W32/Apribot-C
This malware was reported by: Sophos
W32.Mydoom.Q@mm
This malware was reported by: Symantec
Backdoor.Nemog
This malware was reported by: Symantec
Troj/Bdoor-CHR
This malware was reported by: Sophos
Surila.B
This malware was reported by: Panda Software
Surila.B is a backdoor that affects Windows 2003/XP/2000/NT computers only. It allows remote access to the affected computer, in order to carry out actions that compromise user confidentiality or impede the tasks performed.Surila.B allows to send spam fr
Mydoom.S
This malware was reported by: Computer Associates
Win32.Mydoom.S is a worm that spreads via e-mail using its own SMTP engine. It also attempts to download and runs a trojan from up to four different URLs. I
Troj/Daemoni-G
This malware was reported by: Sophos
VBS.Mywav@mm
This malware was reported by: Symantec
VBS.Mywav@mm is a mass-mailing worm that also infects .html files.
Downloader.Harnig
This malware was reported by: Symantec
Downloader.Harnig is a program that downloads Trojans, adware, and dialers, and terminates services associated with antivirus software.
W32/Neveg.c@MM
This malware was reported by: Network Associates Inc
This mass-mailing worm constructs email messages using its own SMTP engine and is sent using MAPI addressing.
Email addresses are harvested from files with the following extensions:
.hlp
.xml
.xls
.wsh
.wab
.vbs
.uin
.txt
.tbb
.s
W32/Netsky.j@MM
This malware was reported by: Network Associates Inc
W32/Netsky.ab@MM
This malware was reported by: Network Associates Inc
WORM_BAGLE.AJ
This malware was reported by: Trendmicro
Like earlier BAGLE variants, this memory-resident worm spreads via email through its own Simple Mail Transfer Protocol (SMTP) engine.
W32.Neveg.C@mm
This malware was reported by: Symantec
W32.Neveg.C@mm is a mass-mailing worm that spreads using its own SMTP engine, and performs a Denial of Service (DoS) attack on various Web design Web sites. The worm replicates through email and shared folders.
PWSteal.Bancos.I
This malware was reported by: Symantec
The PWSteal.Bancos.I Trojan horse
Mimics the online interfaces of certain Brazilian banks to try to steal account information.
Is a minor variant of PWSteal.Bancos.H.
Is packed using UPX and may be contained in a self-extracting RAR file.
See the "
Neveg.B
This malware was reported by: Computer Associates
Win32.Nevag.B is an e-mail worm which replies to e-mail in certain Outlook folders attaching itself to the reply.
Spyware-BE
This malware was reported by: Network Associates Inc
Troj/ProxDrop-A
This malware was reported by: Sophos
W32.Korgo.AD
This malware was reported by: Symantec
W32.Korgo.X is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.
This variant also attempts to download and execute a file from a
W32/Rbot-GF
This malware was reported by: Sophos
Neveg.C
This malware was reported by: F-Secure
Neveg.C is a mass-mailing worm with Peer-to-Peer spreading
capabilities.
Mydoom.S
This malware was reported by: Panda Software
Mydoom.S is a worm that opens several ports and listens to them. It allows hackers to remotely access the computer, in order to carry out actions that compromise user confidentiality or impede the tasks performed.Additionally, Mydoom.S prevents the user
Pogue
This malware was reported by: Sophos
WORM_ATAK.C
This malware was reported by: Trendmicro
W32.Neveg.B@mm
This malware was reported by: Symantec
W32.Neveg.B@mm is a mass-mailing worm that performs denial of service (DoS) attacks on various web design Web sites.
The worm replicates via email, using its own SMTP engine, and also spreads through shared folders.
W32.Neveg.A@mm
This malware was reported by: Symantec
W32.Neveg.A@mm is a mass-mailing worm that performs denial of service (DoS) attacks on various web design Web sites.
The worm replicates via email, using its own SMTP engine, and also spreads through shared folders.
Trojan.Treb
This malware was reported by: Symantec
Trojan.Treb is a Trojan horse that opens two listening proxy servers. It then contacts a remote attacker and provides them with system information of the infected computer.
WORM_NEVEG.C
This malware was reported by: Trendmicro
This worm propagates by dropping a copy of itself in folders on the infected system that have names, which are commonly-used by peer-to-peer (P2P) applications to share files. It can spread via email.
W32.Beagle.AP@mm
This malware was reported by: Symantec
W32.Beagle.AP@mm is a mass-mailing worm that spreads via email, using its own SMTP engine.
PWSteal.Bancos.J
This malware was reported by: Symantec
PWSteal.Bancos.J is a Trojan horse that mimics the online interfaces of certain Brazilian banks to try to steal account information.
Bagle.AH
This malware was reported by: Computer Associates
Win32.Bagle.AH is a worm that spreads via e-mail and file sharing. In e-mail attachments, it can distribute itself as an executable file (.exe, .com, .scr),
Neveg.C
This malware was reported by: Computer Associates
W32/Wort-A
This malware was reported by: Sophos
Troj/Winflux-B
This malware was reported by: Sophos
W32/Agobot-ME
This malware was reported by: Sophos
W32/Dumaru-Q
This malware was reported by: Sophos
PWSteal.Bancos.K
This malware was reported by: Symantec
PWSteal.Bancos.K is a Trojan horse that mimics the online interfaces of certain Brazilian banks and attempts steal account information.
X97M.Ainesey.B
This malware was reported by: Symantec
X97M.Ainesey.B is a macro virus that infects Microsoft Excel workbooks.
T-virus Mobile Phone Hoax
This malware was reported by: Network Associates Inc
Trivial.818
This malware was reported by: Symantec
Trivial.818 is a DOS virus that overwrites the first 818 bytes of .com and .exe files, preventing them from running correctly
W32/Tzet-B
This malware was reported by: Sophos
W32/Lovgate-W
This malware was reported by: Sophos
W32/Lovgate-W
This malware was reported by: Sophos
Afp_AfpInfo
This malware was reported by: F-Secure
Zone.Identifier
This malware was reported by: F-Secure
Troj/Banker-K
This malware was reported by: Sophos
QDial27
This malware was reported by: Network Associates Inc
W32.Korgo.X
This malware was reported by: Symantec
W32.Korgo.X is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.
This variant also attempts to download and execute a file from a
Downloader-NY
This malware was reported by: Network Associates Inc
W32/Rbot-GO
This malware was reported by: Sophos
W32/Rbot-GS
This malware was reported by: Sophos
W32/Rbot-GP
This malware was reported by: Sophos
W32/Rbot-GR
This malware was reported by: Sophos
MyDoom.m.log
This malware was reported by: F-Secure
Mydoom.M worm creates encrypted log files and sometimes sends
them out instead of its own code due to a bug. As a result the
encryped data files are sent in a ZIP archive inside e-mails. The
files have random (encrypted) content, they are about 1.1 or
Trojan.Delsha
This malware was reported by: Symantec
Trojan.Delsha is a Trojan horse program that disables the sharing permission of network-shared folders.
W32/Agobot-MF
This malware was reported by: Sophos
W32/Sdbot.worm.gen.x
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.w
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.v
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.u
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.t
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.s
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.q
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.o
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.l
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.g
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.f
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.e
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.d
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.c
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.b
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.a
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
Trojan.Sconato
This malware was reported by: Symantec
Trojan.Sconato is a Trojan horse program that installs a Browser Helper Object (BHO). The installed BHO captures keystrokes and emails them to the attacker.
This Trojan is packed with UPX.
X97M.Ainesey.C
This malware was reported by: Symantec
X97M.Ainesey.C is a Microsoft Excel macro virus that infects Microsoft Excel workbooks, lowers Internet Explorer security settings, and drops a file containing a Trojan horse program onto the infected computer.
Vundo
This malware was reported by: Network Associates Inc
Downloader-MM
This malware was reported by: Network Associates Inc
Downloader-MM.dll
This malware was reported by: Network Associates Inc
StartPage-EU
This malware was reported by: Network Associates Inc
Downloader-NV
This malware was reported by: Network Associates Inc
PE_BUGBEAR.K
This malware was reported by: Trendmicro
This memory-resident Win32 file infector uses a new and complex technique of polymorphic infection. It usually arrives via email using Simple Mail Transfer Protocol (SMTP), and usually as a ZIP archive, or as a password-protected ZIP archive.
HTML_MHTREDIR.V
This malware was reported by: Trendmicro
This .HTML script malware usually arrives as an email attachment or is embedded in .HTML pages on a Web site.
Bugbros.C
This malware was reported by: Computer Associates
Win32.Bugbros.C is a worm that spreads via e-mail. The worm was written in Visual Basic 5.
Bugbros.B
This malware was reported by: Computer Associates
Win32.Bugbros.B is a worm that attempts to spread via e-mail. Due to bugs in its code, however, it often fails to attach itself to e-mail during its mass-ma
Gavvo
This malware was reported by: Computer Associates
Glieder.D
This malware was reported by: Computer Associates
Win32.Glieder.D is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen this trojan
Mitglieder.BK
This malware was reported by: Computer Associates
Mitlgieder.BK is a backdoor trojan that can act as a socks proxy, as well as allowing limited control of an infected machine through the use of non-standard
Tibick.A
This malware was reported by: Computer Associates
Win32.Tibick.A is a worm that spreads via Peer-to-Peer file sharing networks. It also contains limited backdoor functionality that allows its controller to
Troj/LeechPie-A
This malware was reported by: Sophos
MhtRedir.S
This malware was reported by: Panda Software
StartPage.JL
This malware was reported by: Panda Software
StartPage.JL is a Trojan that changes the browser Internet Explorer homepage and its default search options.StartPage.JL is installed in the affected computer by Exploit/MhtRedir.S, which exploits the vulnerability described by Microsoft in the security
W64.Shruggle.1318
This malware was reported by: Symantec
W64.Shruggle.1318 is a direct-action file infector, similar to W64.Rugrat.3344, which infects AMD64 Windows Portable Executable (PE) files. It is a fairly simple proof-of-concept virus; however, it is the first known virus to attack 64-bit Windows execut
Sasser.G
This malware was reported by: F-Secure
Sasser.G is a minor modification of the Sasser.F worm. It shares most of its
code and functionality, although it uses a different filename when copying
itself into the system and a different mutex name.
W32/Sdbot-NO
This malware was reported by: Sophos
Trojan.Corem
This malware was reported by: Symantec
Trojan.Corem is a Trojan horse program that attempts to gather email addresses from an infected computer.
Trojan.Mitglieder.N
This malware was reported by: Symantec
Trojan.Mitglieder.N is a Trojan horse that allows an infected computer to be used as an email relay.
Trojan.Mitglieder.O
This malware was reported by: Symantec
Trojan.Mitglieder.O is a Trojan horse that allows an infected computer to be used as an email relay.
Trojan.StartPage.H
This malware was reported by: Symantec
Trojan.StartPage.H is a variant of Trojan.StartPage that modifies the Internet Explorer home page without your permission.
Trojan.StartPage.H is downloaded by Download.Ject.B.
Download.Ject.B
This malware was reported by: Symantec
Download.Ject.B is a variant of Download.Ject that attempts to download and install a file by exploiting Internet Explorer vulnerabilities described in Microsoft Security Bulletin MS04-025. The Trojan is triggered by visiting a Web site that contains the
W32/Rbot-GX
This malware was reported by: Sophos
Shruggle.1318
This malware was reported by: Computer Associates