Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - November 5, 2005

by roddy32 / November 5, 2005 12:48 AM PST

Troj/Dloader-YF

Type Trojan

Aliases

* Trojan-Downloader.Win32.Agent.yn
* Downloader-AAP

Troj/Dloader-YF is a Trojan for the Windows platform.

Troj/Dloader-YF includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Dloader-YF copies itself to &ltSystem> \ipwf.exe and creates the file &ltSystem> \drivers\winut.dat.

http://www.sophos.com/virusinfo/analyses/trojdloaderyf.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - November 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - November 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/QLowZon-E
by roddy32 / November 5, 2005 12:51 AM PST
Collapse -
W32/Tilebot-AV
by roddy32 / November 5, 2005 12:52 AM PST

Type Spyware Worm

W32/Tilebot-AV is a worm and IRC backdoor Trojan for the Windows platform.

W32/Tilebot-AV spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-AV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Tilebot-AV includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebotav.html

Collapse -
W32/Tilebot-AU
by roddy32 / November 5, 2005 12:54 AM PST

Type Spyware Worm

W32/Tilebot-AU is a worm and IRC backdoor Trojan for the Windows platform.

W32/Tilebot-AU spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Tilebot-AU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32tilebotau.html

Collapse -
Troj/RKPort-A
by roddy32 / November 5, 2005 12:56 AM PST
Collapse -
Troj/Aolps-SU
by roddy32 / November 5, 2005 1:12 AM PST
Collapse -
Troj/Agent-EW
by roddy32 / November 5, 2005 1:15 AM PST

Type Spyware Trojan

Aliases

* Trojan-PSW.Win32.Agent.cu
* TSPY_POVIEWER.A
* Trojan.Finfanse
* PWS-Legmir.dll

Troj/Agent-EW is a Trojan for the Windows platform.

When first run Troj/Agent-EW copies itself to &ltSystem> \explorer.exe and creates the non-viral text file &ltSystem> \systemlr.dll.

http://www.sophos.com/virusinfo/analyses/trojagentew.html

Collapse -
Troj/Stark-A
by roddy32 / November 5, 2005 1:17 AM PST
Collapse -
Troj/Malkit-A
by roddy32 / November 5, 2005 1:20 AM PST
Collapse -
Troj/YaSpy-A
by roddy32 / November 5, 2005 1:22 AM PST
Collapse -
Troj/Safhvm-B
by roddy32 / November 5, 2005 1:24 AM PST
Collapse -
Troj/GrayBir-AB
by Marianna Schmudlach / November 5, 2005 7:22 AM PST
Collapse -
Troj/Bander-G
by Marianna Schmudlach / November 5, 2005 7:22 AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.aie

Troj/Bander-G is an Internet banking Trojan for the Windows platform.
Troj/Bander-G targets the users of the Banco Real website, displaying a fake interface, and recording any account details entered.
Troj/Bander-G sends any recorded details to a pre-specified email address.

http://www.sophos.com/virusinfo/analyses/trojbanderg.html

Collapse -
Troj/Bander-H
by Marianna Schmudlach / November 5, 2005 7:23 AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.xh

Troj/Bander-H is an Internet banking Trojan for the Windows platform.
Troj/Bander-H targets the users of the Banco Santander Internet banking website, displaying a fake interface and recording any account details entered.
Troj/Bander-H sends any recorded details to a pre-specified email address.

http://www.sophos.com/virusinfo/analyses/trojbanderh.html

Collapse -
Troj/Bander-J
by Marianna Schmudlach / November 5, 2005 7:38 AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.yz

Troj/Bander-J is an Internet banking Trojan for the Windows platform.
Troj/Bander-J targets the users of the Itau Bankline Internet banking website, displaying a fake interface and recording any account details entered.
Troj/Bander-J sends any recorded details to a pre-specified email address.

http://www.sophos.com/virusinfo/analyses/trojbanderj.html

Collapse -
Troj/Bander-K
by Marianna Schmudlach / November 5, 2005 7:39 AM PST

Type Spyware Trojan

Troj/Bander-K is an Internet banking Trojan for the Windows platform.
Troj/Bander-K targets the users of the Unibanco Internet banking website, displaying a fake interface and recording any account details entered.
Troj/Bander-K sends any recorded details to a pre-specified email address.

http://www.sophos.com/virusinfo/analyses/trojbanderk.html

Collapse -
Troj/Bandler-F
by Marianna Schmudlach / November 5, 2005 7:40 AM PST
Collapse -
W32/Rbot-AVY
by Marianna Schmudlach / November 5, 2005 7:41 AM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.adf

W32/Rbot-AVY is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-AVY spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

http://www.sophos.com/virusinfo/analyses/w32rbotavy.html

Collapse -
W32/Sdbot-AFE
by Marianna Schmudlach / November 5, 2005 7:42 AM PST

Type Worm

Aliases W32/Sdbot.worm.gen.q

W32/Sdbot-AFE is a network worm with backdoor functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and an operating system vulnerability.
W32/Sdbot-AFE connects to a predetermined IRC channel and awaits further commands from remote users. The backdoor component of W32/Sdbot-AFE can be instructed to perform the following functions:
scan networks for vulnerabilities
download/execute arbitrary files
start an ftp server

http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html

Collapse -
W32/Tilebot-AR
by Marianna Schmudlach / November 5, 2005 7:43 AM PST

Type Spyware Worm

Aliases Backdoor.Win32.Aimbot.aq
WORM_SDBOT.CMB
W32/Sdbot.worm.gen.bg

W32/Tilebot-AR is a worm and IRC backdoor for the Windows platform.
W32/Tilebot-AR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-AR includes functionality to:
steal confidential information
carry out DDoS flooder attacks
provide a proxy server
silently download, install and run new software
access the internet and communicate with a remote server via HTTP
disable other software, including anti-virus, firewall and security related applications
W32/Tilebot-AR spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), MSSQL (MS02-039) (CAN-2002-0649), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32tilebotar.html

Collapse -
W32/Agobot-UB
by Marianna Schmudlach / November 5, 2005 2:03 PM PST

Type Worm

Aliases Backdoor.Win32.Agobot.afz
W32/Gaobot.worm.gen.t

W32/Agobot-UB is a worm and IRC backdoor Trojan for the windows platform.
W32/Agobot-UB spreads to other computers via network shares and the following software vulnerabilities:
RPC-DCOM (MS04-012)
PNP (MS05-039)
When first run W32/Agobot-UB copies itself and creates several regsirty entries.

http://www.sophos.com/virusinfo/analyses/w32agobotub.html

Collapse -
Troj/Flexit-A
by Marianna Schmudlach / November 5, 2005 2:04 PM PST
Collapse -
Troj/Borobot-S
by Marianna Schmudlach / November 5, 2005 2:05 PM PST

Type Spyware Trojan

Aliases Backdoor.Win32.Robobot.as

Troj/Borobot-S is a backdoor Trojan.
Troj/Borobot-S connects to an IRC server and acts as a backdoor Trojan, allowing access to the infected computer by a remote user.
Troj/Borobot-S may download files from remote locations to the Windows system folder and execute them if instructed to do so by a remote user.
Troj/Borobot-S acts as a proxy server, routing information from a remote user to their chosen destination.

http://www.sophos.com/virusinfo/analyses/trojborobots.html

Collapse -
Troj/Bancos-HA
by Marianna Schmudlach / November 5, 2005 2:06 PM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Bancos.cr

Troj/Bancos-HA is a Trojan for the Windows platform.
The Trojan logs information entered into certain banking websites and records entered information. The collected data is sent to a remote user via FTP.

http://www.sophos.com/virusinfo/analyses/trojbancosha.html

Collapse -
Troj/Shellot-B
by Marianna Schmudlach / November 5, 2005 2:06 PM PST
Collapse -
W32/Sdbot-AFH
by Marianna Schmudlach / November 5, 2005 2:07 PM PST

Type Spyware Worm

Aliases Backdoor.Win32.Aimbot.ax

W32/Sdbot-AFH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AFH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The worm may send itself through the AOL Instant Messenger (AIM) client to online buddies.

http://www.sophos.com/virusinfo/analyses/w32sdbotafh.html

Collapse -
Troj/Dloader-XZ
by Marianna Schmudlach / November 5, 2005 2:08 PM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Small.bqx
QDial-34
TROJ_SMALL.ATP

Troj/Dloader-XZ is a Trojan for the Windows platform.
Troj/Dloader-XZ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloaderxz.html

Collapse -
Troj/Agent-EV
by Marianna Schmudlach / November 5, 2005 2:09 PM PST

Type Trojan

Aliases Backdoor.Win32.Agent.pq
BackDoor-CVI
BKDR_EMBED.D

Troj/Agent-EV is a backdoor Trojan for the Windows platform.
Troj/Agent-EV can be used to download files from the internet and redirect internet traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojagentev.html

Collapse -
Troj/Agent-HD
by Marianna Schmudlach / November 5, 2005 2:10 PM PST

Type Trojan

Aliases Trojan-Proxy.Win32.Agent.hd

Troj/Agent-HD is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Agent-HD includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Agent-HD listens for connections from remote attackers. The Trojan reports the backdoor port to several websites.

http://www.sophos.com/virusinfo/analyses/trojagenthd.html

Collapse -
Troj/OptixP-N
by Marianna Schmudlach / November 5, 2005 2:11 PM PST

Type Trojan

Aliases W32/OptixPro.N
W32/Backdoor.BGY
BackDoor-ACH.dr

Troj/OptixP-N is a backdoor Trojan for the Windows platform.
The Trojan runs continuously in the background allowing a remote attacker to access and control the infected computer.

http://www.sophos.com/virusinfo/analyses/trojoptixpn.html

Collapse -
Troj/Dloader-YG
by Marianna Schmudlach / November 5, 2005 2:12 PM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.