Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 25, 2005

by Marianna Schmudlach / May 25, 2005 5:40 AM PDT

Troj/Bancban-CW
Summary

Aliases Trojan-Spy.Win32.Banker.ra


Type Trojan

Troj/Bancban-CW is a Trojan for the Windows platform.
Troj/Bancban-CW steals confidential information relating to certain online banking applications by displaying fake login screens and sends stolen information to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbancw.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 25, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 25, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Bancban-CX
by Marianna Schmudlach / May 25, 2005 5:42 AM PDT
Collapse -
Troj/Bancban-CY
by Marianna Schmudlach / May 25, 2005 5:44 AM PDT

Aliases Trojan-Spy.Win32.Banker.ju

Type Trojan

Troj/Bancban-CY is a Trojan for the Windows platform.
Troj/Bancban-CY steals confidential information relating to certain online banking applications by displaying fake login screens and sends stolen information to a remote user.
Troj/Bancban-CY sends an email notification to a remote user when the computer is first infected.

http://www.sophos.com/virusinfo/analyses/trojbancbancy.html

Collapse -
Troj/Bancban-CZ
by Marianna Schmudlach / May 25, 2005 5:46 AM PDT
Collapse -
Troj/Bancban-DA
by Marianna Schmudlach / May 25, 2005 5:47 AM PDT

Aliases Trojan-Spy.Win32.Banker.ju
PWSteal.Banpaes

Type Trojan

Troj/Bancban-DA is a password-stealing Trojan that targets customers of certain Brazilian banks.
The Trojan attempts to log keypresses entered into certain websites. The Trojan displays fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbanda.html

Collapse -
Troj/Puper-C
by Marianna Schmudlach / May 25, 2005 5:49 AM PDT

Aliases Trojan.Popuper.B

Type Trojan

Troj/Puper-C is a Trojan for Windows based systems.
The Trojan drops a file named intmonp.exe (also detected as Troj/Puper-C) into the Windows system folder, and runs it.
intmonp.exe monitors the main process, and restarts it if it is terminated. The main process restarts the monitoring process if it is terminated, and recreates it if it is deleted.

http://www.sophos.com/virusinfo/analyses/trojpuperc.html

Collapse -
Troj/Puper-D
by Marianna Schmudlach / May 25, 2005 5:50 AM PDT

Aliases trojan-clicker.win32.agent.dj
trojan.win32.zapchast
w32/adclicker.dn
puper.dll
trojan.popuper

Type Trojan

Troj/Puper-D is a browser hacking Trojan for the Windows platform, modifying settings for Microsoft Internet Explorer, including Start Page and search settings.
When Troj/Puper-D is installed the following files are created:
<System>\hhk.dll
<System>\intmon.exe
<System>\hpXX.tmp - where XX denotes randomly generated characters.

http://www.sophos.com/virusinfo/analyses/trojpuperd.html

Collapse -
Troj/Mdrop-AT
by Marianna Schmudlach / May 25, 2005 5:52 AM PDT

Type Trojan

Troj/Mdrop-AT is a dropper Trojan for the Windows platform.
Troj/Mdrop-AT will drop the following files:
/windows/system32/dao360.dll
/windows/system32/mscomm.ocx
/windows/system32/msinet2.ocx
/windows/system32/mswinsck.ocx
/windows/system32/sys2003.sys
These files are non-malicious and may be deleted.

http://www.sophos.com/virusinfo/analyses/trojmdropat.html

Collapse -
Troj/Dropper-AL
by Marianna Schmudlach / May 25, 2005 5:54 AM PDT

Aliases Trojan-Dropper.Win32.Agent.mc
PWS-Banker.dr.i

Type Trojan

Troj/Dropper-AL is a dropper Trojan for the Windows platform.
Troj/Dropper-AL will drop and execute a file in the Windows folder with a randomly generated name. The name of the file dropped will be 3 or 4 characters followed by srv.exe.

http://www.sophos.com/virusinfo/analyses/trojdropperal.html

Collapse -
Troj/Bancban-CQ
by Marianna Schmudlach / May 25, 2005 5:55 AM PDT
Collapse -
W32/Combra-C
by Marianna Schmudlach / May 25, 2005 5:57 AM PDT
Collapse -
Troj/StartPa-YR
by Marianna Schmudlach / May 25, 2005 5:58 AM PDT
Collapse -
W32/Rbot-ADZ
by Marianna Schmudlach / May 25, 2005 6:00 AM PDT

Type Worm

W32/Rbot-ADZ is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-ADZ spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-ADZ can be controlled by a remote attacker over IRC channels.
Patches for the operating system vulnerabilities exploited by W32/Rbot-ADZ can be obtained from Microsoft at:
RPC-DCOM (MS04-012) security vulnerability
LSASS (MS04-011) security vulnerability
WebDAV (MS03-007) security vulnerability
UPNP (MS01-059) security vulnerability

http://www.sophos.com/virusinfo/analyses/w32rbotadz.html

Collapse -
W32/Wurmark-L
by Marianna Schmudlach / May 25, 2005 6:02 AM PDT

Aliases Email-Worm.Win32.Wurmark.l
W32/Mugly.m@MM
W32.Picrate.C@mm

Type Worm

W32/Wurmark-L is a mass-mailing worm.
W32/Wurmark-L emails itself as a ZIP file.
The worm is multi-lingual in that the email messages may be generated in one of six different languages.

http://www.sophos.com/virusinfo/analyses/w32wurmarkl.html

Collapse -
W32/Mytob-AJ
by Marianna Schmudlach / May 25, 2005 6:03 AM PDT

Type Worm

W32/Mytob-AJ is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
W32/Mytob-AJ is capable of spreading through various operating system vulnerabilities such as LSASS (MS04-011).
The worm also prevents access to anti-virus and security-related websites.
W32/Mytob-AJ harvests email addresses from files found on the infected computer and from the Windows address book.
The following patches for the operating system vulnerabilities exploited by W32/Mytob-AJ can be obtained from the Microsoft website:
MS04-011

http://www.sophos.com/virusinfo/analyses/w32mytobaj.html

Collapse -
Troj/SDBot-06
by Marianna Schmudlach / May 25, 2005 6:04 AM PDT

Type Trojan

Troj/SDBot-06 is a backdoor Trojan which allows a remote user to access and control the computer via IRC channels.
When run, the Trojan will display a false error message box in an attempt to trick the user that the file is damaged.
Troj/SDBot-06 tries to connect to an IRC server and join a specific channel. The Trojan then runs in the background as a server process, listening on the IRC channel for specific commands and carrying out the appropriate actions.
Troj/SDBot-06 may also attempt to download the files la.exe and list.doc from a remote website.

http://www.sophos.com/virusinfo/analyses/trojsdbot06.html

Collapse -
W32/Rbot-ABE
by Marianna Schmudlach / May 25, 2005 6:06 AM PDT

Type Worm

W32/Rbot-ABE is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-ABE copies itself to the Windows system folder as SSCS.EXE and creates entries in the registry so as to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32rbotabe.html

Collapse -
W32/Rbot-ABF
by Marianna Schmudlach / May 25, 2005 6:07 AM PDT

Type Worm

W32/Rbot-ABF is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-ABF copies itself to the Windows system folder as NVCVA.EXE and creates entries in the registry so as to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32rbotabf.html

Collapse -
Troj/Vixdl-A
by Marianna Schmudlach / May 25, 2005 6:09 AM PDT

Aliases Trojan-Downloader.Win32.Small.aqu
Generic

Type Trojan

Troj/Vixdl-A is a downloader Trojan for the Windows platform.
Troj/Vixdl-A will repeatedly attempt to download and execute four files from predefined URLs to the Windows system folder.

http://www.sophos.com/virusinfo/analyses/trojvixdla.html

Collapse -
Troj/Dumaru-BE
by Marianna Schmudlach / May 25, 2005 6:10 AM PDT

Type Trojan

Troj/Dumaru-BE is a password stealing Trojan for the Windows platform.
When run, the Trojan drops the files dvpd.dll, prntsvra.dll and winsms.dll to the Windows folder and moves itself to the Windows system folder as winldra.exe. Sophos's anti-virus products detect prntsvra.dll as Troj/Dumaru-BD while all remaining files are detected as Troj/Dumaru-BE.
The Trojan remains memory resident by hooking into the explorer process.
The Trojan logs keypresses and sends the captured information to a remote user as an HTTP POST web form.

http://www.sophos.com/virusinfo/analyses/trojdumarube.html

Collapse -
Troj/Dloader-MS
by Marianna Schmudlach / May 25, 2005 6:12 AM PDT

Aliases Trojan-Downloader.Win32.Small.ast

Type Trojan

Troj/Dloader-MS is a Trojan downloader for the Windows platform.
When run Troj/Dloader-MS will attempt to download a file to the Windows system folder and save it as file10.exe. The Trojan will then attempt to execute it.
This file is detected by Sophos as Troj/Eyeveg-E.

http://www.sophos.com/virusinfo/analyses/trojdloaderms.html

Collapse -
W32/Kipis-U
by Marianna Schmudlach / May 25, 2005 6:14 AM PDT

Aliases Email-Worm.Win32.Kipis.u
W32/Kipis.u@MM
W32.Kipis.A@mm
WORM_KIPIS.M

Type Worm

W32/Kipis-U is an email and network share worm and backdoor for the Windows platform.
W32/Kipis-U sends itself by email to addresses found on the hard disk of the infected computer.
Email sent by the worm has a subject line, message text and attachment name in one of 6 languages, English, French, German, Russian, Spanish or Ukrainian. The language is chosen according to the domain of the email recipient.
W32/Kipis-U runs continuously in the background, providing a backdoor server which allows a remote intruder to upload and run arbitrary programs on the infected computer.

http://www.sophos.com/virusinfo/analyses/w32kipisu.html

Collapse -
Troj/Dloader-NR
by Marianna Schmudlach / May 25, 2005 6:16 AM PDT
Collapse -
W32/Kelvir-Z
by Marianna Schmudlach / May 25, 2005 6:18 AM PDT
Collapse -
Troj/Dloader-NQ
by Marianna Schmudlach / May 25, 2005 6:20 AM PDT
Collapse -
W32/Rbot-ADE
by Marianna Schmudlach / May 25, 2005 6:21 AM PDT

Type Worm

W32/Rbot-ADE is an internet worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ADE spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) and MSSQL (MS02-039) and by copying itself to network shares protected by weak passwords.
W32/Rbot-ADE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ADE can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotade.html

Collapse -
W32/Agobot-SN
by Marianna Schmudlach / May 25, 2005 6:23 AM PDT

Aliases W32/Gaobot.worm.gen.j

Type Worm

W32/Agobot-SN is a worm and IRC backdoor Trojan for the Windows platform.
W32/Agobot-SN spreads to other network computers by exploiting common buffer overflow vulnerabilites, including RPC-DCOM (MS04-012) and by copying itself to network shares protected by weak passwords.
W32/Agobot-SN runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotsn.html

Collapse -
Troj/PurScan-Z
by Marianna Schmudlach / May 25, 2005 6:25 AM PDT

Aliases Trojan-Dropper.Win32.PurityScan.g; QLowZones-2.gen

Type Trojan

Troj/PurScan-Z is a Trojan for the Windows platform.
The Trojan opens Internet Explorer and attempts to contact a remote site repeatedly.
Troj/PurScan-Z reduces Internet Explorer security settings.

http://www.sophos.com/virusinfo/analyses/trojpurscanz.html

Collapse -
W32/Agobot-SM
by Marianna Schmudlach / May 25, 2005 6:27 AM PDT

Aliases Backdoor.Win32.Agobot.gen;

Type Worm

W32/Agobot-SM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Agobot-SM spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: RPC-DCOM (MS04-012) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.
W32/Agobot-SM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobotsm.html

Collapse -
Troj/Nsys-A
by Marianna Schmudlach / May 25, 2005 6:28 AM PDT

Aliases Trojan-Downloader.Win32.Delf.nt
Generic

Type Trojan

Troj/Nsys-A is a downloading Trojan for the Windows platform.
Troj/Nsys-A downloads an executable from a preconfigured URL and installs it so that it will be run at the next user login.

http://www.sophos.com/virusinfo/analyses/trojnsysa.html

Collapse -
Troj/SennaSpy-F
by Marianna Schmudlach / May 25, 2005 6:30 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!