Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 30, 2005

by Marianna Schmudlach / May 30, 2005 2:21 AM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 30, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 30, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Orse-C
by Marianna Schmudlach / May 30, 2005 2:22 AM PDT

Type Trojan

Troj/Orse-C is a Trojan for the Windows platform.
Troj/Orse-C includes functionality to silently download, install and run new software. Troj/Orse-C also attempts to download configuration data from preconfigured websites which may instruct the Trojan to send emails.

http://www.sophos.com/virusinfo/analyses/trojorsec.html

Collapse -
Troj/LdPinch-BA
by Marianna Schmudlach / May 30, 2005 2:24 AM PDT

Aliases Trojan.LdPinch-19
TROJ_PSWPINCH.A
W32/Spybot.KJP

Type Trojan

Troj/LdPinch-BA is a password-stealing Trojan that will search the host for information related to the following applications/services:
Password stored in BatMail and The Bat FTP client
Mirabilis ICQ
Trillian Passwords
Remote Access Service (RAS)
CuteFTP password
WS_FTP password
Opera/Mozilla stored password
Internet Explorer password manager
Windows NT username
Local phone book information
The Trojan will then submit this information to a preconfigured email address. Troj/LdPinch-BA includes functionality to silently download, install and run new software and send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojldpinchba.html

Collapse -
Troj/Daoser-D
by Marianna Schmudlach / May 30, 2005 2:26 AM PDT

Aliases Trojan.Win32.WebSearch.j
StartPage-GT
TROJ_DROPPER.EY

Type Trojan

Troj/Daoser-D is a Trojan for the Windows platform. It may attempt to change Internet Explorer settings and can be commanded by a config file on remote servers.

http://www.sophos.com/virusinfo/analyses/trojdaoserd.html

Collapse -
Troj/Dloader-PC
by Marianna Schmudlach / May 30, 2005 2:27 AM PDT

Type Trojan

Troj/Dloader-PC is a Trojan for the Windows platform.
When run, Troj/Dloader-PC makes repeated attempts to download imgmp.jpg from a remote site. The file is saved locally with an EXE file extension and is then executed. At the time of writing, Sophos's anti-virus products detect imgmp.jpg as Troj/Dloader-PB.

http://www.sophos.com/virusinfo/analyses/trojdloaderpc.html

Collapse -
Troj/Small-EJ
by Marianna Schmudlach / May 30, 2005 2:29 AM PDT
Collapse -
W32/Tibick-F
by Marianna Schmudlach / May 30, 2005 2:31 AM PDT

Aliases WORM_TIBICK.F
P2P-Worm.Win32.Tibick.f
W32/Tibick!p2p

Type Worm

W32/Tibick-F is a P2P worm.
W32/Tibick-F creates a subfolder in the Windows system folder named msview and creates several copies of itself in this new folder using several different filenames.
W32/Tibick-F may then alter the settings for common Peer to Peer (P2P) applications to share the msview folder.
W32/Tibick-F also contains IRC backdoor Trojan functionality. W32/Tibick-F will attempt to connect to a remote IRC server and may attempt to download and execute a file from a specified address to a random filename with an EXE extension in the Windows system folder if instructed to do so.

http://www.sophos.com/virusinfo/analyses/w32tibickf.html

Collapse -
Troj/Bancsde-E
by Marianna Schmudlach / May 30, 2005 2:37 AM PDT

Aliases Trojan-Dropper.Win32.Small.zz
Backdoor.Win32.Bancodor.z

Type Trojan

Troj/Bancsde-E is a data-stealing Trojan for the Windows platform which attempts to capture online banking details for accounts related to certain banks in Germany.
Troj/Bancsde-E comprises of the dropper file, the main executable and the dll component.
The main Trojan executable attempts to capture data contained within internet banking web pages and may display fake login pages in an attempt to capture account information.

http://www.sophos.com/virusinfo/analyses/trojbancsdee.html

Collapse -
Troj/Vidlo-K
by Marianna Schmudlach / May 30, 2005 2:39 AM PDT

Aliases Trojan-Downloader.Win32.Vidlo.n
Downloader-AAP.b

Type Trojan

Troj/Vidlo-K is a downloader Trojan for the Windows platform.
Once executed Troj/Vidlo-K attempts to download and run from a remote location a file called xx.exe which is detected by Sophos's anti-virus products as Troj/Bancsde-E.

http://www.sophos.com/virusinfo/analyses/trojvidlok.html

Collapse -
Troj/Dumaru-BK
by Marianna Schmudlach / May 30, 2005 2:41 AM PDT

Aliases Backdoor.Win32.Dumador.bj
BackDoor-CCT.dll
Backdoor.Nibu.J

Type Trojan

Troj/Dumaru-BK is a multi-component keylogging Trojan which also attempts to
download and execute EXE files from remote websites. The Trojan runs in the background and allows unauthorised remote access to the computer over a network.


http://www.sophos.com/virusinfo/analyses/trojdumarubk.html

Collapse -
Troj/Teadoor-C
by Marianna Schmudlach / May 30, 2005 2:42 AM PDT

Aliases Backdoor.Win32.Agent.ec
Generic

Type Trojan

Troj/Teadoor-C is a backdoor Trojan which allows a remote intruder to gain
access and control over the computer. It will also attempt to terminate
security related processes on target computer, and may download files from remote
location.

http://www.sophos.com/virusinfo/analyses/trojteadoorc.html

Collapse -
Troj/Cosiam-B
by Marianna Schmudlach / May 30, 2005 2:44 AM PDT

Aliases Trojan-Proxy.Win32.Small.bo
Proxy-Agent.k.gen
Trojan
TROJ_SMALL.AOS

Type Trojan

Troj/Cosiam-B is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Cosiam-B will contact a remote location in order to report details of the infected computer, including the port that the Trojan is listening on, the computer's IP and operating system. The Trojan may then download configuration data.
Troj/Cosiam-B is capable of downloading and running further executable files.

http://www.sophos.com/virusinfo/analyses/trojcosiamb.html

Collapse -
W32/Sdbot-YV
by Marianna Schmudlach / May 30, 2005 2:46 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Sdbot-YV is a worm with backdoor Trojan functionality. It will attempt to drop a rootkit to hide its running process.
W32/Sdbot-YV is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Sdbot-YV will also attempt to spread by exploiting the following vulnerabilities:
LSASS (MS04-011)
RPC-DCOM (MS04-012)
WKS (MS03-049) (CAN-2003-0812)
MSSQL (MS02-039) (CAN-2002-0649)
WINS (MS04-045)
DCOM (MS04-012)
W32/Sasser backdoor

http://www.sophos.com/virusinfo/analyses/w32sdbotyv.html

Collapse -
Troj/Dloader-OA
by Marianna Schmudlach / May 30, 2005 2:48 AM PDT
Collapse -
W32/Agobot-AAE
by Marianna Schmudlach / May 30, 2005 2:50 AM PDT

Aliases WORM_AGOBOT.AUR

Type Virus

W32/Agobot-AAE is an internet worm, virus and IRC backdoor Trojan for the Windows platform.
W32/Agobot-AAE spreads to other network computers by exploiting common buffer overflow vulnerabilites, including LSASS(MS04-011). W32/Agobot-AAE may also infect files.
W32/Agobot-AAE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Agobot-AAE can be obtained from the Microsoft website:
MS04-011

http://www.sophos.com/virusinfo/analyses/w32agobotaae.html

Collapse -
W32/Mytob-CP
by Marianna Schmudlach / May 30, 2005 9:56 AM PDT

Aliases Net-Worm.Win32.Mytob.bb
Worm.Mytob.AS

Type Worm

W32/Mytob-CP is an email worm and IRC backdoor Trojan for the Windows platform. The Trojan component allows unauthorised remote access to the computer via a network.
W32/Mytob-CP includes functionality to modify the HOSTS file.

http://www.sophos.com/virusinfo/analyses/w32mytobcp.html

Collapse -
Troj/Sdbot-YU
by Marianna Schmudlach / May 30, 2005 10:00 AM PDT

Aliases Backdoor.Win32.IRCBot.bg

Type Trojan

Troj/Sdbot-YU is a Trojan for the Windows platform.
Troj/Sdbot-YU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Sdbot-YU includes functionality to silently download, install and run new software and change security settings.

http://www.sophos.com/virusinfo/analyses/trojsdbotyu.html

Collapse -
W32/Mytob-CO
by Marianna Schmudlach / May 30, 2005 10:02 AM PDT

Aliases Net-Worm.Win32.Mytob.bb

Type Worm

W32/Mytob-CO is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-CO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-CO can spread by sending itself as an email attachment to email addresses it harvests from the infected computer.

http://www.sophos.com/virusinfo/analyses/w32mytobco.html

Collapse -
Troj/Bancos-CW
by Marianna Schmudlach / May 30, 2005 10:04 AM PDT

Aliases Trojan-Spy.Win32.Bancos.cr

Type Trojan

Troj/Bancos-CW is a password-stealing Trojan for the Windows platform.
Troj/Bancos-CW steals confidential information relating to certain online banking applications by displaying fake login screens and sends stolen information to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancoscw.html

Collapse -
Troj/SpyDldr-A
by Marianna Schmudlach / May 30, 2005 10:06 AM PDT

Aliases Trojan-Downloader.Win32.Agent.bq
W32/Agent.NY
TROJ_DLOADER.LZ

Type Trojan

Troj/SpyDldr-A is an advertising Trojan with downloading functionality.
Troj/SpyDldr-A attempts to download and install Browser Helper Object plugins.

http://www.sophos.com/virusinfo/analyses/trojspydldra.html

Collapse -
W32/Rbot-ADS
by Marianna Schmudlach / May 30, 2005 10:08 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-ADS is network worm for the Windows platform that attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011) and the RPC-DCOM security exploit (MS03-039).

http://www.sophos.com/virusinfo/analyses/w32rbotads.html

Collapse -
W32/Sdbot-BXQ
by Marianna Schmudlach / May 30, 2005 10:14 AM PDT

Aliases Backdoor.Win32.IRCBot.be
W32/Sdbot.worm.gen.bi
W32.Spybot.Worm
WORM_SDBOT.BXQ

Type Worm

W32/Sdbot-BXQ is a network worm and IRC backdoor Trojan for the Windows platform which allows a remote intruder to access and control the computer via IRC channels.
The backdoor component joins a specific channel on an IRC server and then runs continuously in the background as a service process, listening on the IRC channel for specific commands and carrying out the appropriate actions.

http://www.sophos.com/virusinfo/analyses/w32sdbotbxq.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?