Virus name |
Summary |
Describe |
W32 / Netsky-L |
W32 / Netsky-L is a worm that spreads via e-mail. There is no assessment of the danger level of this worm. & nbsp; |
W32 / Netsky-L is a worm that spreads via e-mail, usually containing the following characteristics: Message Format: Bring one of the following messages The attached file name contains the following instructions On the first run, W32 / Netsky-L will clone to the Windows folder with the name AVprotect.exe And to be able to automatically run when the computer boots, W32 / Netsky-L will create the registry values at the following address: & nbsp; |
Troj / Domwis-A |
Troj / Domwis-A is a backdoor trojan that allows an attacker to remotely access an infected computer. In addition, the Trojan also has the task of stealing personal information and performing keyboard typing tasks. |
- Troj / Domwis-A is a backdoor trojan that is spread over IRC and allows attackers to remotely access infected machines. - During the first run, Troj / Domwis-A will duplicate the Windows folder under the name: RUNDLL16.EXE & nbsp; and will create entries in the registry at the following address to ensure they can be activated when the system boots: & nbsp; HKLMSoftwareMicrosoftWindows - Troj / Domwis-A will steal system information and record keyboard actions. - Troj / Domwis-A can download and execute files remotely on an infected system. This type of Trojan can also be programmed to query file lists, delete files, and terminate processes. - Troj / Domwis-A will create a file temp.bat in the Windows folder, but the nature of the file is not dangerous & nbsp; |
Troj / Cidra-D |
Virus Troj / Cidra- has the ability to open the backdoor, allowing unauthorized access to the system. Also, there are signs of Troj / Cidra-D spreading spam by the addresses found on the infected computer. |
- Troj / Cidra-D is a backdoor trojan, allowing remote intrusion to increase TCP traffic through infected systems. - Troj / Cidra-D executable file is usb_d.exe The And to be able to automatically run when the user logs on, this Trojan adds the following keys to the registry at the following address: HKLMSoftwareMicrosoftWindows - Troj / Cidra-D open a random port to listen, and periodically it will try to connect remotely to a website & nbsp; to register. - Troj / Cidra-D also has the ability to download and execute a file from the network. - Troj / Cidra-D infected e-mails, usually with the following headlines: & nbsp; "This your photo?" - The virus will have the message "Is this your photo?" - File attached: p_usb.zip & nbsp; |
W32 / Agobot-DQ |
Sophos has warned about the emergence of the W32 / Agobot-DQ virus, which is capable of infecting shared files on a Windows network, listening on a separate port and spreading when a connection is established. to this port. In order to provide you with the most up-to-date information on the types of viruses that appear on the Internet, the first "virus warning" (N 001), we will constantly update the list of the latest viruses. |
- W32 / Agobot-DQ worm infects the network, allowing unauthorized access remotely through IRC channels. - W32 / Agobot-DQ will clone into the shares of the LAN. - W32 / Agobot-DQ will clone to the system folder (Windows) under the name FILENAME.EXE and create entries in the registry at the following addresses: HKLMSoftwareMicrosoftWindows HKLMSoftwareMicrosoftWindows - Deep disables the default shares of the system such as C $, D $, ADMIN $ and IPC $. - W32 / Agobot-DP will attempt to terminate the following processes: |