Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - October 26, 2005

by roddy32 Oct 25, 2005 9:32PM PDT

Discussion is locked

1 - 30 of 52 Posts
- Collapse + Expand Details
- Collapse -
Troj/Bancos-FH
by roddy32 Oct 25, 2005 9:35PM PDT
- Collapse -
Troj/Multidr-ER
by roddy32 Oct 25, 2005 9:37PM PDT
- Collapse -
Troj/Dloader-XA
by roddy32 Oct 25, 2005 9:39PM PDT

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.at

Troj/Dloader-XA is a Trojan for the Windows platform.
Troj/Dloader-XA will download, install and run new software without notification that it is doing so.
When first run Troj/Dloader-XA copies itself to <System> \smcfg32.exe.

http://www.sophos.com/virusinfo/analyses/trojdloaderxa.html

- Collapse -
Troj/HacDef-Y
by roddy32 Oct 25, 2005 9:42PM PDT
- Collapse -
Troj/Banker-GA
by roddy32 Oct 25, 2005 9:44PM PDT

Type Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.vr
PWS-Banker.gen.b
PWSteal.Bancos

Troj/Banker-GA is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
When run Troj/Banker-GA displays a fake banking interfaces with the aim of harvesting account details.

http://www.sophos.com/virusinfo/analyses/trojbankerga.html

- Collapse -
W32/Rbot-ATF
by roddy32 Oct 25, 2005 9:46PM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.gen

W32/Rbot-ATF is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATF spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
W32/Rbot-ATF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotatf.html

- Collapse -
W32/Spybot-DZ
by roddy32 Oct 25, 2005 9:48PM PDT

Type Worm

W32/Spybot-DZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-DZ includes functionality to:
- terminate system related processes
- silently download, install and run new software
Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Spybot-DZ (detected as W32/Spybot-Gen) since version 3.98.

http://www.sophos.com/virusinfo/analyses/w32spybotdz.html

- Collapse -
Troj/Small-BON
by roddy32 Oct 25, 2005 9:50PM PDT
- Collapse -
Troj/QQRob-R
by roddy32 Oct 25, 2005 9:52PM PDT

Type Trojan

Aliases
Trojan-Downloader.Win32.Delf.uq
TROJ_DLOADER.AHK

Troj/QQRob-R is a downloader Trojan for the Windows platform.
Troj/QQRob-R includes functionality to access the internet and communicate with a remote server via HTTP

http://www.sophos.com/virusinfo/analyses/trojqqrobr.html

- Collapse -
Troj/LegMir-BG
by roddy32 Oct 25, 2005 9:54PM PDT
- Collapse -
W32/Rbot-ATI
by roddy32 Oct 25, 2005 9:56PM PDT

Type Spyware Worm

Aliases
Backdoor.Win32.Rbot.adf
WORM_RBOT.CFP

W32/Rbot-ATI is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATI spreads to other network computers by exploiting common buffer overflow
vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049)
(CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Rbot-ATI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotati.html

- Collapse -
W32/Agobot-TW
by roddy32 Oct 25, 2005 11:35PM PDT

Type Worm

W32/Agobot-TW is a worm and backdoor Trojan for the Windows platform.
W32/Agobot-TW runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer.
W32/Agobot-TW spreads via common buffer overflow exploits, including LSASS (MS04-011), RPC-DCOM (MS04-012), and PNP (MS05-039), as well as to weakly protected network shares.

http://www.sophos.com/virusinfo/analyses/w32agobottw.html

- Collapse -
Troj/Banker-GB
by roddy32 Oct 25, 2005 11:43PM PDT
- Collapse -
Troj/Bancban-GO
by roddy32 Oct 25, 2005 11:45PM PDT

Type Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.bb
PWSteal.Banpaes

Troj/Bancban-GO is a Trojan for the Windows platform.
Troj/Bancban-GO targets the users of certain Brazilian banking websites, displaying fake interfaces with the aim of harvesting account details.
Troj/Bancban-GO includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbango.html

- Collapse -
Troj/Mosuck-B
by roddy32 Oct 25, 2005 11:46PM PDT

Type Spyware Trojan

Aliases Backdoor.Win32.MoSucker.bl

Troj/Mosuck-B is a backdoor Trojan for Windows that allows unauthorized remote access to an infected computer.
Troj/Mosuck-B can be configured to copy itself using any filename into various folders. There are also various registry entries that can be configured to run Troj/Mosuck-B on system startup.
Troj/Mosuck-B can be used by an intruder to access the file system and terminate processes.
Troj/Mosuck-B has keylogging, downloading and screen capture capabilites.

http://www.sophos.com/virusinfo/analyses/trojmosuckb.html

- Collapse -
Troj/Bdoor-JQ
by roddy32 Oct 25, 2005 11:48PM PDT
- Collapse -
Troj/AdClick-BB
by roddy32 Oct 25, 2005 11:51PM PDT

Type Trojan

Aliases
rojan-Clicker.Win32.Agent.ex
TROJ_PUPER.AL

Troj/AdClick-BB is a Trojan for the Windows platform.
Troj/AdClick-BB includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/AdClick-BB displays different security alerts and warnings in an attempt to trick the user into downloading files from predefined locations.

http://www.sophos.com/virusinfo/analyses/trojadclickbb.html

- Collapse -
Troj/Ranck-DB
by roddy32 Oct 26, 2005 4:07AM PDT
- Collapse -
Troj/Lecna-E
by roddy32 Oct 26, 2005 4:08AM PDT
- Collapse -
Troj/Dloader-WT
by roddy32 Oct 26, 2005 4:10AM PDT

Type Trojan

Aliases Backdoor.Win32.Small.hu

Troj/Dloader-WT is a Trojan for the Windows platform.
When first run Troj/Dloader-WT copies itself to <System> \grpmnt32.exe and creates the file <Temp> \0020010.bat.
Troj/Dloader-WT includes functionality to silently download, install and run new software.

http://www.sophos.com/virusinfo/analyses/trojdloaderwt.html

- Collapse -
Troj/Bdoor-JR
by roddy32 Oct 26, 2005 4:12AM PDT
- Collapse -
W32/Chode-J
by roddy32 Oct 26, 2005 4:15AM PDT

Type Worm

Aliases Backdoor.Win32.Virkel.a

W32/Chode-J is a worm with IRC backdoor Trojan functionality.
W32/Chode-J attempts to spread via MSN Instant Messenger and AOL Instant Messenger, by sending users a link to a copy of the worm.
W32/Chode-J includes functionality to:
- carry out DDoS flooder attacks
- provide a proxy server
- silently download, install and run new software
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related application
- update itself
W32/Chode-J attempts to disable a number of AV and security related processes.
W32/Chode-J modifies the HOSTS file, changing the URL-to-IP mappings for selected websites.

http://www.sophos.com/virusinfo/analyses/w32chodej.html

- Collapse -
Troj/Bancos-FG
by roddy32 Oct 26, 2005 4:19AM PDT
- Collapse -
Troj/BankDl-R
by roddy32 Oct 26, 2005 4:20AM PDT
- Collapse -
Troj/Protux-D
by roddy32 Oct 26, 2005 4:23AM PDT
- Collapse -
W32/Rbot-ATJ
by roddy32 Oct 26, 2005 4:25AM PDT

Type Worm

W32/Rbot-ATJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATJ spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: PNP (MS05-039)
- by sending itself via AIM Instant Messenger
W32/Rbot-ATJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotatj.html

- Collapse -
Troj/Bancban-GQ
by roddy32 Oct 26, 2005 4:27AM PDT

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.aho

Troj/Bancban-GQ is a password stealing Trojan for the Windows platform.
Troj/Bancban-GQ targets customers of certain Brazilian online banking websites by displaying fake interfaces, and recording any details that are entered.

http://www.sophos.com/virusinfo/analyses/trojbancbangq.html

- Collapse -
Troj/Dloader-XB
by roddy32 Oct 26, 2005 4:28AM PDT
- Collapse -
Dial/Carped-H
by roddy32 Oct 26, 2005 4:30AM PDT
- Collapse -
Troj/Bancban-GR
by roddy32 Oct 26, 2005 4:32AM PDT

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy
TSPY_BANCOS.BAZ

Troj/Bancban-GR is a banking Trojan for the Windows platform.
The Trojan steals login credentials from Internet sessions with certain banking sites. Stolen information is sent to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbangr.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info