HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 3, 2006

by roddy32 / May 3, 2006 6:28 AM PDT

W32/Bobax-BV

Type
Worm

Aliases
Net-Worm.Win32.Bobic.ak

W32/Bobax-BV is a worm for the Windows platform.

W32/Bobax-BV spreads to other network computers by exploiting common buffer overflow vulnerabilities, including PNP (MS05-039).

W32/Bobax-BV includes functionality to communicate with a remote server via HTTP.

W32/Bobax-BV contains an SMTP engine which it may use in order to spread by email.

http://www.sophos.com/virusinfo/analyses/w32bobaxbv.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 3, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 3, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Fakespy-C
by roddy32 / May 3, 2006 6:29 AM PDT

Type
Trojan

Aliases
Trojan.Win32.Small.ev

Troj/Fakespy-C is a Trojan for the Windows platform.

Troj/Fakespy-C runs in the background and periodically displays a fake message claiming that the system is intected with

spyware. If the user clicks "OK" then Troj/Fakespy-C will open Internet Explorer to a web page that sells software to fix

the alleged problem.

The Trojan may also display a warning from an icon in the taskbar again informing the user of an alleged problem with the

system, and inviting them to click on the icon to get software to fix this problem.

http://www.sophos.com/virusinfo/analyses/trojfakespyc.html

Collapse -
Troj/Dloadr-UQ
by roddy32 / May 3, 2006 6:30 AM PDT
Collapse -
Troj/Winsysba-G
by roddy32 / May 3, 2006 6:32 AM PDT
Collapse -
Troj/Haxdoor-BX
by roddy32 / May 3, 2006 6:33 AM PDT
Collapse -
Troj/Small-CSN
by roddy32 / May 3, 2006 6:34 AM PDT
Collapse -
Troj/Harnig-BN
by roddy32 / May 3, 2006 6:36 AM PDT
Collapse -
Troj/Small-BNR
by roddy32 / May 3, 2006 6:38 AM PDT
Collapse -
Troj/Sdbot-BMX
by roddy32 / May 3, 2006 6:40 AM PDT
Collapse -
Troj/Bancos-AEK
by roddy32 / May 3, 2006 6:42 AM PDT
Collapse -
Troj/SpyDldr-E
by roddy32 / May 3, 2006 6:44 AM PDT

Type
Trojan

Aliases
Trojan-Downloader.Win32.Adload.aq

Troj/SpyDldr-E is an advertising Trojan with downloading functionality.

When run Troj/SpyDldr-E periodically displays any of the following fake warning messages:

Title: 'Alert! Trojan.Virus.Z.32.exe launch attempt detected...'
Message: 'It is recommended that you run a full system scan now to reveal other possible threats. Click here to download spyware remover.'

Title: 'Internet attack attempt detected...'
Message: 'Somebody's trying to infect your system with spyware or harmful viruses. Run system scan now to secure your PC from Internet attacks and hijacking attempts!
Click here to download spyware remover now...'

Title: 'Alert!'
Message: 'Trojan.Virus.Z.32.exe launch attempt detected and blocked! It is recommended that you run a full system scan to reveal other possible threats.
Click here to visit Security Center web site and protect your system against spyware and harmful viruses...'

Title: 'Credit card hijacking attempt detected...'
Message: 'This is a result of harmful spyware activity.
Scan your PC now to reveal and remove malicious spyware.
Visit Windows Security site to download antispyware...'

Title: 'Alert: You are receiving spam!'
Message: 'This means your computer is infected with malicious spyware. Scan your computer now. Click here to protect your computer against spyware, adware and trojans!'

Title: 'Danger! Spyware activity detected on your computer...'
Message: 'Full system scan highly recommended to remove possible malicious spyware. Scan now to remove all spyware and adware!
Visit Windows Security Center web site to protect your computer...'

Title: 'Warning! Your computer is not protected against spyware...'
Message: 'This may lead to your PC getting infected with malicious spyware able to steal your data including passwords, credit card numbers, etc.
Scan your computer for spyware now!'

Title: 'Your data is being transmitted to another computer...'
Message: 'DATA MINER - a dangerous spyware stealing and collecting your data, possibly does this. Scan your PC now to get rid of this malicious program. Click here to download spyware remover to protect your PC.'

Title: 'Warning: Your security and privacy are at risk!'
Message: 'Spyware has been detected on your computer.
Click here to run a full system scan to protect your PC...'

Title: 'Alert:'
Message: 'The following program C:\windows\system\keylogger.exe#CR#is trying to monitor and log login names and passwords entered from your keyboard. Scan your PC now to remove possible keyloggers and other spyware!'

Title: 'Danger: Potential spyware operation!'
Message: 'Your computer is making unauthorized copies of your system and Internet log files. Run full scan now to prevent any unauthorized access to your log files!
Visit Windows Security Center web site now...'

Title: 'Warning! Outside access attempt detected:'
Message: 'Somebody's trying to gain access to your PC using DATA MINER program. Run System Scan now to block further unauthorized access attempts.
Click here to visit Windows Security web site...'

Title: 'Your computer is working slowly!'
Message: 'Slow operation speed might have been caused by malicious spyware. Run Spyware scan now to remove all viruses and spyware programs from your computer!
Click here to visit Windows Security Center web site...'

Title: 'System alert:'
Message: 'Warning! Spyware detected on your computer.
Click here to remove all spyware and viruses immediately...
Protect your system today.'

Title: 'Warning: System Protection notice!'
Message: 'Protect your system against spyware and harmful viruses.
Click here to protect your PC immediately!'

Troj/SpyDldr-E includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojspydldre.html

Collapse -
Troj/Zlob-IO
by roddy32 / May 3, 2006 6:47 AM PDT
Collapse -
JS/Psyme-CQ
by roddy32 / May 3, 2006 6:48 AM PDT

Type
Trojan

JS/Psyme-CQ is an HTML-based Javascript downloader.

JS/Psyme-CQ attempts to download and display a html from a remote server via an iFrame.

JS/Psyme-CQ later prompts the user to download a video codec installer.

The video codec installer is detected as Troj/Zlob-IO.

http://www.sophos.com/virusinfo/analyses/jspsymecq.html

Collapse -
Troj/Haxdoor-IN
by roddy32 / May 3, 2006 6:53 AM PDT

Type
Trojan

Aliases
Backdoor.Win32.Haxdoor.in
BKDR_HAXDOOR.GM
Backdoor.Haxdoor.J

Troj/Haxdoor-IN is a Trojan for the Windows platform.

Troj/Haxdoor-IN runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

http://www.sophos.com/virusinfo/analyses/trojhaxdoorin.html

Collapse -
Troj/Agent-BJA
by roddy32 / May 3, 2006 6:55 AM PDT
Collapse -
Troj/Banker-BII
by roddy32 / May 3, 2006 6:56 AM PDT

Type
Trojan

Aliases
Trojan-Spy.Win32.Banker.awa
PWS-Banker.gen.i

Troj/Banker-BII is a Trojan for the Windows platform.

Troj/Banker-BII includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbankerbii.html

Collapse -
Troj/Banloa-ACD
by roddy32 / May 3, 2006 6:59 AM PDT

Type
Trojan

Aliases
Trojan-Downloader.Win32.Banload.adw
Win32/TrojanDownloader.Banload.ABN

Troj/Banloa-ACD is a Trojan for the Windows platform.

Troj/Banloa-ACD includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbanloaacd.html

Collapse -
Troj/Agent-BJB
by roddy32 / May 3, 2006 7:03 AM PDT
Collapse -
Troj/Banloa-CCC
by roddy32 / May 3, 2006 7:04 AM PDT

Type
Trojan

Troj/Banloa-CCC is a Trojan for the Windows platform.

Troj/Banloa-CCC includes functionality to access the internet and communicate
with a remote server via HTTP.

Troj/Banloa-CCC will attempt to download files from the internet and run them.
They are detected by Sophos as Troj/Bnkmr-Fam.

http://www.sophos.com/virusinfo/analyses/trojbanloaccc.html

Collapse -
Troj/Banito-AR
by roddy32 / May 3, 2006 7:06 AM PDT

Type
Spyware Trojan

Troj/Banito-AR is a backdoor Trojan for the Windows platform that provides remote unauthorized access to the infected computer.

Troj/Banito-AR connects to a remote site and then awaits commands from a remote
user. The backdoor component may be instructed to spread through network
shares.

http://www.sophos.com/virusinfo/analyses/trojbanitoar.html

Collapse -
W32/Bagle-IV
by Marianna Schmudlach / May 3, 2006 3:53 PM PDT

Type Worm

Aliases Email-Worm.Win32.Scano.t
W32/Scano.H

W32/Bagle-IV is a mass-mailing worm and backdoor Trojan for the Windows platform.

W32/Bagle-IV includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32bagleiv.html

Collapse -
Troj/Dloadr-AFW
by Marianna Schmudlach / May 3, 2006 3:55 PM PDT
Collapse -
Troj/Dloadr-US
by Marianna Schmudlach / May 3, 2006 3:56 PM PDT
Collapse -
Troj/Zlob-IS
by Marianna Schmudlach / May 3, 2006 3:57 PM PDT
Collapse -
W32/Bagle-IU
by Marianna Schmudlach / May 3, 2006 3:58 PM PDT

Type Worm

Aliases W32/Areses.h

W32/Bagle-IU is a mass-mailing worm for the Windows platform.

W32/Bagle-IU includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Bagle-IU may send emails with the following characteristics. The subject line may be one of the following:

Hi, what's up?
He, where are you?
Hi, drop me a line!!!
Hi! Please write to me urgently!
Hi! I'm waiting you online today!
Will you be online today?
When you're gonna answer me?
Re: write to me!
Re: Call me!
Re: Where are you?
Re: When you're gonna answer me?
Hi!!! How's the mood?
Re: How's the mood?
Re: Where have you been?

The message of the email may be any one of the following strings

MORE: http://www.sophos.com/virusinfo/analyses/w32bagleiu.html

Collapse -
Troj/Zapchas-BG
by Marianna Schmudlach / May 3, 2006 3:58 PM PDT
Collapse -
Troj/PWS-RV
by Marianna Schmudlach / May 3, 2006 3:59 PM PDT

Type Spyware Trojan

Troj/PWS-RV is an information stealing Trojan for the Windows platform.

Troj/PWS-RV includes the functionality to access the internet and communicate with a remote server via HTTP.

Troj/PWS-RV includes the functionality to record the following information:

Mail client information, such as usernames and passwords, from such clients as Outlook, Eudora, Batmail and Thunderbird
POP3 mail usernames, passwords and servers
SMTP mail usernames, passwords and servers
IMAP mail usernames, passwords and servers
FTP client credentials, such as HOST, UID, Password, and directories from such programs as CuteFTP, WS_FTP and WXC_FTP
Protected storage information
username and passwords from chat clients such as ICQ, AIM, and Trillian
dialup credentials

At regualr intervals, the Trojan will post the stolen information to a remote location.

http://www.sophos.com/virusinfo/analyses/trojpwsrv.html

Collapse -
Troj/RuinDl-M
by Marianna Schmudlach / May 3, 2006 4:00 PM PDT
Collapse -
Troj/Dloadr-AFC
by Marianna Schmudlach / May 3, 2006 4:01 PM PDT
Collapse -
Troj/Bckdr-IAQ
by Marianna Schmudlach / May 3, 2006 4:02 PM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.