HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - October 13, 2004

by Marianna Schmudlach / October 13, 2004 1:29 AM PDT

W32/Apribot-C

Aliases Backdoor.IRCBot.gen


W32/Apribot-C is an IRC backdoor with spreading capability.
Each time the worm is run it tries to connect to a remote IRC server and join a specific channel. The backdoor component then runs in the background as a server process, listening for commands to execute. The infected computer can be used to perform several functions:

http://www.sophos.com/virusinfo/analyses/w32apribotc.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - October 13, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - October 13, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Sdbot-MM
by Marianna Schmudlach / October 13, 2004 1:34 AM PDT
Collapse -
W32/Rbot-FZ
by Marianna Schmudlach / October 13, 2004 1:36 AM PDT

Aliases Rbot.Gen
Rbot-Fam

Type Worm

W32/Rbot-FZ attempts to spread via the LSASS (MS04-011), RPC-DCOM (MS03-059), RPC-DCOM2 (MS04-012), WebDav (MS03-007), Universal Plug-and-Play (MS01-059) or DameWare (CAN-2003-1030) vulnerabilities, backdoors installed by other malware and network services using weak passwords.
A computer infected with W32/Rbot-FZ can be controlled remotely through IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotfz.html

Collapse -
Troj/Agent-ZB
by Marianna Schmudlach / October 13, 2004 1:37 AM PDT
Collapse -
Troj/Dloader-BD
by Marianna Schmudlach / October 13, 2004 1:39 AM PDT
Collapse -
Troj/Lydra-F
by Marianna Schmudlach / October 13, 2004 1:41 AM PDT
Collapse -
W32/Sdbot-ML
by Marianna Schmudlach / October 13, 2004 1:42 AM PDT

Type Worm

W32/Sdbot-ML is a member of the W32/Sdbot family of worms.
In order to run automatically when Windows starts up the worm copies itself to the file explorer32.exe in the Windows system folder and adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Configuration
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Configuration
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Configuration
W32/Sdbot-ML connects to a remote IRC server and allows a malicious user remote access to an infected computer.

http://www.sophos.com/virusinfo/analyses/w32sdbotml.html

Collapse -
W32/Forbot-J
by Marianna Schmudlach / October 13, 2004 1:44 AM PDT
Collapse -
Troj/Midaddle-A
by Marianna Schmudlach / October 13, 2004 1:46 AM PDT

Type Trojan

Troj/Midaddle-A is a downloader Trojan which downloads and installs/runs adware software.
Troj/Midaddle-A is typically installed to the Windows TEMP folder as Updater.exe.
Updater.exe copies itself using a random filename and adds its pathname to a new sub-key of the following registry entry to run itself on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
(the new sub-key will have the same name as the executable).
Troj/Midaddle-A also creates the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Main\Updater

http://www.sophos.com/virusinfo/analyses/trojmidaddlea.html

Collapse -
W32/Sdbot-QF
by Marianna Schmudlach / October 13, 2004 1:47 AM PDT

Aliases Backdoor.Win32.Wootbot.gen
WORM_WOOTBOT.BB
W32/Sdbot.worm.gen.h

Type Worm

W32/Sdbot-QF is a worm with backdoor functionality for the Windows platform that targets local network shares and allows a malicious user remote access to an infected computer.

http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html

Collapse -
Troj/Delfiles-N
by Marianna Schmudlach / October 13, 2004 1:49 AM PDT
Collapse -
Tgasclit-841
by Marianna Schmudlach / October 13, 2004 1:51 AM PDT
Collapse -
W32/Sharp-C
by Marianna Schmudlach / October 13, 2004 1:53 AM PDT

Aliases I-Worm.Redrac.b
W32/Redrac@MM

Type Worm

W32/Sharp-C is a mass mailing worm for the Windows platform.
W32/Sharp-C will arrive as an email with the subject "RE:" and a filename of CARD-NUMBER.PIF.
W32/Sharp-C will scan an infected computer for email addresses and send itself to them. The worm will also send itself to addresses found in the Microsoft Outlook address book.

http://www.sophos.com/virusinfo/analyses/w32sharpc.html

Collapse -
W32/Rbot-MQ
by Marianna Schmudlach / October 13, 2004 1:55 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-MQ is a worm with backdoor Trojan functionality.
W32/Rbot-MQ connects to an IRC server and waits for backdoor commands.
W32/Rbot-MQ may spread to computers on the local network protected by weak passwords and by exploiting a number of software vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32rbotmq.html

Collapse -
W32/Rbot-MO
by Marianna Schmudlach / October 13, 2004 1:57 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-MO is a network worm with IRC backdoor functionality.
W32/Rbot-MO spreads by exploiting the UPNP (MS01-059), WebDav (MS03-007), RPC/DCOM (MS03-026, MS04-012), LSASS (MS04-011), IIS5SSL (CAN 2003-0719) and DameWare (CAN-2003-1030) vulnerabilities.
An infected machine can be controlled by a remote attacker using IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotmo.html

Collapse -
Troj/Delf-GZ
by Marianna Schmudlach / October 13, 2004 1:58 AM PDT
Collapse -
W32/Rbot-MR
by Marianna Schmudlach / October 13, 2004 2:00 AM PDT
Collapse -
W32/Rbot-MS
by Marianna Schmudlach / October 13, 2004 2:02 AM PDT
Collapse -
W32/Bagz-B
by Marianna Schmudlach / October 13, 2004 2:04 AM PDT

Aliases I-Worm.Bagz.b
W32/Bagz.b@MM

Type Worm

W32/Bagz-B is mass mailing network worm. It also contains a backdoor which allows an intruder to instruct it to download and install further components.
W32/Bagz-B may also try to disable the Windows default firewall on startup.
W32/Bagz-B will attempt to harvest email addresses from the "Document and setting" folder on the local machine with names such as *.txt, *.htm, *.htm, *,dbx, *.tbi, *.tbb.

http://www.sophos.com/virusinfo/analyses/w32bagzb.html

Collapse -
Troj/Adclick-X
by Marianna Schmudlach / October 13, 2004 2:06 AM PDT

Type Trojan

Troj/Adclick-X is adware/spyware software which overwrites the HOSTS file in order to deny access to selected sites.
Troj/Adclick-X is typically installed/bundled alongside the installation for other third party software (typically shareware or freeware downloaded from the internet).

http://www.sophos.com/virusinfo/analyses/trojadclickx.html

Collapse -
Troj/LdPinch-W
by Marianna Schmudlach / October 13, 2004 2:07 AM PDT
Collapse -
Troj/Servu-AM
by Marianna Schmudlach / October 13, 2004 2:09 AM PDT
Collapse -
Troj/Agent-V
by Marianna Schmudlach / October 13, 2004 2:11 AM PDT
Collapse -
Troj/Bancban-T
by Marianna Schmudlach / October 13, 2004 2:12 AM PDT

Type Trojan

Troj/Bancban-T is a password stealing Trojan aimed primarily at customers of Brazilian banks.
The Trojan also has the ability to steal account information from the computer's hard-drive including Outlook Express account details and passwords entered into Internet Explorer.

http://www.sophos.com/virusinfo/analyses/trojbancbant.html

Collapse -
W32/Helex-A
by Marianna Schmudlach / October 13, 2004 2:14 AM PDT
Collapse -
Troj/DelShare-I
by Marianna Schmudlach / October 13, 2004 2:16 AM PDT

Type Trojan

Troj/DelShare-I is a batch file which makes changes to the system registry.
In particular, the Trojan ensures that network shares are deleted each time the machine boots up. The Trojan also makes changes to default system security settings.
It is likely that Troj/DelShare-I is dropped by other malware and used in conjunction with a backdoor Trojan.

http://www.sophos.com/virusinfo/analyses/trojdelsharei.html

Collapse -
Troj/Tofger-AE
by Marianna Schmudlach / October 13, 2004 2:17 AM PDT
Collapse -
VBS/Inor-Z
by Marianna Schmudlach / October 13, 2004 2:19 AM PDT
Collapse -
W32/Sdbot-QG
by Marianna Schmudlach / October 13, 2004 2:21 AM PDT

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.h

Type Worm

W32/Sdbot-QG is a worm that attempts to spread via remote network shares. The worm tries to access various network computers with shared folders using weak passwords.
W32/Sdbot-QG contains backdoor Trojan functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
Sophos Anti-Virus version 3.85 detects this worm as W32/Sdbot-Fam without requiring an update.

http://www.sophos.com/virusinfo/analyses/w32sdbotqg.html

Collapse -
Troj/LdPinch-AB
by Marianna Schmudlach / October 13, 2004 2:22 AM PDT

Aliases Trojan.PSW.LdPinch.gen

Type Trojan

Troj/LdPinch-AB is a backdoor and password stealing Trojan.
Troj/LdPinch-AB harvests passwords, computer information and account information and periodically submits the logs to the author by sending them to a preconfigured webserver.

http://www.sophos.com/virusinfo/analyses/trojldpinchab.html

Collapse -
Troj/DropRun-C
by Marianna Schmudlach / October 13, 2004 2:24 AM PDT

Aliases TrojanDropper.Win32.Pakes

Type Trojan

Troj/DropRun-C is a Trojan that creates and executes components.
When run the Trojan will create order.txt and schmoch.exe in one of the four folders %TEMP%, %SYSTEM%, %WINDOWS% or the current folder and then run them. schmoch.exe is detected by Sophos as Troj/LdPinch-AB and order.txt is a non-malicious text file.


http://www.sophos.com/virusinfo/analyses/trojdroprunc.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.