Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - October 25, 2004

by Marianna Schmudlach / October 25, 2004 12:29 AM PDT

W32/Rbot-NK

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-NK is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-NK may be triggered to spread to network shares and via various exploits including RPC-DCOM, LASSS and various backdoors opened by otherTrojans.

http://www.sophos.com/virusinfo/analyses/w32rbotnk.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - October 25, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - October 25, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-NL
by Marianna Schmudlach / October 25, 2004 12:32 AM PDT

Type Worm

W32/Rbot-NL is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-NL spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Rbot-NL copies itself to the Windows system folder as CRSSS32.EXE and creates entries in the registry so as to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32rbotnl.html

Collapse -
W32/Rbot-NM
by Marianna Schmudlach / October 25, 2004 12:33 AM PDT

Type Worm

W32/Rbot-NM is a network worm with IRC backdoor functionality.
W32/Rbot-NM spreads to other machines affected by the Universal PNP (MS01-059), WebDav (MS03-007), RPC DCOM (MS03-026, MS04-012), LSASS (MS04-011) or DameWare (CAN-2003-1030) vulnerabilities, infected by one of several backdoors or running network services protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32rbotnm.html

Collapse -
W32/Rbot-NO
by Marianna Schmudlach / October 25, 2004 12:35 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-NO is a worm which attempts to spread via remote network shares. The worm contains backdoor Trojan functionality allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32rbotno.html

Collapse -
Troj/PWSSagi-C
by Marianna Schmudlach / October 25, 2004 12:37 AM PDT

Aliases Trojan.PSW.Sagic.15.b

Type Trojan

Troj/PWSSagi-C is a password-stealing Trojan that targets users of the Yahoo!Messenger service.
Trojans of this type are created by the tool Troj/SagiKit-A.
Stolen data is sent to a specified Yahoo! username.
The Trojan may drop and run another file specified by the Trojan creator. The file may be dropped in the current, Temp, Windows or System folder.
The Trojan may disable certain system utilities.

http://www.sophos.com/virusinfo/analyses/trojpwssagic.html

Collapse -
Troj/SagiKit-A
by Marianna Schmudlach / October 25, 2004 12:39 AM PDT
Collapse -
Troj/Sdbot-QM
by Marianna Schmudlach / October 25, 2004 12:40 AM PDT

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.j

Type Trojan

Sophos anti-virus products since version 3.86 have been capable of detecting this Trojan as W32/Sdbot-Fam without requiring an update.
Troj/Sdbot-QM is a backdoor Trojan for the Windows platform.
Troj/Sdbot-QM connects to a predefined IRC server and waits for commands from a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojsdbotqm.html

Collapse -
Troj/Dloader-YM
by Marianna Schmudlach / October 25, 2004 12:42 AM PDT
Collapse -
Troj/Dloader-YN
by Marianna Schmudlach / October 25, 2004 12:44 AM PDT
Collapse -
W32/Forbot-BU
by Marianna Schmudlach / October 25, 2004 12:45 AM PDT

Aliases Backdoor.Win32.Wootbot

Type Worm

W32/Forbot-BU is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Forbot-BU spreads through network shares and by exploiting the LSASS (MS04-011) software vulnerability. The worm may also spread through backdoors left open by other malware.

http://www.sophos.com/virusinfo/analyses/w32forbotbu.html

Collapse -
Troj/StartPa-DI
by Marianna Schmudlach / October 25, 2004 12:47 AM PDT

Aliases Trojan.Win32.Bizten.gen

Type Trojan

Troj/StartPa-DI creates internet shortcuts in the Favorites folder and changes browser settings for Microsoft Internet Explorer by setting/changing registry entries under:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\SearchUrl
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant

http://www.sophos.com/virusinfo/analyses/trojstartpadi.html

Collapse -
Troj/Nethief-H
by Marianna Schmudlach / October 25, 2004 12:49 AM PDT

Type Trojan

Troj/Nethief-H is a backdoor Trojan that copies itself into the Windows system folder
as system.exe and system.dat
Troj/Nethief-H also creates an entry under the registry entry
SOFTWARE\Microsoft\Windows\CurrentVersion\Run

http://www.sophos.com/virusinfo/analyses/trojnethiefh.html

Collapse -
Troj/Banker-AG
by Marianna Schmudlach / October 25, 2004 12:51 AM PDT

Aliases TrojanSpy.Win32.Banker.eh

Type Trojan

Troj/Banker-AG is member of the Banker Trojan family for the Windows platform that attempts to steal confidential information when a user visits banking related websites.
Troj/Banker-AG provides detection for a number of the variants being distributed as a result of the Troj/Delf-HU downloader Trojan activity.

http://www.sophos.com/virusinfo/analyses/trojbankerag.html

Collapse -
Troj/Padodor-O
by Marianna Schmudlach / October 25, 2004 12:52 AM PDT
Collapse -
Troj/Agent-GB
by Marianna Schmudlach / October 25, 2004 12:54 AM PDT
Collapse -
Troj/Small-BD
by Marianna Schmudlach / October 25, 2004 12:56 AM PDT
Collapse -
Troj/Dloader-DI
by Marianna Schmudlach / October 25, 2004 12:57 AM PDT

Aliases TrojanDownloader.Win32.Small.jm; Spy-Tofger.gen.b;

Type Trojan

Troj/Dloader-DI is a Trojan downloader for the Windows platform.
When run, the Trojan will attempt to download a file from a specific location on the internet and run it.

http://www.sophos.com/virusinfo/analyses/trojdloaderdi.html

Collapse -
Troj/Splintex-A
by Marianna Schmudlach / October 25, 2004 1:01 AM PDT
Collapse -
Troj/Agent-AF
by Marianna Schmudlach / October 25, 2004 1:03 AM PDT
Collapse -
SH/Renepo-A
by Marianna Schmudlach / October 25, 2004 8:50 AM PDT

Aliases

* Opener

Type

* Worm

SH/Renepo-A is a shell script worm targeted at the Macintosh OS X platform. If run on your computer (either accidentally or by design), it copies itself to the local startup directory (/System/Library/StartupItems) and to any other mounted volumes, including other computers on your network. SH/Renepo-A also makes infected StartupItems folders world-writeable, thus opening a dangerous backdoor on any system it infects.

http://www.sophos.com/virusinfo/analyses/shrenepoa.html

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.