| View previous topic :: View next topic |
| Author |
Message |
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
 Posted: Thu Feb 22, 2007 6:20 am Post subject: Troj/NTRootK-BF |
|
|
Troj/NTRootK-BF
Type Trojan
Aliases Trojan-Spy.Win32.Small.gm
TSPY_SMALL.ECQ
Win32/Spy.Small.NBE
Spy-Agent.bu
Troj/NTRootK-BF is a kernel driver rootkit for the Windows platform.
Once installed, Troj/NTRootK-BF provides functionality to allow other applications to hook system processes and monitor network traffic.
http://www.sophos.com/security/analyses/trojntrootkbf.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
 |
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu Feb 22, 2007 4:16 pm Post subject: Troj/Rootkit-BE |
|
|
Troj/Rootkit-BE
Type Trojan
Troj/Rootkit-BE is a rootkit for the Windows platform.
The rootkit has the funcionality to hide processes.
http://www.sophos.com/security/analyses/trojrootkitbe.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Feb 23, 2007 3:54 pm Post subject: Troj/NTRootK-BG |
|
|
Troj/NTRootK-BG
Type Trojan
Aliases NTRootKit-W
Troj/NTRootK-BG is a kernel driver rootkit for the Windows platform.
Once installed Troj/NTRootK-BG provides functionality to hide processes and services.
http://www.sophos.com/security/analyses/trojntrootkbg.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Mar 16, 2007 4:36 pm Post subject: Troj/Rootkit-BK |
|
|
Troj/Rootkit-BK
Rootkit
Affected operating systems Unix
Troj/Rootkit-BK is a backdoor Trojan for the Solaris platform.
Identification available since 16 March 2007
Detected by Sophos Anti-Rootkit
http://www.sophos.com/security/analyses/trojrootkitbk.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
nosirrah
Security Expert
Special Response Team
Joined: Apr 19, 2006
Posts: 6301
Location: USA
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Mar 23, 2007 5:18 am Post subject: Troj/Pushu-A |
|
|
Aliases Rootkit.Win32.Agent.dp
Win32/Rootkit.Agent.NAZ
Type Spyware Trojan
Troj/Pushu-A is a Trojan for the Windows platform.
When Troj/Pushu-A is installed the following file is created:
<Windows>\system32\drivers\runtime.sys
This file is also detected as Troj/Pushu-A, and is registered as a new system driver service named "Runtime". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Runtime
One of the following files is also created:
<Windows>\system32\drivers\ip6fw.sys
<Windows>\system32\drivers\netdtect.sys
These files are also detected as Troj/Pushu-A, and may be registered as a new system driver service named "Restore". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Restore
These system files provide stealthing for Troj/Pushu-A.
Troj/Pushu-A also attempts to inject a file into iexplore.exe. This injected file is also detected as Troj/Pushu-A, and attempts to download from a remote location to some of the following locations:
<Windows>\system32\<random number>_exception.nls
<Temp>\ldrnt.bin
<Temp>\<random number>.exe
Protection available since 23 March 2007
http://www.sophos.com/security/analyses/trojpushua.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu Mar 29, 2007 2:38 pm Post subject: Troj/NTRootK-BK |
|
|
Troj/NTRootK-BK
Type Trojan
Troj/NTRootK-BK is a kernel rootkit driver for the Windows platform.
Troj/NTRootK-BK includes functionality to hide folders, files and services
Protection available since 29 March 2007
http://www.sophos.com/security/analyses/trojntrootkbk.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu Mar 29, 2007 3:16 pm Post subject: Trojan.Tvcodec |
|
|
Type: Trojan
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Trojan.Tvcodec is a Trojan horse that installs a rootkit on the compromised computer.
Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
Discovered: March 29, 2007
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-032914-3242-99
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Mar 30, 2007 2:47 pm Post subject: |
|
|
Troj/NTRootK-BL
Type Trojan
Troj/NTRootK-BL is a kernel rootkit driver for the Windows platform.
Protection available since 30 March 2007
http://www.sophos.com/security/analyses/trojntrootkbl.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Sun Apr 15, 2007 5:54 pm Post subject: Troj/NtRootK-BM |
|
|
Troj/NtRootK-BM
Type Rootkit
Aliases Rootkit.Win32.NtRtk
Win32/Rootkit.NtRtk
Troj/NtRootK-BM is a Windows driver that may be used for creating a covert channel of communication by a rootkit or to sniff network traffic.
Identification available since 15 April 2007
http://www.sophos.com/security/analyses/trojntrootkbm.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Mon Apr 16, 2007 2:35 pm Post subject: Troj/NtRootK-BN |
|
|
Troj/NtRootK-BN
Type Trojan
Troj/NtRootK-BN is a Trojan for the Windows platform.
Protection available since 16 April 2007
http://www.sophos.com/security/analyses/trojntrootkbn.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Tue Apr 17, 2007 2:40 pm Post subject: W32/Almanahe.dll |
|
|
W32/Almanahe.dll
Alert ID : FrSIRT/ALRT-2007-02612
Aliases : troj/ntrootk-bn - w32.almanahe.b
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-17
Description
W32/Almanahe.dll is the dropped DLL component of W32/Almanahe.a.
References
http://vil.nai.com/vil/content/v_142020.htm
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Tue Apr 17, 2007 2:41 pm Post subject: W32/Almanahe.sys |
|
|
W32/Almanahe.sys
Alert ID : FrSIRT/ALRT-2007-02611
Aliases : troj/ntrootk-bn - troj_corelink.a
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-17
Description
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at: http://vil.nai.com/vil/content/v_142021.htm.
References
http://vil.nai.com/vil/content/v_142019.htm
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Wed May 02, 2007 2:43 pm Post subject: Troj/NTRootK-BO |
|
|
Troj/NTRootK-BO
Type Trojan
Aliases Rootkit.Win32.Agent.ea
Win32/Rootkit.Agent.NBC
TROJ_AGENT.MUI
Troj/NTRootK-BO is a rootkit Trojan for the Windows platform.
Once installed, Troj/NTRootK-BO includes functionality to provide stealth techniques in order to hide files, processes and registry entries as well as to monitor TCP/IP network traffic.
Protection available since 2 May 2007
http://www.sophos.com/security/analyses/trojntrootkbo.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Wed May 02, 2007 2:44 pm Post subject: Troj/NTRootK-BP |
|
|
Troj/NTRootK-BP
Type Trojan
Aliases Rootkit.Win32.Agent.el
Spy-Agent.bv.sys
Troj/NTRootK-BP is a rootkit Trojan for the Windows platform.
Once installed Troj/NTRootK-BP includes functionality to provide stealth techniques to hide files and folders.
Protection available since 2 May 2007
http://www.sophos.com/security/analyses/trojntrootkbp.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
