Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - September 23, 2004

by Marianna Schmudlach / September 23, 2004 12:23 AM PDT

W32/Zusha-A

Aliases Worm.Win32.Zusha.a
WORM_ZUSHA.B

Type Worm

W32/Zusha-A is a worm for the Windows platform.
W32/Zusha-A spreads by exploiting the LSASS (MS04-011) vulnerability, causing vulnerable computers to download a copy of the worm from an FTP site.

http://www.sophos.com/virusinfo/analyses/w32zushaa.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - September 23, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - September 23, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Small-VQ
by Marianna Schmudlach / September 23, 2004 12:26 AM PDT
Collapse -
W32/Rbot-KM
by Marianna Schmudlach / September 23, 2004 12:28 AM PDT

Type Worm

W32/Rbot-KM is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process. W32/Rbot-KM may also attempt to shut down security related processes.
W32/Rbot-KM spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate command from a remote user. It may also attempt to spread via well-known exploits such as LSASS and RPC-DCOM.

http://www.sophos.com/virusinfo/analyses/w32rbotkm.html

Collapse -
Troj/Adex-A
by Marianna Schmudlach / September 23, 2004 12:30 AM PDT
Collapse -
Troj/Adex-B
by Marianna Schmudlach / September 23, 2004 12:32 AM PDT
Collapse -
Troj/CoreFloo-F
by Marianna Schmudlach / September 23, 2004 12:33 AM PDT

Type Trojan

Troj/CoreFloo-F is a backdoor Trojan which allows a remote intruder unauthorised access.
Troj/CoreFloo-F contains various backdoor functions. These functions allow a remote attacker responding to the HTTP POST request to carry out various malicious actions such as changing system administrator privileges, executing and downloading files from the Internet, performing DoS attacks.

http://www.sophos.com/virusinfo/analyses/trojcorefloof.html

Collapse -
Troj/Adex-C
by Marianna Schmudlach / September 23, 2004 12:35 AM PDT

Aliases Downloader-KT

Type Trojan

Troj/Adex-C is a Trojan Downloader for the Windows platform. It attempts to download files from the internet. The files may be executed and system settings may be changed to load them automatically at startup.

http://www.sophos.com/virusinfo/analyses/trojadexc.html

Collapse -
Troj/StartP-KJ
by Marianna Schmudlach / September 23, 2004 12:38 AM PDT

Aliases Trojan.Win32.Bizten
StartPage-AI

Type Trojan

Troj/StartP-KJ is a Trojan for the Windows Platform.
Troj/StartP-KJ alters registry entries to change the home page, search URL and search bar settings of Internet Explorer.
Troj/StartP-KJ modifies the Windows HOSTS file and creates Internet Explorer Favourites.

http://www.sophos.com/virusinfo/analyses/trojstartpkj.html

Collapse -
W32/Rbot-KN
by Marianna Schmudlach / September 23, 2004 12:39 AM PDT

Aliases W32/Sdbot.worm.gen.h

Type Worm

W32/Rbot-KN is an IRC backdoor worm.
W32/Rbot-KN may spread to remote network shares. The worm also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotkn.html

Collapse -
W32/Rbot-KP
by Marianna Schmudlach / September 23, 2004 12:41 AM PDT

Type Worm

W32/Rbot-KP is an IRC backdoor worm.
W32/Rbot-KP may spread to remote network shares. The worm also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotkp.html

Collapse -
W32/Agobot-MX
by Marianna Schmudlach / September 23, 2004 12:43 AM PDT

Aliases Backdoor.Agobot.bh

Type Worm

W32/Agobot-MX is a network worm with backdoor functionality. When run the worm will attempt to copy itself to the Windows system folder as services21.exe and register itself as a service process.
Sophos Anti-Virus version 3.83 detects this worm as W32/Agobot-Fam without requiring an update.

http://www.sophos.com/virusinfo/analyses/w32agobotmx.html

Collapse -
Dial/Switch-B
by Marianna Schmudlach / September 23, 2004 12:45 AM PDT
Collapse -
W32/Rbot-KQ
by Marianna Schmudlach / September 23, 2004 12:47 AM PDT

Aliases Backdoor.Rbot.gen
W32/Sdbot.worm.gen.i

Type Worm

W32/Rbot-KQ is a worm and backdoor for the Windows platform.
The worm spreads by exploiting shared folder and SQL servers with weak passwords, operating system vulnerabilities and backdoors opened by other worms. The operating system vulnerabilities exploited by W32/Rbot-KQ are addressed in Microsoft security bulletins MS04-012 and MS03-007.
The backdoor component of W32/Rbot-KQ connects to a predefined IRC server and waits for commands from a remote attacker.

http://www.sophos.com/virusinfo/analyses/w32rbotkq.html

Collapse -
Troj/SecondT-AC
by Marianna Schmudlach / September 23, 2004 12:48 AM PDT
Collapse -
Troj/Dluca-L
by Marianna Schmudlach / September 23, 2004 12:50 AM PDT
Collapse -
Troj/Bancban-P
by Marianna Schmudlach / September 23, 2004 12:52 AM PDT

Aliases TrojanSpy.Win32.Delf.ar
PWS-Bancban.gen.b

Type Trojan

Troj/Bancban-P is a password stealing Trojan for the Windows platform.
The Trojan scans through all files on the hard drive and for Internet Explorer windows with specific strings in the page title searching for passwords.

http://www.sophos.com/virusinfo/analyses/trojbancbanp.html

Collapse -
Troj/Bancban-Q
by Marianna Schmudlach / September 23, 2004 12:55 AM PDT
Collapse -
W32/Sdbot-PP
by Marianna Schmudlach / September 23, 2004 12:56 AM PDT

Aliases Backdoor.SdBot.gen
W32/Sdbot.worm.gen.t

Type Worm

W32/Sdbot-PP is a worm with IRC backdoor functionality. The worm runs in the background as a service process and allows unauthorised remote access via IRC channels.
W32/Sdbot-PP will attempt to copy itself to network shares with weak passwords, steal CD keys and partake in DoS attacks when instructed to do so by a remote attacker. The worm will also attempt to exploit the RPC DCOM vulnerability.
Sophos anti-virus products since version 3.84 have been capable of detecting this worm as W32/Sdbot-Fam without requiring an update.

http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html

Collapse -
Troj/Psyme-AV
by Marianna Schmudlach / September 23, 2004 12:58 AM PDT

Aliases TrojanDownloader.JS.gen

Type Trojan

Troj/Psyme-AV is a variant of the downloading Trojan that exploits the XMLHTTP and the ADODB stream vulnerabilities, allowing an executable file to be downloaded from a remote location.

http://www.sophos.com/virusinfo/analyses/trojpsymeav.html

Collapse -
Troj/Dloader-CI
by Marianna Schmudlach / September 23, 2004 1:00 AM PDT

Aliases TrojanDownloader.Win32.Small.wf

Type Trojan

Troj/Dloader-CI is a Trojan downloader which attempts to download and then executes a file from a remote website. The downloaded file is written into the web cache from where it is launched and the downloader component is subsequently deleted.

http://www.sophos.com/virusinfo/analyses/trojdloaderci.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.