|
The Rbot-GR virus follows a fairly traditional malware route of exploiting Microsoft security vulnerabilities and installing a Trojan horse on infected machines. However, the worm also spies on users by taking control of their Webcam and microphone, then sending images and soundtracks back to the hackers, according to antivirus firm Sophos.
|
|
Full View / NID: 3962 / Submitted by: Anthony
|
|
The W32.Mydoom@mm Removal Tool does the following:
- Terminates W32.Mydoom@mm viral processes.
- Terminates the viral thread running under Explorer.exe.
- Deletes W32.Mydoom@mm files.
- Terminates Backdoor.Zincite.A viral processes.
- Deletes Backdoor.Zincite.A files.
- Reverses the changes made to the registry by all aforementioned threats.
Version 1.0.9.0 released to support W32.Mydoom.M@mm and Backdoor.Zincite.A.
Version 1.0.9.1 released to support a minor variant of W32.Mydoom.M@mm.
Version 1.0.9.2 released to support W32.Zindos.A.
Version 1.0.9.3 contained minor update.
Version 1.0.9.4 released to support W32.Mydoom.Q@mm and Backdoor.Nemog.
|
|
Full View / NID: 3650 / Submitted by: TACKtech Team
|
|
W32.Beagle.AO@mm is a mass mailing worm that uses its own SMTP engine to spread. The email attachment is a Mitglieder-like downloader that brings the worm from external sources.
|
|
Full View / NID: 3584 / Submitted by: TACKtech Team
|
|
This tool helps to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool also provides the user with the default version of the hosts file and set the "read-only" attribute for that file. This action enables the user to visit previously-blocked Microsoft and antivirus Web sites.
|
|
Full View / NID: 3509 / Submitted by: Zero_Tolerance
|
|
The W32.Mydoom@mm Removal Tool does the following:
- Terminates W32.Mydoom@mm viral processes.
- Terminates the viral thread running under Explorer.exe.
- Deletes W32.Mydoom@mm files.
- Terminates Backdoor.Zincite.A viral processes.
- Deletes Backdoor.Zincite.A files.
- Reverses the changes made to the registry by all aforementioned threats.
Version 1.0.9.0 released to support W32.Mydoom.M@mm and Backdoor.Zincite.A.
Version 1.0.9.1 released to support a minor variant of W32.Mydoom.M@mm.
Version 1.0.9.2 released to support W32.Zindos.A.
Version 1.0.9.3 contained minor update.
|
|
Full View / NID: 3503 / Submitted by: Zero_Tolerance
|
|
The W32.Mydoom@mm Removal Tool does the following:
- Terminates W32.Mydoom@mm viral processes.
- Terminates the viral thread running under Explorer.exe.
- Deletes W32.Mydoom@mm files.
- Terminates Backdoor.Zincite.A viral processes.
- Deletes Backdoor.Zincite.A files.
- Reverses the changes made to the registry by all aforementioned threats.
Version 1.0.9.0 released to support W32.Mydoom.M@mm and Backdoor.Zincite.A.
Version 1.0.9.1 released to support a minor variant of W32.Mydoom.M@mm.
Version 1.0.9.2 released to support W32.Zindos.A.
|
|
Full View / NID: 3468 / Submitted by: TACKtech Team
|
|
The W32.Mydoom@mm Removal Tool does the following:
- Terminates W32.Mydoom@mm viral processes.
- Terminates the viral thread running under Explorer.exe.
- Deletes W32.Mydoom@mm files.
- Terminates Backdoor.Zincite.A viral processes.
- Deletes Backdoor.Zincite.A files.
- Reverses the changes made to the registry by all aforementioned threats.
Version 1.0.9.0 released to support W32.Mydoom.M@mm and Backdoor.Zincite.A.
Version 1.0.9.1 released to support a minor variant of W32.Mydoom.M@mm.
|
|
Full View / NID: 3467 / Submitted by: TACKtech Team
|
|
W32.Mydoom.M@mm is a mass-mailing worm that drops and executes a backdoor, detected as Backdoor.Zincite.A, that listens on TCP port 1034. The worm uses its own SMTP engine to send itself to email addresses it finds on the infected computer.
|
|
Full View / NID: 3430 / Submitted by: TACKtech Team
|
|
Symantec Security Response has developed a removal tool to clean W32.Novarg.A@mm, W32.Mydoom.B@mm, and W32.Mydoom.F@mm infections.
|
|
Full View / NID: 3412 / Submitted by: Zero_Tolerance
|
|
W32.Beagle.AG@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080.
|
|
Full View / NID: 3378 / Submitted by: TACKtech Team
|
|
W32.Beagle.AB@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080.
|
|
Full View / NID: 3356 / Submitted by: TACKtech Team
|
|
W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems.
|
|
Full View / NID: 3069 / Submitted by: TACKtech Team
|
|
Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm:
- W32.Sasser.Worm
- W32.Sasser.B.Worm
- W32.Sasser.C.Worm
- W32.Sasser.D.Worm
- W32.Sasser.E.Worm
Note: The W32.Sasser family of worms can run on (but not infect) Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to. In this case, the worm will waste a lot of resources so that programs cannot run properly, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)
|
|
Full View / NID: 2892 / Submitted by: TACKtech Team
|
|
Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm:
- W32.Sasser.Worm
- W32.Sasser.B.Worm
- W32.Sasser.C.Worm
- W32.Sasser.D.Worm
Note: The W32.Sasser family of worms can run on (but not infect) Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to. In this case, the worm will waste a lot of resources so that programs cannot run properly, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)
|
|
Full View / NID: 2826 / Submitted by: TACKtech Team
|
|
W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011, and spreads by scanning randomly-chosen IP addresses for vulnerable systems.
|
|
Full View / NID: 2806 / Submitted by: TACKtech Team
|
|
W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems.
|
|
Full View / NID: 2805 / Submitted by: TACKtech Team
|
|
W32.Netsky.AB@mm is a worm that scans for the email addresses on all non-CD-ROM drives on an infected computer. The worm then uses its own SMTP engine to send itself to the email addresses that it finds.
|
|
Full View / NID: 2779 / Submitted by: TACKtech Team
|
|
W32.Beagle.X@mm is a mass-mailing worm that attempts to spread using mail and file-sharing networks. The worm also opens a backdoor on an infected computer.
|
|
Full View / NID: 2778 / Submitted by: TACKtech Team
|
|
W32.Beagle.W@mm is a mass-mailing worm that attempts to spread using mail and file-sharing networks. The worm also opens a backdoor on the infected computer.
|
|
Full View / NID: 2766 / Submitted by: TACKtech Team
|
|
Due to an increased rate of submissions, Symantec Security Response has upgraded this threat from a Category 2 to a Category 3 as of April 20, 2004.
|
|
Full View / NID: 2706 / Submitted by: TACKtech Team
|