| View previous topic :: View next topic |
| Author |
Message |
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
 Posted: Tue May 08, 2007 2:08 pm Post subject: Troj/NtRootK-BQ |
|
|
Troj/NtRootK-BQ
Type Trojan
Troj/NtRootK-BQ is a rootkit Trojan for the Windows platform.
Once installed Troj/NtRootK-BQ provides functionality to allow processes to hide files, create registry entries.
Protection available since 8 May 2007
http://www.sophos.com/security/analyses/trojntrootkbq.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
 |
lkkb
Lieutenant
Joined: Aug 10, 2005
Posts: 171
Location: USA
|
| Posted: Sun May 20, 2007 2:11 pm Post subject: |
|
|
"Marianna,"
If I may make a request of you and maybe it could be made a Stickie if you like?
Could there be a list of these threats made/w any files they create or maybe create? Then we could just copy/paste those into a search box for our system or maybe do a search from a clean bootable media in DOS. IF this would be adding too much too your plate that would be AOK with me, just have a very full one for myself at this time. Later after finishing some of my other projects, not computer related, I could go over some of your posts and maybe group them if you would like.
Thank you 4 reading my post,
Lkkb
_________________
TIA, CU L8R, >'Lkkb'<Inspiron D531s Vista HE Pre SP1 AMD Athlon 64 Dual Core Processor O/S 32Bit 2.3G RAM 3.0Gb, IE v7.0, FFv3.0.3/w/PWM v1.7.2 & NoScript v1.8.4.1; CFP v3.5.54375.427/w CFP AV updated daily; AntiVir v8.2.xxx Up Dated daily.
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Mon May 21, 2007 2:08 pm Post subject: |
|
|
| Quote: | If I may make a request of you and maybe it could be made a Stickie if you like?
Could there be a list of these threats made/w any files they create or maybe create? Then we could just copy/paste those into a search box for our system or maybe do a search from a clean bootable media in DOS. IF this would be adding too much too your plate that would be AOK with me, just have a very full one for myself at this time. Later after finishing some of my other projects, not computer related, I could go over some of your posts and maybe group them if you would like.
|
Hi Ikkb,
I'll have to ask IF that is possible.....
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Mon May 21, 2007 2:12 pm Post subject: Troj/Zlob-ACR |
|
|
Troj/Zlob-ACR
Rootkit
Type
* Rootkit
Troj/Zlob-ACR is a downloader Trojan for the Windows platform.
Identification available since 21 May 2007
http://www.sophos.com/security/analyses/trojzlobacr.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
| Posted: Mon May 21, 2007 2:33 pm Post subject: |
|
|
@lkkb: The Rootkit Experts are currently engaged in doing exactly what you have suggested. We are developing a fully comprehensive list of rootkits, rootkit tech software and false positives. When they are ready we will let you (and everyone else) know. Patience.
Note: I removed the posts that were irrelevant to this topic. The board had some hiccups yesterday but they've been fixed.
***If you wish to post further discussion about this subject, please start a new topic. Thanks.
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Wed May 23, 2007 3:08 pm Post subject: Troj/Rootkit-BR |
|
|
Troj/Rootkit-BR
Type Trojan
Troj/Rootkit-BR is a Trojan for the Windows platform.
Protection available since 23 May 2007
http://www.sophos.com/security/analyses/trojrootkitbr.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri May 25, 2007 1:57 pm Post subject: Troj/NTRootK-BS |
|
|
Troj/NTRootK-BS
Type Rootkit
Troj/NTRootK-BS is a kernel driver rootkit for the Windows platform.
Once installed Troj/NTRootK-BS includes functionality to hide processes and services.
Identification available since 25 May 2007
http://www.sophos.com/security/analyses/trojntrootkbs.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri May 25, 2007 1:58 pm Post subject: Troj/NTRootK-BT |
|
|
Troj/NTRootK-BT
Type Rootkit
Troj/NTRootK-BT is a kernel driver rootkit for the Windows platform.
Identification available since 25 May 2007
http://www.sophos.com/security/analyses/trojntrootkbt.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri May 25, 2007 2:08 pm Post subject: Troj/NTRootK-BR |
|
|
Troj/NTRootK-BR
Type Rootkit
Troj/NTRootK-BR is a rootkit driver for the Windows platform.
Identification available since 25 May 2007
http://www.sophos.com/security/analyses/trojntrootkbr.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu May 31, 2007 2:09 pm Post subject: Mal/RKRustok-A |
|
|
Mal/RKRustok-A
Type Rootkit
Mal/RKRustok-A is a family of kernel rootkit drivers.
Members of the Mal/RKRustok-A family contains functionality to provide stealthing capability to other malware including hiding processes and files.
Identification available since 31 May 2007
http://www.sophos.com/security/analyses/malrkrustoka.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu Jun 07, 2007 3:27 pm Post subject: W32/USBAuto.worm!rootkit |
|
|
W32/USBAuto.worm!rootkit
Type Virus
SubType Worm
Overview -
This detection is for a worm that spreads via removable USB media, and is also a rootkit.
Aliases:
Trojan-Downloader.Win32.VB.anf (Kaspersky)
BackDoor.Generic.1563 (Doctor Web)
Win32/TrojanDownloader.VB.ANF (ESET NOD32)
W32/UsbStorm.A.worm (Panda)
Characteristics
Characteristics -
Note: File names and registry entries listed here may vary with different versions of the malware. Hence this is a generic description.
Upon execution, this malware copies inself into the following location.
C:\Windows\system32\internt.exeThis file is then executed and installed as a rootkit, such that its process is not visible under the process list.
It modifies the following registry entry for loading at system startup.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"
Data : C:\Windows\system32\userinit.exe, C:\Windows\system32\internt.exeIt then copies itself, along with an autorun.inf file, to all the removable USB media.
Symptoms
Symptoms -
Presence of the files and registry entries mentioned.
http://vil.nai.com/vil/content/v_142206.htm
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Jun 08, 2007 3:29 pm Post subject: Troj/NTRootK-BU |
|
|
Troj/NTRootK-BU
Type Rootkit
Side effects Monitors system activity
Aliases Rootkit.Win32.Agent.ga
Win32/Alman.NAB
Troj/NTRootK-BU is a rootkit for the Windows platform.
Troj/NTRootK-BU may hide files and registry entries.
Identification available since 8 June 2007
http://www.sophos.com/security/analyses/trojntrootkbu.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Sat Jun 16, 2007 1:53 am Post subject: Troj/NTRootK-BV |
|
|
Troj/NTRootK-BV
Type Rootkit
Troj/NTRootK-BV is a rootkit for the Windows platform.
Troj/NTRootK-BV contains functionality to communicate with a remote server using HTTP.
When the Troj/NTRootK-BV kernel driver is first loaded, it creates the file <System>\kdblib.dll. This file is also detected as Troj/NTRootK-BV.
Identification available since 15 June 2007
http://www.sophos.com/security/analyses/trojntrootkbv.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Thu Jun 28, 2007 9:04 pm Post subject: Troj/NTRootK-BW |
|
|
Troj/NTRootK-BW
Type Spyware Trojan
Aliases Rootkit.Win32.Agent.ea
Troj/NTRootK-BW is a rootkit Trojan for the Windows platform.
Once installed, Troj/NTRootK-BW includes functionality to provide stealth techniques in order to hide files, processes and registry entries as well as to monitor TCP/IP network traffic.
Protection available since 28 June 2007
http://www.sophos.com/security/analyses/trojntrootkbw.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11730
|
| Posted: Fri Jun 29, 2007 6:02 pm Post subject: Troj/Rootkit-BI |
|
|
Troj/Rootkit-BI
Type
* Trojan
Side effects
* Dropped by malware
Troj/Rootkit-BI is a rootkit Trojan for the Windows platform.
Troj/Rootkit-BI provides stealthing functionality and may be dropped by malware.
Protection available since 29 June 2007
http://www.sophos.com/security/analyses/trojrootkitbi.html
_________________
"Wisdom is not a product of schooling but of the life-long attempt to acquire it."
- Albert Einstein (1879-1955)
Microsoft MVP - Consumer Security 2006 - 2008
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
