Find tech advice for business here
Spyware, viruses, & security : VIRUS ALERTS - August 27, 2004
- 8/27/04 7:40 AM
W32/Gobot-T
by Marianna Schmudlach - 8/27/04 8:09 AM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases W32.Gobot.A
Type Worm
W32/Gobot-T is a peer-to-peer worm and IRC backdoor Trojan. W32/Gobot-T attempts to infect other computers through network shares.
http://www.sophos.com/virusinfo/analyses/w32gobott.html
W32/Tzet-B
by Marianna Schmudlach - 8/27/04 3:11 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Worm.Win32.Tzet
W32/Tzet.worm.e
Win32/Tzet.A.dropper
Type Worm
W32/Tzet-B is a network worm.
W32/Tzet-B searches the local network for computers with weak or no passwords on the administrator or admin accounts to which it can copy itself.
http://www.sophos.com/virusinfo/analyses/w32tzetb.html
W32/Sdbot-NB
by Marianna Schmudlach - 8/27/04 3:13 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Backdoor.Sdbot
IRC/SdBot.ATK
W32/Sdbot.worm.gen.b
Backdoor.SdBot.mw
Type Worm
W32/Sdbot-NB is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NB copies itself to the Windows system folder as SAGE.EXE and creates the following registry entry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Laptop Access = Sage.exe
W32/Sdbot-NB spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
http://www.sophos.com/virusinfo/analyses/w32sdbotnb.html
W32/Sdbot-NC
by Marianna Schmudlach - 8/27/04 3:15 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Backdoor.SdBot.nv
W32/Sdbot.worm.gen
IRC/SdBot.AXT
Backdoor.Ranky
Type Worm
W32/Sdbot-NC is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NC copies itself to the Windows system folder under a random filename and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Monitor Test
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Monitor Test
W32/Sdbot-NC spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html
W32/Protoride-N
by Marianna Schmudlach - 8/27/04 3:17 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Worm.Win32.Protoride.aa
W32/Protoride.worm
Win32/Protoride.P
W32.Protoride.Worm
Type Worm
W32/Protoride-N is a Windows worm that spreads via network shares. The worm also has a backdoor component that allows unauthorised remote access to the computer via IRC channels.
W32/Protoride-N will set the following registry entry so that it runs automatically upon restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskbar Manager
W32/Protoride-N attempts to copy itself to WINMNGR.EXE in the startup folder of shared network computers.
W32/Protoride-N may also set the following registry entry:
HKLM\Software\BeyonD inDustries\ProtoType[v2]
W32/Protoride-N remains resident, running in the background as a service process and listening for commands from remote users via IRC channels.
http://www.sophos.com/virusinfo/analyses/w32protoriden.html
Troj/Vidlo-E
by Marianna Schmudlach - 8/27/04 3:19 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Type Trojan
Troj/Vidlo-E is a Trojan which downloads a file from a predefined location and then executes it.
http://www.sophos.com/virusinfo/analyses/trojvidloe.html
W32/Sdbot-ND
by Marianna Schmudlach - 8/27/04 3:20 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Backdoor.SdBot.nt
W32/Sdbot.worm.gen.k
Win32/IRCBot.KE
W32.Spybot.Worm
Type Worm
W32/Sdbot-ND is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-ND copies itself to the Windows system folder as WINDOWSNT.COM and creates the following registry entries to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Information Manager = windowsNt.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
System Information Manager = windowsNt.com
W32/Sdbot-ND spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Sdbot-ND may also try to log the users keystrokes for later retrieval by the remote intruder in a file named KEYLOG.TXT in the Windows system folder.
http://www.sophos.com/virusinfo/analyses/w32sdbotnd.html
W32/Rbot-GM
by Marianna Schmudlach - 8/27/04 3:22 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Backdoor.Rbot.gen
Type Worm
W32/Rbot-GM spreads using several vulnerabilities and backdoors opened by other worms.
The vulnerabilities used are addressed in MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GM allows a remote attacker unauthorised access to the infected computer. An infected computer may have its anti-virus and security software disabled.
http://www.sophos.com/virusinfo/analyses/w32rbotgm.html
W32/Rbot-GN
by Marianna Schmudlach - 8/27/04 3:24 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Backdoor.Rbot.gen
W32/Rbot-GN spreads using vulnerabilities and backdoors opened by other worms. The vulnerabilities used are addressed by MS04-011, MS03-026, MS03-007 and MS01-059.
W32/Rbot-GN allows remote attackers to have unauthorised access to infected computers.
http://www.sophos.com/virusinfo/analyses/w32rbotgn.html
Troj/Banker-AR
by Marianna Schmudlach - 8/27/04 3:25 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Trojan.Win32.Banker.ar
Type Trojan
Troj/Banker-AR is a Trojan which steals online banking information.
http://www.sophos.com/virusinfo/analyses/trojbankerar.html
W98/Flcss-B
by Marianna Schmudlach - 8/27/04 3:27 PM
In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Aliases Win32.FunLove.3662
W32/Cassi.intd
W32.Funlove.C
PE_FUNLOVE.3662
Type Virus
W98/Flcss-B is a Windows98 parasitic virus which infects executable files locally and over NetBIOS shares with the following extenstions: OCX, SCR, EXE.
http://www.sophos.com/virusinfo/analyses/w98flcssb.html
Re: VIRUS ALERTS - August 27, 2004
by bigredgpk - 8/30/04 9:49 AM In reply to: VIRUS ALERTS - August 27, 2004 by Marianna Schmudlach
Will deleting those Keys in the RegEdit fix this Worm? Is there an automatic cleaning app out there?
Timmay
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
