Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - September 14, 2004

by Marianna Schmudlach / September 14, 2004 12:43 AM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - September 14, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - September 14, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/LegMir-S
by Marianna Schmudlach / September 14, 2004 12:46 AM PDT
Collapse -
Troj/BluEye-B
by Marianna Schmudlach / September 14, 2004 12:48 AM PDT

Aliases Win32.BlueEye.c

Type Trojan

Troj/BluEye-B is a Backdoor generator toolkit. It is capable of recording keystrokes and opening a backdoor to allow access to the command shell on victim's computer. The keystrokes will be saved in a log file which an intruder can access via the backdoor.

http://www.sophos.com/virusinfo/analyses/trojblueyeb.html

Collapse -
Troj/Banker-T
by Marianna Schmudlach / September 14, 2004 12:49 AM PDT

Aliases TrojanSpy.Win32.Agent.n
PWS-Etry
TROJ_BANKER.N

Type Trojan

Troj/Banker-T is a password stealing Trojan.
The Trojan runs in the background scanning for passwords which it will periodically try to upload to an internet server by FTP.
Troj/Banker-T will try to terminate varous security-related applications.

http://www.sophos.com/virusinfo/analyses/trojbankert.html

Collapse -
Dial/Tibsys-B
by Marianna Schmudlach / September 14, 2004 12:51 AM PDT
Collapse -
Troj/LdPinch-T
by Marianna Schmudlach / September 14, 2004 12:53 AM PDT

Type Trojan

Troj/LdPinch-T is a password stealing Trojan.
When the Trojan is run it collects the available passwords and other user and computer data and uploads it to a website.
The encoded data may be used by the remote atacker to gain control over the infected computer and over some other resources used by the user (e.g. ICQ account).

http://www.sophos.com/virusinfo/analyses/trojldpincht.html

Collapse -
W32/Protoride-Q
by Marianna Schmudlach / September 14, 2004 12:55 AM PDT
Collapse -
Troj/Luhn-B
by Marianna Schmudlach / September 14, 2004 12:57 AM PDT
Collapse -
Troj/Keylog-Y
by Marianna Schmudlach / September 14, 2004 12:58 AM PDT
Collapse -
Troj/Psyme-AU
by Marianna Schmudlach / September 14, 2004 1:00 AM PDT

Type Trojan

Troj/Psyme-AU is a JavaScript downloader Trojan (usually HTML-based) which exploits the ADODB stream and CODEBASE vulnerabilties associated with Microsoft Internet Explorer to silently download a file from a remote website to C:\Recycled\Q330995.exe on the local computer and run it.
Troj/Psyme-AU can arrive on the computer by browsing websites whose HTML pages contain the script or by loading a HTML page that contains a link to an infected page.

http://www.sophos.com/virusinfo/analyses/trojpsymeau.html

Collapse -
W32/Bagle-AM
by Marianna Schmudlach / September 14, 2004 1:02 AM PDT
Collapse -
Troj/Spav-A
by Marianna Schmudlach / September 14, 2004 1:04 AM PDT
Collapse -
Troj/Dloader-CB
by Marianna Schmudlach / September 14, 2004 1:06 AM PDT

Aliases rojanDropper.Win32.Small.lg

Type Trojan

Troj/Dloader-CB is a Windows Trojan downloader which when run creates a file STEMP001.EXE into the Windows temp folder and runs it.
The created file will then attempt to download a legitimate application (at time of writing) into the Windows temp folder and execute it.

http://www.sophos.com/virusinfo/analyses/trojdloadercb.html

Collapse -
Troj/StartPa-MO
by Marianna Schmudlach / September 14, 2004 1:07 AM PDT
Collapse -
W32/Surila-B
by Marianna Schmudlach / September 14, 2004 1:09 AM PDT
Collapse -
W32/Rbot-JK
by Marianna Schmudlach / September 14, 2004 1:11 AM PDT
Collapse -
Troj/Dalixy-B
by Marianna Schmudlach / September 14, 2004 1:12 AM PDT

Aliases TrojanProxy.Win32.Dalixy.g
IRC-Dalixy

Type Trojan

Troj/Dalixy-B is a backdoor Trojan for the Windows platform.
The Trojan downloads and runs three password recovery applications.
Troj/Dalixy-B provides proxy functionality on a random port and registers the infection by sending an email and connecting to the IRC network.

http://www.sophos.com/virusinfo/analyses/trojdalixyb.html

Collapse -
Troj/StartPa-MN
by Marianna Schmudlach / September 14, 2004 1:14 AM PDT
Collapse -
Troj/Keylog-X
by Marianna Schmudlach / September 14, 2004 1:16 AM PDT
Collapse -
W32/Forbot-V
by Marianna Schmudlach / September 14, 2004 1:18 AM PDT

Aliases Backdoor.Win32.Wootbot.gen

Type Worm

W32/Forbot-V is a network worm with IRC backdoor functionality.
W32/Forbot-V attempts to spread by exploiting the LSASS (MS04-011) vulnerability.
A machine infected by W32/Forbot-V can be remotely controlled by an attacker using IRC channels.

http://www.sophos.com/virusinfo/analyses/w32forbotv.html

Collapse -
Troj/StartPa-CM
by Marianna Schmudlach / September 14, 2004 1:20 AM PDT
Collapse -
W32/Rbot-JH
by Marianna Schmudlach / September 14, 2004 1:22 AM PDT

Type Worm

W32/Rbot-JH is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32rbotjh.html

Collapse -
Troj/Keylog-AA
by Marianna Schmudlach / September 14, 2004 1:23 AM PDT
Collapse -
Troj/Delf-FE
by Marianna Schmudlach / September 14, 2004 1:25 AM PDT
Collapse -
W32/Sdbot-PE
by Marianna Schmudlach / September 14, 2004 1:27 AM PDT

Aliases Backdoor.IRCBot.gen
W32/Sdbot.worm.gen.j
WORM_SDBOT.PQ

Type Worm

W32/Sdbot-PE is a network worm and backdoor for the Windows platform.
The worm spreads by copying itself to shared folders that are protected by weak passwords.
The backdoor component contacts an IRC server and waits for commands from a remote attacker. The backdoor includes functionality to launch distributed denial of service attacks.
W32/Sdbot-PE copies itself to the Windows system folder as msmonk32.exe.
Sophos anti-virus products since version 3.85 have been capable of detecting this worm as W32/Sdbot-Fam without requiring an update.

http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html

Collapse -
W32/Rbot-JI
by Marianna Schmudlach / September 14, 2004 1:29 AM PDT

Aliases Backdoor.Win32.Rbot.gen

Type Worm

W32/Rbot-JI is a worm and backdoor for the Windows platform.
W32/Rbot-JI spreads to network shares and Microsoft SQL servers with weak passwords as well as by exploiting operating system vulnerabilities and backdoors opened by other worms. The operating system vulnerabilities exploited by this worm are addresses by Microsoft Security Bulletins MS04-012, MS04-011, MS03-007 and MS01-059.

http://www.sophos.com/virusinfo/analyses/w32rbotji.html

Collapse -
W32/Rbot-JJ
by Marianna Schmudlach / September 14, 2004 1:31 AM PDT
Collapse -
Troj/Dloader-CD
by Marianna Schmudlach / September 14, 2004 1:33 AM PDT
Collapse -
Troj/Remadm-B
by Marianna Schmudlach / September 14, 2004 1:35 AM PDT

Aliases TrojanDropper.Win32.Delf.dk

Type Trojan

Troj/Remadm-B is a remote access Trojan for the Windows platform.
The Trojan drops a legitimate remote server application. The server is configured to hide its presence on the machine, and enable a malicious remote user to connect.

http://www.sophos.com/virusinfo/analyses/trojremadmb.html

Collapse -
AVERT Low-Profiled Threat Notice: W32/Amus.a@MM
by Marianna Schmudlach / September 14, 2004 6:17 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?