32/Bagz-C is mass mailing network worm with a backdoor that will allow an intruder to download and install further components.
W32/Bagz-C may try to disable the default Windows firewall on startup.
W32/Bagz-C may attempt to disable anti-virus and security related processes. The worm will also attempt to deny access to anti-virus and security websites.

http://www.sophos.com/virusinfo/analyses/w32bagzc.html

Collapse -
W32/Rbot-NW

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
W32/Rbot-NQ

In reply to: VIRUS ALERTS - May 13, 2005

Collapse -
W32/Rbot-NP

In reply to: VIRUS ALERTS - May 13, 2005

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!