Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - October 30, 2005

by roddy32 Oct 30, 2005 1:30AM PDT

W32/Rbot-AUL

Type Worm

Aliases

* Backdoor.Win32.Rbot.gen
* W32.Spybot.Worm
* W32/Sdbot.worm.gen.bh

W32/Rbot-AUL is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUL spreads:

- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

W32/Rbot-AUL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaul.html

Discussion is locked

18 Posts
- Collapse + Expand Details
- Collapse -
Troj/Padodor-AB
by roddy32 Oct 30, 2005 1:34AM PDT

Type Spyware Trojan

Aliases

* Trojan-Spy.Win32.Qukart.ad

Troj/Padodor-AB is a Trojan for the Windows platform.

Troj/Padodor-AB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

http://www.sophos.com/virusinfo/analyses/trojpadodorab.html

- Collapse -
W32/Tilebot-AL
by roddy32 Oct 30, 2005 1:36AM PDT

Type Worm

W32/Tilebot-AL is a Trojan for the Windows platform.

W32/Tilebot-AL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Tilebot-AL spreads to remote network shares protected by weak passwords and to computers vulnerable to common exploits, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007).

W32/Tilebot-AL includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebotal.html

- Collapse -
W32/Rbot-AUM
by roddy32 Oct 30, 2005 1:38AM PDT

Type Worm

Aliases

* Backdoor.Win32.Rbot.gen
* W32/Sdbot.worm.gen.br

W32/Rbot-AUM is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUM spreads to other network computers infected with: W32/MyDoom and W32/Bagle and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), Veritas (CAN-2004-1172), PNP (MS05-039) and ASN.1 (MS04-007).

W32/Rbot-AUM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaum.html

- Collapse -
W32/Rbot-AUK
by roddy32 Oct 30, 2005 1:42AM PDT

Type Worm

Aliases

* Backdoor.Win32.Rbot.afy

W32/Rbot-AUK is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-AUK spreads to remote network shares protected by weak passwords and to computers vulnerable to common exploits, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotauk.html

- Collapse -
W32/Rbot-AUJ
by roddy32 Oct 30, 2005 1:45AM PDT

Type Worm

Aliases

* Backdoor.Win32.Rbot.age

32/Rbot-AUJ is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-AUJ spreads to remote network shares protected by weak passwords, and to computers vulnerable to common exploits, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotauj.html

- Collapse -
W32/Rbot-AUI
by roddy32 Oct 30, 2005 1:46AM PDT

Type Spyware Worm

W32/Rbot-AUI is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUI spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and WKS (MS03-049) (CAN-2003-0812) and by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32rbotaui.html

- Collapse -
Troj/Adclick-BD
by roddy32 Oct 30, 2005 1:48AM PDT
- Collapse -
Troj/Gravebot-A
by roddy32 Oct 30, 2005 1:51AM PDT
- Collapse -
W32/Rbot-AUH
by roddy32 Oct 30, 2005 1:53AM PDT

Type Worm

Aliases

* Backdoor.Win32.Rbot.gen
* W32/Opanki.worm.gen

W32/Rbot-AUH is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-AUH spreads to other network computers by exploiting common buffer overflow vulnerabilities, including PNP (MS05-039). It may also spread by searching for weak passwords and via chat programs.

W32/Rbot-AUH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotauh.html

- Collapse -
Troj/Dagonit-A
by Marianna Schmudlach Oct 30, 2005 2:04PM PST

Type Trojan

Aliases Trojan.Win32.Agent.jh

Troj/Dagonit-A is a multicomponent backdoor Trojan for the Windows platform that allows unauthorized remote access through the randomly open TCP port.
The Trojan creates a user account with the name Service thas is used by the intruder to take over a control of the infected computer.

http://www.sophos.com/virusinfo/analyses/trojdagonita.html

- Collapse -
Troj/IRCBot-AL
by Marianna Schmudlach Oct 30, 2005 2:05PM PST

Type Trojan

Aliases Backdoor.Win32.IRCBot.ih

Troj/IRCBot-AL is a Trojan for the Windows platform.
Troj/IRCBot-AL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/trojircbotal.html

- Collapse -
Troj/Vipgsm-N
by Marianna Schmudlach Oct 30, 2005 2:06PM PST

Type Spyware Trojan

Aliases Trojan-PSW.Win32.Vipgsm.as

Troj/Vipgsm-N is a password-stealing Trojan for the Windows platform.
Troj/Vipgsm-N includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojvipgsmn.html

- Collapse -
Troj/Feutel-AE
by Marianna Schmudlach Oct 30, 2005 2:07PM PST
- Collapse -
Troj/KillFil-IN
by Marianna Schmudlach Oct 30, 2005 2:08PM PST
- Collapse -
Troj/Wpap-A
by Marianna Schmudlach Oct 30, 2005 2:08PM PST

Type Trojan

Aliases Trojan.Win32.Agent.jh


Troj/Wpap-A is a spyware related Trojan for the Windows platform.
Troj/Wpap-A may arrive as a component of another complex backdoor Trojan or spyware application with the filename wpap.exe.

http://www.sophos.com/virusinfo/analyses/trojwpapa.html

- Collapse -
W32/Agobot-TZ
by Marianna Schmudlach Oct 30, 2005 2:09PM PST

Type Worm

W32/Agobot-TZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Agobot-TZ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Agobot-TZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobottz.html

- Collapse -
W32/Sdbot-AEP
by Marianna Schmudlach Oct 30, 2005 2:10PM PST

Type Worm

Aliases Backdoor.Win32.Aimbot.am
BKDR_IRCBOT.AV

W32/Sdbot-AEP is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AEP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotaep.html

- Collapse -
W32/Rbot-AUG
by Marianna Schmudlach Oct 30, 2005 2:11PM PST

Type Worm

W32/Rbot-AUG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AUG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649) and PNP (MS05-039) and by copying itself to network shares protected by weak passwords.
W32/Rbot-AUG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaug.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info