Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - November 26, 2004

by Marianna Schmudlach / November 26, 2004 1:42 AM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - November 26, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - November 26, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Purscan-O
by Marianna Schmudlach / November 26, 2004 1:44 AM PST
Collapse -
W32/Sdbot-CLJ
by Marianna Schmudlach / November 26, 2004 1:46 AM PST

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen

Type Worm

W32/Sdbot-CLJ is a network worm and IRC backdoor Trojan for the Windows platform.
The Trojan remains resident, listening for commands from remote users. If it receives the appropriate command the Trojan attempts to copy itself to remote network shares with weak passwords.
The worm copies itself to a file named gqgeqegl.exe in the Windows system folder.

http://www.sophos.com/virusinfo/analyses/w32sdbotclj.html

Collapse -
W32/Sdbot-RQ
by Marianna Schmudlach / November 26, 2004 1:48 AM PST
Collapse -
W32/Agobot-OE
by Marianna Schmudlach / November 26, 2004 1:49 AM PST

Type Worm

W32/Agobot-OE is capable of spreading to computers on the local network protected by weak passwords.
W32/Agobot-OE opens an IRC backdoor allowing remote access. It may also interfere with anti-virus and security software.

http://www.sophos.com/virusinfo/analyses/w32agobotoe.html

Collapse -
W32/Sdbot-ABB
by Marianna Schmudlach / November 26, 2004 1:51 AM PST

Aliases WORM_SDBOT-ABB

Type Worm

W32/Sdbot-ABB is a network worm and IRC backdoor Trojan for the Windows platform.
When first run W32/Sdbot-ABB copies itself to the Windows system folder as nmod.exe.
The worm spreads through network shares protected by weak passwords.
The backdoor component of W32/Sdbot-ABB joins an IRC channel and awaits commands from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html

Collapse -
W32/Sdbot-ACE
by Marianna Schmudlach / November 26, 2004 1:53 AM PST

Type Worm

W32/Sdbot-ACE is a network worm and IRC backdoor Trojan for the Windows platform.
When first run W32/Sdbot-ACE copies itself to the Windows system folder as sessionmgr.exe.
The worm spreads through network shares protected by weak passwords. The filename used when spreading through network shares is "session.exe".
The backdoor component of W32/Sdbot-ACE joins an IRC channel and awaits commands from a remote user.

http://www.sophos.com/virusinfo/analyses/w32sdbotace.html

Collapse -
W32/Rbot-QM
by Marianna Schmudlach / November 26, 2004 1:54 AM PST
Collapse -
W32/Protoride-Y
by Marianna Schmudlach / November 26, 2004 1:57 AM PST

Type Worm

W32/Protoride-Y is a Windows worm that spreads via network shares.
The worm can download and run files, get dialup account information and retrieve cached passwords.
The worm also has a backdoor component that allows unauthorised remote access to an infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32protoridey.html

Collapse -
VBS/Bigag-A
by Marianna Schmudlach / November 26, 2004 1:58 AM PST

Aliases I-Worm.Small.a

Type Worm

VBS/Bigag-A is a Visual Basic Script worm for the Windows platform.
VBS/Bigag-A will attempt to spread and release its payload on the first of every month.
VBS/Bigag-A will spread by sending itself to all email addresses in the user's Outlook address book. The subject and body of the email will contain non-Roman characters.
VBS/Bigag-A will swap the mouse buttons around, disable the Task Manager and Registry Editor, interfere with Explorer and attempt to delete the following files and folders:
All files and folders in C:\Program Files
The "Documents and Settings" folder on the C, D and E drives.
Several special Windows folders, including the "Application Data", "PrintHood",
"ShellNew", "FONTS", "NetHood" and "Send To" folders.

http://www.sophos.com/virusinfo/analyses/vbsbigaga.html

Collapse -
W32/Sality-H
by Marianna Schmudlach / November 26, 2004 2:00 AM PST
Collapse -
Troj/StartPa-DR
by Marianna Schmudlach / November 26, 2004 2:02 AM PST

Aliases Trojan.Win32.Delf.fc

Type Trojan

Troj/StartPa-DR is a start page Trojan for the Windows platform.
Troj/StartPa-DR arrives as a Compiled Help (CHM) file which will display Russian text.
Troj/StartPa-DR will then attempt to change the Internet Explorer start and search pages to a Russian URL. The Trojan will also attempt to change the Desktop wallpaper to an advertisement for a Russian URL and change the computer name to "HeatPC". The Trojan will create URL Links to "HeatPC.com" in the Desktop, Favourites and "My Documents" folders.
Troj/StartPa-DR also has the ability to fill up the hard-drive with harmless files with filenames of the format:
"HeatPC.com - <Non-Latin characters><Number>"

http://www.sophos.com/virusinfo/analyses/trojstartpadr.html

Collapse -
Troj/Small-BT
by Marianna Schmudlach / November 26, 2004 2:04 AM PST
Collapse -
Troj/Vipgsm-L
by Marianna Schmudlach / November 26, 2004 2:06 AM PST

Aliases Trojan.PSW.Vipgsm.l

Type Trojan

Troj/Vipgsm-I is a password-stealing Trojan that attempts to steal information from files on the infected computer and to log the user's keystrokes and window text when accessing some websites.

http://www.sophos.com/virusinfo/analyses/trojvipgsml.html

Collapse -
VBS/Triny-J
by Marianna Schmudlach / November 26, 2004 2:08 AM PST

Aliases I-Worm.Triny.j

Type Worm

VBS/Triny-J is a mass-mailing worm.
VBS/Triny-J arrives as an email with no visible message body and a subject line such as the following:
"Awak kenal saya tak???"
"How are you?"
"Virus baru menyerang.."
"RE:Hunt or be hunted..."
"www.geocities.com\~Friends"
VBS/Triny-J displays the following two messages:
This page contain a graphic which required the AxtiveX.Please accept
the ActiveX by click at yes
Your computer had been infected by HTML.Atira... Please refer to the
AntiVirus company for the remover...Send this sample to them or i'll
infect another hi hi hi ;p
Greets:Fait Accompli,Melhacker,Philet0ast3r,Anua,Nije,Dehe,ise,pa'an,
Pakcik and all who know me... be a better man.... Made in Malaysia 2004 for
newbies...HTML.ATiRa By -Lasiaf-

http://www.sophos.com/virusinfo/analyses/vbstrinyj.html

Collapse -
VBS/Triny-K
by Marianna Schmudlach / November 26, 2004 2:09 AM PST

Aliases I-Worm.Triny.k

Type Worm

VBS/Triny-K is a mass-mailing worm.
VBS/Triny-K arrives as an email with no visible message body and a subject line such as the following:
"Here is your Greeting card from me"
"<--Lasiaf-Fait Accompli-Myvwa-->"
"Greeting Card From Me.. ;p"
"Important! Please reply my Greeting card."
"Friendster.. i'm a new comer.."
VBS/Triny-K will display one of the following messages if ActiveX scripting has been disabled:
This page contained a graphic which require the ActiveX controls,
Please reload or refresh the page and accept the ActiveX
This e-mail contain a animation graphic which required the ActiveX enabled.
Please open this message again then please accept the ActiveX by click at yes
Microsoft OutLook

http://www.sophos.com/virusinfo/analyses/vbstrinyk.html

Collapse -
Troj/Multidr-AV
by Marianna Schmudlach / November 26, 2004 2:11 AM PST

Type Trojan

Troj/Multidr-AV is a Trojan that creates two files in the Windows system folder and then executes them.
The first file created has the name fqeqeft.exe and is detected as W32/Sdbot-CLJ. The second file created has the name cxzca.exe and is detected as Troj/Ranck-BB.


http://www.sophos.com/virusinfo/analyses/trojmultidrav.html

Collapse -
Troj/Dropper-J
by Marianna Schmudlach / November 26, 2004 2:13 AM PST
Collapse -
Troj/Ranck-BF
by Marianna Schmudlach / November 26, 2004 2:14 AM PST
Collapse -
Troj/AdClick-BR
by Marianna Schmudlach / November 26, 2004 2:16 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?