Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - September 15, 2004

by Marianna Schmudlach / September 15, 2004 12:46 AM PDT

W32/Forbot-W

Type Worm

W32/Forbot-W is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32forbotw.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - September 15, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - September 15, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Icyfox-A
by Marianna Schmudlach / September 15, 2004 12:49 AM PDT
Collapse -
Troj/Small-VK
by Marianna Schmudlach / September 15, 2004 12:51 AM PDT
Collapse -
Troj/Prorat-I
by Marianna Schmudlach / September 15, 2004 12:53 AM PDT

Aliases Backdoor.Prorat.16

Type Trojan


Troj/Prorat-I is a backdoor which allows unauthorised access and control of the computer from a remote network location.
Troj/Prorat-I drops the following files:
C:\windows\services.exe
C:\windows\system\sservice.exe
C:\windows\system32\fservice.exe
%Windows System%\wininv.dll
%Windows System%\winkey.dll
The Trojan also creates several registry entries and edits startup ini files to ensure it is run at boot.
Troj/Prorat-I is hidden from the Task Manager and recreates any changes it has made if they are restored.

http://www.sophos.com/virusinfo/analyses/trojprorati.html

Collapse -
Troj/Dloader-CC
by Marianna Schmudlach / September 15, 2004 12:54 AM PDT
Collapse -
Troj/Vipgsm-H
by Marianna Schmudlach / September 15, 2004 12:56 AM PDT

Aliases Vipgsm.h

Type Trojan

Troj/Vipgsm-H is a Trojan for the Windows platform with keylogging and password collection abilities. The Trojan may send these results to a pre-configured email address.
Troj/Vipgsm-H may collect the key sequences typed in programs and web pages likely to belong to online financial institutions.
By distributing a third party tool the Trojan retrieves saved passwords from the Windows "Protected Storage" system which includes those saved in several Microsoft Programs:
Outlook
Outlook Express
MSN Explorer
"AutoComplete" forms in Internet Explorer
HTTP and FTP basic authentication


http://www.sophos.com/virusinfo/analyses/trojvipgsmh.html

Collapse -
Troj/Delf-FF
by Marianna Schmudlach / September 15, 2004 12:59 AM PDT
Collapse -
Troj/StartPa-CN
by Marianna Schmudlach / September 15, 2004 1:01 AM PDT
Collapse -
Troj/Perflog-F
by Marianna Schmudlach / September 15, 2004 1:03 AM PDT

Aliases TrojanSpy.Win32.Perfloger.

Type Trojan

Troj/Perflog-F is a RAR self-extracting archive which installs the "Perfect keylogger" commercial keylogger application (which we don't detect) and then opens an MP3 file named chapel-short-file.mps.

http://www.sophos.com/virusinfo/analyses/trojperflogf.html

Collapse -
Troj/Bizex-F
by Marianna Schmudlach / September 15, 2004 1:05 AM PDT

Aliases TrojanSpy.Win32.Agent.ae
W32/Bizex.worm!dldr

Type Trojan

Troj/Bizex-F is a password stealing Trojan.
Troj/Bizex-F runs in the background and logs keyboard presses, steals passwords and monitors web access. Periodically, the Trojan will send this data to a remote location.
Troj/Bizex-F will attempt to disable anti-virus and security related applications.

http://www.sophos.com/virusinfo/analyses/trojbizexf.html

Collapse -
W32/Myfip-A
by Marianna Schmudlach / September 15, 2004 1:07 AM PDT
Collapse -
W32/Rbot-JN
by Marianna Schmudlach / September 15, 2004 1:09 AM PDT

Type Worm

W32/Rbot-JN is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32rbotjn.html

Collapse -
W32/Forbot-X
by Marianna Schmudlach / September 15, 2004 1:10 AM PDT

Aliases Backdoor.Win32.Wootbot.gen
W32/Sdbot.worm.gen.p

Type Worm

W32/Forbot-X is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32forbotx.html

Collapse -
W32/Sdbot-PF
by Marianna Schmudlach / September 15, 2004 1:12 AM PDT
Collapse -
Troj/LeechPie-B
by Marianna Schmudlach / September 15, 2004 1:14 AM PDT

Type Trojan

Troj/LeechPie-B installs a number of software packages without the user's consent, including a hacked remote server application. Most of these tools are not inherently malicious, but it is likely they are supplied in order to provide access to files on the user's machine.

http://www.sophos.com/virusinfo/analyses/trojleechpieb.html

Collapse -
W32/Rbot-JL
by Marianna Schmudlach / September 15, 2004 1:15 AM PDT

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-JL is a worm and backdoor for the Windows platform.
W32/Rbot-JL spreads to network shares and Microsoft SQL servers with weak passwords as well as by exploiting operating system vulnerabilities and backdoors opened by other worms. The operating system vulnerabilities exploited by this worm are addresses by Microsoft Security Bulletins MS04-012, MS04-011, MS03-049, MS03-007 and MS01-059.

http://www.sophos.com/virusinfo/analyses/w32rbotjl.html

Collapse -
W32/Rbot-JM
by Marianna Schmudlach / September 15, 2004 1:17 AM PDT
Collapse -
W32/Forbot-C
by Marianna Schmudlach / September 15, 2004 1:19 AM PDT

Aliases Backdoor.Win32.Wootbot.c
W32/Sdbot.worm.gen.h

Type Worm

W32/Forbot-C is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32forbotc.html

Collapse -
W32/Agobot-MP
by Marianna Schmudlach / September 15, 2004 1:22 AM PDT

Aliases Backdoor.Agobot.gen

Type Worm

W32/Agobot-MP is a network worm and an IRC backdoor Trojan which establishes an IRC channel to a remote server in order to grant an intruder unauthorised access to the compromised computer.

http://www.sophos.com/virusinfo/analyses/w32agobotmp.html

Collapse -
W32/Rbot-IF
by Marianna Schmudlach / September 15, 2004 1:24 AM PDT

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-IF is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background.

http://www.sophos.com/virusinfo/analyses/w32rbotif.html

Collapse -
W32/Rbot-IG
by Marianna Schmudlach / September 15, 2004 1:26 AM PDT

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-IG is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32rbotig.html

Collapse -
W32/SdBot-OK
by Marianna Schmudlach / September 15, 2004 1:27 AM PDT

Aliases W32/Sdbot.worm.gen.i

Type Worm

W32/Sdbot-OK is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32sdbotok.html

Collapse -
Troj/Small-AT
by Marianna Schmudlach / September 15, 2004 1:29 AM PDT

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!