Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - November 16, 2004

by Marianna Schmudlach / November 15, 2004 11:47 PM PST

Aliases IRC/Flood.cd.dr
BKDR_IRCFLOOD.CD

Type Trojan

Troj/Mirchack-D is a hacked version of the mIRC32 application.
Troj/Mirchack-D reads configuration data from a file DUAL.EXP. Typically the Trojan is distributed with a malicious DUAL.EXP file as part of a backdoor or flooding Trojan.

http://www.sophos.com/virusinfo/analyses/trojmirchackd.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - November 16, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - November 16, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Psyme-BB
by Marianna Schmudlach / November 15, 2004 11:49 PM PST

Aliases TrojanDownloader.JS.gen
VBS/Psyme

Type Trojan

Troj/Psyme-BB is a JavaScript downloader Trojan which exploits the ADODB stream vulnerability associated with some versions of Microsoft Internet Explorer to silently download a file from a remote location to:
C:\svhost.exe
Known variants download Troj/GoldThf-A which is detected by Sophos Anti-Virus.

http://www.sophos.com/virusinfo/analyses/trojpsymebb.html

Collapse -
Troj/DComTool-M
by Marianna Schmudlach / November 15, 2004 11:51 PM PST

Aliases Exploit.Win32.DCom.w
Exploit-DcomRpc.gen

Type Trojan

Troj/DComTool-M can provide intruders with a command shell on a remote system by using the DCOM RPC exploit.
See the Microsoft security alert MS04-012 for details and a patch.

http://www.sophos.com/virusinfo/analyses/trojdcomtoolm.html

Collapse -
Troj/RpcLsa-E
by Marianna Schmudlach / November 15, 2004 11:53 PM PST

Aliases Exploit-MS04-011.gen

Type Trojan

Troj/RpcLsa-E is a malicious executable using the lsasrv.dll RPC buffer overflow exploit vulnerability specified in MS04-011.
The Trojan is used by attackers to gain remote shell access to a target system.
Although the executable itself does not have a malicious effect on the infected system, it is often dropped by Trojans or installed by attackers.

http://www.sophos.com/virusinfo/analyses/trojrpclsae.html

Collapse -
Troj/Dloader-EA
by Marianna Schmudlach / November 15, 2004 11:55 PM PST
Collapse -
W32/Gobot-I
by Marianna Schmudlach / November 15, 2004 11:57 PM PST
Collapse -
W32/Protoride-W
by Marianna Schmudlach / November 15, 2004 11:59 PM PST

Aliases Worm.W32.Protoride.Gen

Type Worm

W32/Protoride-W is a Windows worm that spreads to computers via network shares.
W32/Protoride-W allows backdoor access to unauthorised remote intruders who can send commands controlling the compromised computer.

http://www.sophos.com/virusinfo/analyses/w32protoridew.html

Collapse -
Troj/Istbar-U
by Marianna Schmudlach / November 16, 2004 12:01 AM PST
Collapse -
W32/Sdbot-RG
by Marianna Schmudlach / November 16, 2004 12:02 AM PST

Type Worm

W32/Sdbot-RG is a member of the W32/Sdbot family of worms. It is a network worm and IRC backdoor Trojan for the Windows platform.
Sophos's anti-virus products include proactive protection technology, which can defend against new threats without requiring an update. Sophos customers have been protected against W32/Sdbot-RG (detected as W32/Sdbot-Fam) since version 3.86.

http://www.sophos.com/virusinfo/analyses/w32sdbotrg.html

Collapse -
Troj/Dyfu-B
by Marianna Schmudlach / November 16, 2004 12:04 AM PST

Type Trojan

Troj/Dyfu-B is a Trojan that sets a number of registry entries and also attempts to contact a predefined website. It attempts to delete the following files:
C:\sp2fix.exe
C:\copi.bat
C:\msmedia.exe
C:\mscommx.exe
<System>\mscommx.exe
It may try to create a batch file that will attempt to delete the original file as well as the batch file itself.

http://www.sophos.com/virusinfo/analyses/trojdyfub.html

Collapse -
Troj/Agent-AX
by Marianna Schmudlach / November 16, 2004 12:06 AM PST
Collapse -
W32/Mofei-E
by Marianna Schmudlach / November 16, 2004 7:29 AM PST
Collapse -
W32/Mofei-F
by Marianna Schmudlach / November 16, 2004 7:30 AM PST
Collapse -
W32/Forbot-CK
by Marianna Schmudlach / November 16, 2004 7:31 AM PST
Collapse -
W32/Forbot-CL
by Marianna Schmudlach / November 16, 2004 7:32 AM PST

Aliases Backdoor.Win32.Wootbot.gen
W32/Sdbot.worm.gen
WORM_WOOTBOT.CN

Type Worm

W32/Forbot-CL is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Forbot-CL copies itself to the Windows system folder as MQGUARD.EXE.
W32/Forbot-CL also creates its own service named "Win32" with display name "Windows Network Controller".
W32/Forbot-CL attempts to spread to network machines using various exploits including the LSASS vulnerability (see MS04-011). The worm may also spread via IRC channels.
W32/Forbot-CL may act as a proxy, delete network shares and steal keys for various software products

http://www.sophos.com/virusinfo/analyses/w32forbotcl.html

Collapse -
W32/Rbot-PW
by Marianna Schmudlach / November 16, 2004 7:34 AM PST

Aliases Win32.Rbot.gen
W32/Sdbot.worm.gen.t

Type Worm

W32/Rbot-PW is an IRC backdoor Trojan and network worm.
W32/Rbot-PW may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. The worm also opens up a backdoor, allowing a remote intruder access to infected computers.

http://www.sophos.com/virusinfo/analyses/w32rbotpw.html

Collapse -
Troj/Mdrop-JF
by Marianna Schmudlach / November 16, 2004 7:36 AM PST

Aliases TrojanDropper.Win32.DNet.a
MultiDropper-JF

Type Trojan

Troj/Mdrop-JF is a Trojan dropper for the Windows platform.
The Trojan creates a folder in the Windows system folder with the name iosdt and drops hacked versions of commercially available applications into the newly created folder.

http://www.sophos.com/virusinfo/analyses/trojmdropjf.html

Collapse -
Troj/Helodor-A
by Marianna Schmudlach / November 16, 2004 7:38 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.