Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 5, 2005

by Marianna Schmudlach / May 5, 2005 12:32 AM PDT

Troj/Agent-DQ
Summary

Aliases TROJ_AGENT.AX
Downloader-NL
Trojan-Downloader.Win32.Agent.au

Type Trojan

Troj/Agent-DQ is a Windows DLL downloader helper component.
Once installed, the Trojan provides functionality to allow the installer application to:
silently download files from the internet and run them
create registry entries to allow the installer application to run itself on user logon
receive and send HTTP requests without user notification
modify internet settings

http://www.sophos.com/virusinfo/analyses/trojagentdq.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-ABV
by Marianna Schmudlach / May 5, 2005 12:35 AM PDT

Aliases Backdoor.Win32.Rbot.op
WORM_RBOT.BJR

Type Worm

W32/Rbot-ABV is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011) and the WKS security exploit (MS03-049).
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ABV can be obtained from the Microsoft website:
MS04-011
MS03-049

http://www.sophos.com/virusinfo/analyses/w32rbotabv.html

Collapse -
Troj/Multidr-DL
by Marianna Schmudlach / May 5, 2005 12:36 AM PDT

Type Trojan

Troj/Multidr-DL is a Trojan dropper for the Windows platform.
When executed Troj/Multidr-DL will create and run the following two files in the C:\ folder:
ntl0cs.exe - detected by Sophos as W32/Rbot-ABT
ntl1cs.exe - detected by Sophos as Troj/Madtol-A

http://www.sophos.com/virusinfo/analyses/trojmultidrdl.html

Collapse -
Troj/Psyme-BV
by Marianna Schmudlach / May 5, 2005 12:38 AM PDT
Collapse -
Troj/Padodor-Z
by Marianna Schmudlach / May 5, 2005 12:39 AM PDT
Collapse -
Troj/StartPa-FX
by Marianna Schmudlach / May 5, 2005 12:41 AM PDT
Collapse -
Troj/Rider-P
by Marianna Schmudlach / May 5, 2005 12:43 AM PDT

Aliases Exploit.HTML.Mht; Exploit-MhtRedir.gen

Type Trojan

Troj/Rider-P is an HTML-based script which exploits a vulnerability associated with some versions of Microsoft Internet Explorer to load a malicious script (or HTML page containing a malicious script) via the DATA attribute of an OBJECT element.
Troj/Rider-P will attempt to load an HTML file detected by Sophos as Troj/Psyme-BG.


http://www.sophos.com/virusinfo/analyses/trojriderp.html

Collapse -
Troj/PurScan-W
by Marianna Schmudlach / May 5, 2005 12:44 AM PDT
Collapse -
Troj/HacDef-O
by Marianna Schmudlach / May 5, 2005 12:46 AM PDT

Aliases Backdoor.Win32.HacDef.b
Backdoor.Win32.HacDef.ab
HackerDefender.gen

Type Trojan

Troj/HacDef-O is a backdoor Trojan for the Windows platform.
Troj/HacDef-O allows a remote attacker unauthorised access to the infected computer.


http://www.sophos.com/virusinfo/analyses/trojhacdefo.html

Collapse -
Troj/ServU-AP
by Marianna Schmudlach / May 5, 2005 12:48 AM PDT
Collapse -
W32/Agobot-RA
by Marianna Schmudlach / May 5, 2005 12:50 AM PDT

Aliases W32/Agobot.DDW
W32/Gaobot.worm.gen.d
WORM_AGOBOT.DTR

Type Worm

W32/Agobot-RA is a member of the W32/Agobot family of network worms. The worm can spread to computers vulnerable to the RPC-DCOM, WebDav, and WKS exploits(see Microsoft Security Bulletins MS04-012, MS03-007, and MS03-049), as well as via NetBios and to computers infected with the MyDoom and Bagle worms.
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Agobot-RA can be instructed to:
send spam email from an infected computer
attempt to disable security software
scan for vulnerable computers to spread to
steal product keys
upload, download, and execute files
participate in a distribute denial-of-service (DDoS) attack

http://www.sophos.com/virusinfo/analyses/w32agobotra.html

Collapse -
W32/Sdbot-WD
by Marianna Schmudlach / May 5, 2005 12:51 AM PDT

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.h

Type Worm

W32/Sdbot-WD is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-WD spreads by copying itself to network shares protected by weak passwords and by exploiting a number of software vulnerabilities.
W32/Sdbot-WD will attempt to kill a number of security and anti-virus related applications. W32/Sdbot-WD may also attempt to deny access to certain anti-virus websites.
W32/Sdbot-WD will drop a file detected as Troj/NtRootK-F.

http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html

Collapse -
Troj/Singu-Q
by Marianna Schmudlach / May 5, 2005 12:53 AM PDT
Collapse -
W32/Rizon-A
by Marianna Schmudlach / May 5, 2005 12:55 AM PDT
Collapse -
W32/Mytob-BZ
by Marianna Schmudlach / May 5, 2005 12:56 AM PDT

Type Worm

W32/Mytob-BZ is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BZ is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-BZ harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobbz.html

Collapse -
W32/Rbot-ABU
by Marianna Schmudlach / May 5, 2005 12:57 AM PDT

Aliases Backdoor.Win32.Agobot.aby

Type Worm

W32/Rbot-ABU is an internet worm and backdoor Trojan.
W32/Rbot-ABU spreads to other network computers by exploiting LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) and MSSQL (MS02-039) buffer overflow vulnerabilities and by copying itself to network shares protected by weak passwords.
W32/Rbot-ABU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The worm also includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software
- disable other applications
- execute arbitrary commands
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ABU can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotabu.html

Collapse -
Troj/Dloader-NA
by Marianna Schmudlach / May 5, 2005 12:59 AM PDT
Collapse -
Troj/Dloader-MY
by Marianna Schmudlach / May 5, 2005 1:01 AM PDT
Collapse -
Troj/ServU-AS
by Marianna Schmudlach / May 5, 2005 1:02 AM PDT

Aliases Backdoor.Win32.ServU-based

Type Trojan

Troj/ServU-AS is a hacked version of a commercially available FTP server that will listen on a port for incoming commands from a remote attacker.
Troj/ServU-AS creates text files named chkdrv.vxd and tskman.dll in the current folder.

http://www.sophos.com/virusinfo/analyses/trojservuas.html

Collapse -
W32/Rbot-ABT
by Marianna Schmudlach / May 5, 2005 1:04 AM PDT

Aliases W32/Sdbot.worm.gen.ag

Type Worm

W32/Rbot-ABT is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
Once installed, W32/Rbot-ABT will give a remote attacker the ablility to perform a set of functions on the infected computer.


http://www.sophos.com/virusinfo/analyses/w32rbotabt.html

Collapse -
W32/Agobot-RX
by Marianna Schmudlach / May 5, 2005 8:35 AM PDT

Aliases Backdoor.Win32.Agobot.nq
W32/Gaobot.worm.gen.d
WORM_AGOBOT.ARD

Type Worm

W32/Agobot-RX is an IRC backdoor Trojan and network worm which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Agobot-RX spreads by coping itself to weakly protected network shares and exploiting a number of known vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32agobotrx.html

Collapse -
W32/Sdbot-YA
by Marianna Schmudlach / May 5, 2005 8:37 AM PDT

Type Worm

W32/Sdbot-YA is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords and through various operating system vulnerabilities.
W32/Sdbot-YA connects to a predetermined IRC channel and awaits further commands from remote users. The backdoor component of W32/Sdbot-YA can be instructed to perform the various tasks.

http://www.sophos.com/virusinfo/analyses/w32sdbotya.html

Collapse -
W32/Tirbot-F
by Marianna Schmudlach / May 5, 2005 8:39 AM PDT

Aliases Backdoor.Win32.IRCBot.gen
W32/Sdbot.worm.gen

Type Worm

W32/Tirbot-F is a network worm with backdoor Trojan functionality for the Windows platform.
The backdoor component joins a predetermined IRC channel and awaits further commands from remote users. The backdoor component can then be instructed to perform the following:
take part in distributed denial of service (DDoS) attacks
upload/download files
execute files
serve as a proxy server
harvest information from the system registry
report filesystem information
list running processes
scan for the presence anti-virus software
W32/Tirbot-F will attempt to terminate processes with names that contain predefined strings.

http://www.sophos.com/virusinfo/analyses/w32tirbotf.html

Collapse -
W32/Tirbot-E
by Marianna Schmudlach / May 5, 2005 8:40 AM PDT

Type Worm

W32/Tirbot-E is a network worm with backdoor Trojan functionality for the Windows platform.
The backdoor component joins a predetermined IRC channel and awaits further commands from remote users. The backdoor component can then be instructed to perform various tasks

http://www.sophos.com/virusinfo/analyses/w32tirbote.html

Collapse -
VBS/Newley-A
by Marianna Schmudlach / May 5, 2005 8:41 AM PDT

Type Worm

VBS/Newley-A is a simple worm and backdoor Trojan.
VBS/Newley-A copies itself to several locations, including drives G: to Z:.
VBS/Newley-A attempts to run a telnet server on port 10001.
VBS/Newley-A attempts to disable Sophos Anti-Virus.
VBS/Newley-A provides a fake uninstall option via the Add or Remove Programs dialog in the Windows Control Panel, called "Geography TX-A". Selecting this uninstall option will usually cause the machine to shut down.

http://www.sophos.com/virusinfo/analyses/vbsnewleya.html

Collapse -
W32/Semapi-A
by Marianna Schmudlach / May 5, 2005 8:43 AM PDT
Collapse -
Troj/Zlob-B
by Marianna Schmudlach / May 5, 2005 8:44 AM PDT

Aliases Trojan.Downloader.Agent-113
Downloader-XC
Trojan-Downloader.Win32.Agent.lx
W32/Downloader.AVZ

Type Trojan

Troj/Zlob-B is a downloader Trojan.
Troj/Zlob-B will contact predefined remote sites and download data. The Trojan may then download further executable files and run them.


http://www.sophos.com/virusinfo/analyses/trojzlobb.html

Collapse -
Troj/ZlobDrop-B
by Marianna Schmudlach / May 5, 2005 8:46 AM PDT

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!