Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - September 21, 2004

by Marianna Schmudlach / September 21, 2004 12:44 AM PDT

W32/Sdbot-PK

Type Worm

W32/Sdbot-PK is a member of the W32/Sdbot family of internet worms that spread by scanning for and exploiting known vulnerabilities and weakly protected accounts.
The worm connects to a remote IRC server and enables a malicious user to remotely control an infected machine.
W32/Sdbot-PK drops Troj/NtRootK-F as the file msdirectx.sys which it employs to hide its process.

http://www.sophos.com/virusinfo/analyses/w32sdbotpk.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - September 21, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - September 21, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/NtRootK-F
by Marianna Schmudlach / September 21, 2004 12:46 AM PDT
Collapse -
W32/Forbot-AF
by Marianna Schmudlach / September 21, 2004 12:48 AM PDT

Aliases Backdoor.Win32.Wootbot.gen

Type Worm

W32/Forbot-AF is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32forbotaf.html

Collapse -
W32/PassMail-C
by Marianna Schmudlach / September 21, 2004 12:50 AM PDT

Aliases Worm.Win32.Passma
PE_PASSMA.B
W32/Passma.worm.c
Win32/PassMa.D

Type Virus

W32/PassMail-C is a password stealing Win32 executable virus.
W32/PassMail-C infects files with an EXE extension.
W32/PassMail-C attempts to steal information and to send it to a remote user by email.

http://www.sophos.com/virusinfo/analyses/w32passmailc.html

Collapse -
Troj/Agent-AH
by Marianna Schmudlach / September 21, 2004 12:52 AM PDT
Collapse -
Troj/Autex-A
by Marianna Schmudlach / September 21, 2004 12:54 AM PDT
Collapse -
W32/Rbot-KE
by Marianna Schmudlach / September 21, 2004 12:55 AM PDT

Aliases Backdoor.Rbot.gen

Type Worm

W32/Rbot-KE is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process. W32/Rbot-KE will also attempt to terminate any security related processes on executation.
W32/Rbot-KE spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Rbot-KE's backdoor functionalty may allows remote intruder to:
- Access webcam
- Capture screeenshot
- Steal CD keys related to various softwares
- Capture Windows login information on Windows NT/2000
- Access files on Host computer
- Send Email messages to other host
- Download/Upload/Execute files on host
- Run Keylogger
- Sniff network traffic and carry out DDOS on target

http://www.sophos.com/virusinfo/analyses/w32rbotke.html

Collapse -
W32/Rbot-KG
by Marianna Schmudlach / September 21, 2004 12:57 AM PDT

Aliases W32/Sdbot.worm.gen.p
WORM_SDBOT.VP
Backdoor.Rbot.gen

Type Worm

W32/Rbot-KG is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-KG spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Rbot-KG's backdoor functionalty may allows remote intruder to:
- Access webcam
- Capture screeenshot
- Steal CD keys related to various softwares
- Capture Windows login information on Windows NT/2000
- Access files on Host computer
- Send Email messages to other host
- Download/Upload/Execute files on host
- Run Keylogger
- Sniff network traffic and carry out DDOS on target

http://www.sophos.com/virusinfo/analyses/w32rbotkg.html

Collapse -
W32/Agobot-MW
by Marianna Schmudlach / September 21, 2004 12:59 AM PDT

Aliases W32/Gaobot.worm.gen.h
WORM_RBOT.JK

Type Worm

W32/Agobot-MW is a backdoor Trojan and worm which spreads to computers protected by weak passwords.
W32/Agobot-MW attempts to connect to a remote IRC server and join a specific channel. W32/Agobot-MW then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
Sophos anti-virus products since version 3.85 have been capable of detecting this worm as W32/Agobot-Fam without requiring an update.

http://www.sophos.com/virusinfo/analyses/w32agobotmw.html

Collapse -
Dial/Laet-A
by Marianna Schmudlach / September 21, 2004 1:00 AM PDT
Collapse -
W32/Forbot-Gen
by Marianna Schmudlach / September 21, 2004 1:03 AM PDT

Type Worm

W32/Forbot-Gen detects members of the Forbot family of worms.
W32/Forbot-Gen worms typically attempt to spread to remote shares and open a backdoor on an infected computer.
W32/Forbot-Gen worms typically copy themselves to the Windows system folder and create registry entries under the following locations in order to run on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

http://www.sophos.com/virusinfo/analyses/w32forbotgen.html

Collapse -
W32/MyDoom-Gen
by Marianna Schmudlach / September 21, 2004 1:04 AM PDT
Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.