Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - November 23, 2005

by roddy32 / November 23, 2005 1:54 AM PST

Troj/BagleDl-AF

Type Trojan

Troj/BagleDl-AF is a Trojan for the Windows platform.

When first run, Troj/BagleDl-AF opens a graphics file named ntimage.gif with the default image viewer.

Troj/BagleDl-AF attempts to download further malicious software from pre-specified URLs.

http://www.sophos.com/virusinfo/analyses/trojbagledlaf.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - November 23, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - November 23, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/BagleDl-AG
by roddy32 / November 23, 2005 1:55 AM PST

Type Trojan

Troj/BagleDl-AG is a Trojan for the Windows platform.

When first run, Troj/BagleDl-AG opens a graphics file named ntimage.gif with default image viewer.

Troj/BagleDl-AG attempts to download further malicious software from pre-specified URLs.

http://www.sophos.com/virusinfo/analyses/trojbagledlag.html

Collapse -
Troj/Jupdrop-A
by roddy32 / November 23, 2005 8:44 AM PST
Collapse -
Troj/Jupdow-A
by roddy32 / November 23, 2005 8:46 AM PST

Type Trojan

Aliases

* Trojan-Proxy.Win32.Delf.al

Troj/Jupdow-A is a Trojan for the Windows platform.

Troj/Jupdow-A attempts to download configuration files from a remote website to the Windows temp folder, and may then attempt to download files from further websites.

http://www.sophos.com/virusinfo/analyses/trojjupdowa.html

Collapse -
Troj/Jupdow-B
by roddy32 / November 23, 2005 8:47 AM PST

Type Trojan

Troj/Jupdow-B is a Trojan for the Windows platform.

Troj/Jupdow-B attempts to download configuration files from a remote website to the Windows temp folder, and may then attempt to download files from further websites.

http://www.sophos.com/virusinfo/analyses/trojjupdowb.html

Collapse -
Troj/GrayBrd-AL
by roddy32 / November 23, 2005 8:49 AM PST
Collapse -
Troj/Bancban-IR
by roddy32 / November 23, 2005 8:52 AM PST
Collapse -
W32/Rbot-AYC
by roddy32 / November 23, 2005 8:53 AM PST

Type Worm

Aliases

* W32/Spybot.NLU
* W32/Sdbot.worm.gen.bh

W32/Rbot-AYC is a worm with IRC backdoor functionality for the Windows platform.

W32/Rbot-AYC can spread via network shares or MSSQL when it finds weak passwords. It may also spread to systems compromised by other malware, or by exploiting common vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039), and ASN.1 (MS04-007).

W32/Rbot-AYC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotayc.html

Collapse -
Troj/Dumaru-BR
by roddy32 / November 23, 2005 8:56 AM PST

Type Trojan

Aliases

* Backdoor.Win32.Dumador.ez

Troj/Dumaru-BR is a password-stealing backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Dumaru-BR includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdumarubr.html

Collapse -
Troj/Agent-KM
by roddy32 / November 23, 2005 9:00 AM PST

Type Trojan

Aliases

* Backdoor.Win32.Agent.km BackDoor-CPX

Troj/Agent-KM is a backdoor Trojan for the Windows platform.

Troj/Agent-KM allows a remote user to use a gain access and control over the computer using a command prompt.

Troj/Agent-KM includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojagentkm.html

Collapse -
Troj/Gatto-A
by roddy32 / November 23, 2005 9:03 AM PST
Collapse -
Troj/Hazif-B
by roddy32 / November 23, 2005 9:05 AM PST
Collapse -
Troj/BagleDl-AH
by roddy32 / November 23, 2005 9:25 AM PST

Type Trojan

Troj/BagleDl-AH is a Trojan for the Windows platform.

When first run, Troj/BagleDl-AH opens a graphics file named ntimage.gif with default image viewer.

Troj/BagleDl-AH attempts to download further malicious software from pre-specified URLs.
The Trojan opens a graphics file when first run.

http://www.sophos.com/virusinfo/analyses/trojbagledlah.html

Collapse -
Troj/BagleDl-AI
by roddy32 / November 23, 2005 9:30 AM PST

Type Trojan

Troj/BagleDl-AI is a Trojan for the Windows platform.

When first run, Troj/BagleDl-AI opens a graphics file named ntimage.gif with default image viewer.

Troj/BagleDl-AI attempts to download further malicious software from pre-specified URLs.

The Trojan opens a graphics file when first run.

http://www.sophos.com/virusinfo/analyses/trojbagledlai.html

Collapse -
W32/Bagle-BS
by roddy32 / November 23, 2005 9:32 AM PST

Type Worm

W32/Bagle-BS is a worm for the Windows platform.

W32/Bagle-BS sends a ZIP file as an email attachment. The ZIP file contains an executable detected as Troj/BagleDl-W. When run, this executable attempts to download further files, which may include copies of the original worm W32/Bagle-BS.

W32/Bagle-BS may download and run further malicious code, storing the downloaded file as re_file.exe in the Windows system folder.

Messages sent by W32/Bagle-BS have the following characteristics. The subject line is blank. The message text is chosen to be one of the following lines:

info
texte
The password is <image>
Password: <image>

The attachment name is chosen from the following:

Business.zip
Business_dealing.zip
Health_and_knowledge.zip
Info_prices.zip
max.zip
sms_text.zip
text_sms.zip
The_new_prices.zip

The worm will avoid sending emails to addresses containing any of the following strings:

@derewrdgrs
@eerswqe
@messagelab
@microsoft
anyone@
certific
contract@
f-secur
free-av
gold-certs@
google
icrosoft
listserv
nobody@
noone@
noreply
postmaster@
rating@
samples
support
update
winrar
winzip

http://www.sophos.com/virusinfo/analyses/w32baglebs.html

Collapse -
Troj/BagleDl-AC
by roddy32 / November 23, 2005 9:34 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!