|
 |
|
CHOD.A
|
|
|
First Report:
|
2005-03-14 00:35
|
|
Last Update:
|
2005-04-26 23:32
|
|
|
Risk Rating:
|
Very Low Risk
|
|
|
Aliases:
|
Backdoor.Win32.VB.aam
Tobecho.A
W32.Chod@mm
W32/Chode-A
W32/NoChod@MM
W32/Tobecho.A.worm
Win32.Nochod.A
Worm:Win32/Chod.A
WORM_CHOD.A
|
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - TREND MICRO
|
| |
|
|
WORM_CHOD.A
|
Severity:
1/3
|
File Size:
-
|
| |
|
|
Reported:
2005-03-14 00:35
|
Last Update:
2005-04-06 23:36
|
| |
Description:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-03-14 01:32
|
Severity was raised from N/A to 1/3.
|
| |
|
|
2005-03-14 01:12
|
Severity was decreased from 1/3 to N/A.
|
| |
|
|
2005-03-14 00:56
|
Severity was raised from N/A to 1/3.
|
|
|
|
|
|
#2 - SYMANTEC
|
| |
|
|
W32.Chod@mm
|
Severity:
2/5
|
File Size:
152,292 bytes
|
| |
|
|
Reported:
2005-03-14 13:20
|
Last Update:
2005-04-04 23:40
|
| |
Description:
W32.Chod@mm is a mass-mailing worm that also propagates using MSN Messenger. The worm has back door capabilities and can be controlled through IRC channels. It also overwrites the Hosts file and lowers security settings.
|
| |
|
Full Report From Vendor
|
|
|
#3 - MCAFEE
|
| |
|
|
W32/NoChod@MM
|
Severity:
2/7
|
File Size:
152,292 bytes (MEW packed)
|
| |
|
|
Reported:
2005-03-14 15:32
|
Last Update:
-
|
| |
Description:
This detection is for a worm written in Visual Basic (and subsequently packed with MEW) that bears the following characteristics:
|
| |
|
Full Report From Vendor
|
|
|
#4 - PANDA ANTIVIRUS
|
| |
|
|
Tobecho.A
|
Severity:
1/4
|
File Size:
-
|
| |
|
|
Reported:
2005-03-14 19:28
|
Last Update:
2005-04-12 23:33
|
| |
Description:
It opens a port in the affected computer and receives remote control commands. It installs two password stealer type Trojans, prevents the user from connecting to web pages belonging to antivirus and security companies, and finishes some proccesses and services. It spreads via e-mail and MSN Messenger.
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-03-15 16:03
|
Description was changed.
New:
"It opens a port in the affected computer and
receives remote control commands. It installs
two password stealer type Trojans, prevents
the user from connecting to web pages
belonging to antivirus and security
companies, and finishes some proccesses and
services. It spreads via e-mail and MSN
Messenger."
Old:
"It opens a port in the affected computer and
receives remote control commands. It installs
two password stealer type Trojans, prevents
the user from connectig to web pages
belonging to antivirus and security
companies, and finishes some proccesses and
services. It spreads via e-mail and MSN
Messenger."
|
| |
|
|
2005-03-15 14:03
|
Description was changed.
New:
"It opens a port in the affected computer and
receives remote control commands. It installs
two password stealer type Trojans, prevents
the user from connectig to web pages
belonging to antivirus and security
companies, and finishes some proccesses and
services. It spreads via e-mail and MSN
Messenger."
Old:
"It opens a port in the affected computer and
receives remote control commands. It installs
two Trojans of password stealer type,
prevents the user from connectig to web pages
belonging to antivirus and security
enterprises,and finishes some proccesses and
services. It spreads via e-mail and Messenger
(MSN)."
|
| |
|
|
2005-03-15 13:48
|
Description was changed.
New:
"It opens a port in the affected computer and
receives remote control commands. It installs
two Trojans of password stealer type,
prevents the user from connectig to web pages
belonging to antivirus and security
enterprises,and finishes some proccesses and
services. It spreads via e-mail and Messenger
(MSN)."
Old:
"It opens a port in the affected computer and
receives remote control commands. It installs
two Trojans of password stealer type,
prevents the user from connectig to web pages
belonging to antivirus and security
enterprises,and finishes some proccesses and
services. It spreads via e-mail and the
program Messenger (MSN)."
|
| |
|
|
2005-03-15 13:18
|
Description was changed.
New:
"It opens a port in the affected computer and
receives remote control commands. It installs
two Trojans of password stealer type,
prevents the user from connectig to web pages
belonging to antivirus and security
enterprises,and finishes some proccesses and
services. It spreads via e-mail and the
program Messenger (MSN)."
Old:
"It modifies the settings of the affected
computer, preventing users from running the
Windows Registry Editor and disabling remote
administration of the computer."
|
|
|
|
|
|
#5 - SOPHOS
|
| |
|
|
W32/Chode-A
|
Severity:
1/5
|
File Size:
-
|
| |
|
|
Reported:
2005-03-18 15:08
|
Last Update:
2005-03-18 15:23
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
#6 - COMPUTER ASSOCIATES
|
| |
|
|
Win32.Nochod.A
|
Severity:
-
|
File Size:
-
|
| |
|
|
Reported:
2005-03-29 04:12
|
Last Update:
2005-04-26 23:32
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
