General discussion

VIRUS ALERTS - November 17, 2006

Discussion is locked
Follow
Reply to: VIRUS ALERTS - November 17, 2006
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VIRUS ALERTS - November 17, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Troj/Dropper-MD
- Collapse -
Troj/Inject-Gen

Type Trojan

Troj/Inject-Gen is a downloader Trojan which downloads, installs and runs new adware related software without notification that it is doing so.

Troj/Inject-Gen is a DLL which is typically dropped by an installation executable to the TEMP folder with a random name and loaded.

The Troj/Inject-Gen DLL injects itself into a new instance of Microsoft Internet Explorer and then may download and run new executables and/or download DLLs and register them as COM servers.

When the adware software has been successfully installed, the installation executable and the Troj/Inject-Gen DLL are deleted.

http://www.sophos.com/virusinfo/analyses/trojinjectgen.html

- Collapse -
Troj/PWS-ACX
- Collapse -
Troj/Banloa-AQW
- Collapse -
Troj/Goldun-EK
- Collapse -
Troj/RKRustok-H
- Collapse -
Troj/DwnLdr-FVF
- Collapse -
W32/Vanebot-U
- Collapse -
Troj/Clicker-DX
- Collapse -
Troj/Bckdr-PQK
- Collapse -
Troj/DollarR-CA
- Collapse -
Troj/Bancban-PL

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.byu
PWS-Banker.gen.c

Troj/Bancban-PL is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Bancban-PL attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

Troj/Bancban-PL includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbancbanpl.html

- Collapse -
Troj/NTRootK-AW
- Collapse -
Troj/DwnLdr-FVG
- Collapse -
W32/Silly-E

Type Worm

Aliases Worm.Win32.VB.cj
Infection:

W32/Silly-E is a worm for the Windows platform.

W32/Silly-E spreads to other network computers. When spreading, W32/Silly-E may
copy itself to filenames that match the parent folder name, e.g "temp\temp.exe"
or "program files\program files.exe", it may also overwrite original executables.

http://www.sophos.com/security/analyses/w32sillye.html

- Collapse -
Troj/Torpig-Gen
- Collapse -
W32/Rbot-FVY

Type Spyware Worm

Aliases Backdoor.Win32.EggDrop.v
WORM_SPYBOT.IS

W32/Rbot-FVY is a network worm with IRC backdoor functionality.

W32/Rbot-FVY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-FVY spreads to other network computers by:

- exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012)
- networks protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotfvy.html

- Collapse -
Troj/Zlob-WC
- Collapse -
Troj/FakeVir-W
- Collapse -
W32/Rbot-FVZ

Type Worm

Aliases Backdoor.Win32.SdBot.awk

W32/Rbot-FVZ is a worm with IRC backdoor functionality for the Windows platform.

W32/Rbot-FVZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-FVZ spreads
- to computers vulnerable to common exploits, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) and ASN.1 (MS04-007)
- to network shares protected by weak passwords

http://www.sophos.com/security/analyses/w32rbotfvz.html

- Collapse -
Troj/Dloadr-AQE
- Collapse -
W32/Tilebot-HZ

Type Worm

Aliases Backdoor.Win32.SdBot.aad

W32/Tilebot-HZ is a worm and backdoor for the Windows platform.

W32/Tilebot-HZ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including SRVSVC (MS06-040) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-HZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via
IRC channels.

W32/Tilebot-HZ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebothz.html

- Collapse -
Troj/Dloadr-AQF
- Collapse -
Troj/Dloadr-AQG
- Collapse -
Troj/LDPinch-PL
- Collapse -
Troj/Dropper-ME
- Collapse -
Troj/DwnLdr-FVJ

Type Trojan

Aliases Trojan-Downloader.Win32.Agent.aav

Troj/DwnLdr-FVJ is a downloader Trojan for the Windows platform.

Troj/DwnLdr-FVJ includes functionality to access the internet, as well as download and execute code from remote websites.

http://www.sophos.com/virusinfo/analyses/trojdwnldrfvj.html

- Collapse -
Troj/ServU-EG
- Collapse -
Troj/Clicker-DY
- Collapse -
Troj/Zlob-WD

CNET Forums

Forum Info