W32/Rbot-HU
This malware was reported by: Sophos
W32.Beagle.AQ@mm
This malware was reported by: Symantec
W32.Beagle.AQ@mm is a variant of W32.Beagle.AO@mm, which is a mass-mailing worm that uses its own SMTP engine to spread. The email attachment is a downloader, similar to Trojan.Mitglieder and Download.Ject.C, that downloads the worm from an external s
PWSteal.Tarno.I
This malware was reported by: Symantec
PWSteal.Tarno.I is a Trojan horse that attempts to steal user names and passwords for certain Internet banking sites, by capturing screenshots and logging keystrokes.
Backdoor.Akak
This malware was reported by: Symantec
Backdoor.Akak is a backdoor server that also creates a SOCKS proxy on the compromised system. Reports indicate that Web sites exploiting the Microsoft Internet Explorer Drag And Drop File Installation Vulnerability may install it.
Backdoor.Balkart
This malware was reported by: Symantec
Backdoor.Balkart is a backdoor Trojan horse that can act as a HTTP proxy or FTP server.
W32.IRCBot.F
This malware was reported by: Symantec
W32.IRCBot.F is a backdoor Trojan horse that connects to an IRC server and waits for commands from an attacker.
Bagle.AY
This malware was reported by: Panda Software
Bagle.AY is a worm that ends processes belonging to several antivirus update programs, among other applications.Bagle.AY spreads via e-mail, in a message with an attached file with a random name and a ZIP extension. This file contains an HTML file, toget
W32/Forbot-M
This malware was reported by: Sophos
W32/Rbot-IA
This malware was reported by: Sophos
WORM_MYDOOM.T
This malware was reported by: Trendmicro
This worm usually arrives via email and use the WORDPAD icon to fool the user into clicking the file:
W32/Mydoom.t@MM
This malware was reported by: Network Associates Inc
This new variant, packed with UPX, bears the following characteristics:
contains its own SMTP engine for constructing messages
harvests target email addresses from the victim machine
forges the From: header of outgoing messages
downlo
Neededware
This malware was reported by: Panda Software
Neededware is an adware type program, which offers users an application in exchange for viewing a series of advertisements.Neededware downloads and runs programs without users consent.Additionally, it displays undesired popup advertisements.
WUpd
This malware was reported by: Panda Software
WUpd is an adware type program, which offers users an application in exchange for viewing a series of advertisements.WUpd stores information on the Internet usage habits of the affected user and displays popup advertisements founding on this data.WUpd co
W32/Sdbot.worm!ftp
This malware was reported by: Network Associates Inc
This is a detection for an FTP script which is dropped by a virus.
The machine which identifies the script has been remotely "attacked" by a machine which is infected with one of many variants of W32/SDBot.worm.gen.
These variants of W32/S
W32/Rbot-KO
This malware was reported by: Sophos
MyDoom.T
This malware was reported by: F-Secure
W32.Remadmin
This malware was reported by: Symantec
W32.Remadmin is a worm that attempts to propagate through network shares.
Paps.C
This malware was reported by: Computer Associates
Win32.Paps.C is a mass mailing worm, which propagates via e-mail.
W32.Bugbear.M@mm
This malware was reported by: Symantec
W32.Bugbear.M@mm is a mass-mailing worm that sends itself to email addresses it gathers from certain files on the system, using its own SMTP engine.
W32.Mydoom.R@mm
This malware was reported by: Symantec
W32.Mydoom.R@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. The email contains a spoofed From address. The subject and message body vary, and the attachment has a .bat,
W32/Rbot-IE
This malware was reported by: Sophos
W32.IRCBot.D
This malware was reported by: Symantec
W32.IRCBot.D is a backdoor Trojan horse that connects to a remote IRC server and awaits commands from the attacker.
W32/Forbot-C
This malware was reported by: Sophos
Mydoom.T
This malware was reported by: Computer Associates
Win32.Mydoom.T is a worm that spreads via e-mail. The worm has been distributed as a 37,888-byte, UPX-packed Win32 executable and may be included in a ZIP a
W32/Rbot-IH
This malware was reported by: Sophos
W32/MyWife.c@MM
This malware was reported by: Network Associates Inc
W32/Britney-B
This malware was reported by: Sophos
Mywife.C
This malware was reported by: Panda Software
W32/Rbot-FL
This malware was reported by: Sophos
Mywife.D
This malware was reported by: Panda Software
Mydoom.T
This malware was reported by: Panda Software
Mydoom.T is a worm that opens the Notepad and displays junk data.Mydoom.T spreads via e-mail in a message with variable characteristics and through the peer-to-peer (P2P) file sharing program KaZaA.
W32.Blackmal.C@mm
This malware was reported by: Symantec
W32.Blackmal.C@mm is a mass-mailing worm that lowers security settings by deleting files associated with security applications. It sends a copy of itself to all email addresses gathered from the MSN Messenger and Yahoo Pager address books as well as from
W97M.Sun.B
This malware was reported by: Symantec
W97M.Sun.B is a macro virus that infects the Microsoft Word Normal.dot template file in order to infect other Word documents when they are opened.
W32.IRCBot.E
This malware was reported by: Symantec
W32.IRCBot.E is a Backdoor Trojan horse that connects to an IRC server and awaits commands from a remote attacker.
Blackmal.C
This malware was reported by: Computer Associates
Dluca.J
This malware was reported by: Computer Associates
Win32.Dluca.J is a downloading trojan.
W32/Nyxem-C
This malware was reported by: Sophos
W32/Rbot-IP
This malware was reported by: Sophos
Trojan.Win32.StartPage.nw
This malware was reported by: F-Secure
Nyxem.D
This malware was reported by: F-Secure
This variant of the Nyxem worm was found in September 2004.
The worm spreads itself via emails.
It deletes files of various security applications.
WORM_BLUEWORM.D
This malware was reported by: Trendmicro
This memory-resident worm propagates through network shares and Internet Relay Chat (IRC). It drops several copies of itself in the Windows and the Windows system folders. Some of the dropped files are ZIP-compressed, in which case it uses the WinZip appl
WORM_BLUEWORM.C
This malware was reported by: Trendmicro
This memory-resident worm propagates through network shares and Internet Relay Chat (IRC). It drops several copies of itself in the Windows and the Windows system folders. The dropped files may have any of the following extensions:
W32/Neveg-C
This malware was reported by: Sophos
PWSteal.Eyoni
This malware was reported by: Symantec
PWSteal.Eyoni is a Trojan horse program that steals passwords by installing itself as a Browser Helper Object. It logs URLs and passwords entered into Internet Explorer.
Sdbot.AQA
This malware was reported by: Panda Software
Sdbot.AQA is a worm with backdoor characteristics, which allows hackers to gain remote access to the affected computer in order to carry out actions that compromise user confidentiality and impede the tasks performed.Sdbot.AQA uses its own IRC client in
W32.IRCBot.G
This malware was reported by: Symantec
W32.IRCBot.G is a Trojan horse program that opens a backdoor on the infected computer by connecting to an IRC server and receives commands from a remote attacker.
W32.Gaobot.BIA
This malware was reported by: Symantec
W32.Gaobot.BIA is a network-aware worm that spreads to remote network shares, through backdoors opened by other common backdoor Trojan horse programs, and by exploiting several Windows vulnerabilities. The worm opens a backdoor and allows a remote attac
W32/Sdbot-RY
This malware was reported by: Sophos
RemAdm-XNet
This malware was reported by: Network Associates Inc
Downloader-PG
This malware was reported by: Network Associates Inc
W32/Sdbot-OV
This malware was reported by: Sophos
W32.Spybot.DHV
This malware was reported by: Symantec
W32.Spybot.DHV is a worm that may be remotely controlled through IRC channels. The worm includes a Distributed Denial of Service (DDoS) and backdoor capabilities. It also tries to steal confidential information.
W32.IRCBot.H
This malware was reported by: Symantec
W32.IRCBot.H is a Trojan horse program that opens a backdoor on the infected computer by connecting to an IRC server, and receives commands from a remote attacker.
W32.Gaobot.BIE
This malware was reported by: Symantec
W32.Gaobot.BIE is a worm that spreads to remote network shares, through backdoors opened by other common backdoor Trojan horse programs, and by exploiting several Windows vulnerabilities. The worm opens a backdoor and allows a remote attacker to have un
W32/Rbot-IK
This malware was reported by: Sophos
W32/Rbot-IL
This malware was reported by: Sophos
W32/Rbot-IO
This malware was reported by: Sophos
FSG
This malware was reported by: Network Associates Inc
Zusha
This malware was reported by: F-Secure
Zusha worm (both A and B variants) were found on September 8th,
2004. Zusha is a network worm that spreads using LSASS (MS04-011)
exploit. It also downloads and runs additional files from
Internet. These files are downloaders, they can also kill
firew
W32.Sandalu
This malware was reported by: Symantec
Uploader-R.dr
This malware was reported by: Network Associates Inc
Uploader-R
This malware was reported by: Network Associates Inc
WORM_BLUEWORM.F
This malware was reported by: Trendmicro
This memory-resident worm propagates via email. It drops several copies of itself in the Windows and the Windows system folders. Some of the dropped files compressed using the WinZip application.
PWSteal.Bancos.L
This malware was reported by: Symantec
PWSteal.Bancos.L is a password-stealing Trojan horse that mimics the interface of certain Brazilian banks in an attempt to collect passwords and other sensitive information from users.
Trojan.Riler
This malware was reported by: Symantec
Trojan.Riler is a backdoor Trojan horse program that installs itself as a Layered Service Provider (LSP), and allows a remote attacker to have unauthorized access to an infected computer.
Sddrop.D
This malware was reported by: Computer Associates
Win32.Sddrop.D ia a worm that spreads via Peer-to-Peer file sharing networks and acts as an IRC-controlled backdoor that allows unauthorized access to an af
Lovgate.BD
This malware was reported by: Computer Associates
Lovgate.BD is a worm that spreads via e-mail, network shares, and the Kazaa file sharing network. It may be distributed stored inside an archive file and ma
Cissi.H
This malware was reported by: Computer Associates
Win32.Cissi.H is a worm that spreads by compromising network shares protected by weak passwords. It also contains backdoor functionality that allows unautho
Wintrim.U
This malware was reported by: Computer Associates
Randin.A
This malware was reported by: Computer Associates
Win32.Randin.A is a worm that spreads via network shares and installs an HTTP proxy on affected machines.
W32/Sdbot-OY
This malware was reported by: Sophos
W32/Mydoom.u@MM
This malware was reported by: Network Associates Inc
W32/Rbot-IT
This malware was reported by: Sophos
AdClicker-AZ
This malware was reported by: Network Associates Inc
W32/Forbot-Q
This malware was reported by: Sophos
BackDoor-CEB.c
This malware was reported by: Network Associates Inc
Uploader-P
This malware was reported by: Network Associates Inc
W32.Mydoom.S@mm
This malware was reported by: Symantec
W32.MyDoom.S@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B.
Backdoor.Nemog.B
This malware was reported by: Symantec
Backdoor.Nemog.B is a backdoor Trojan horse program that allows an infected computer to be used as an email relay and http proxy. The Trojan also blocks access to several security related Web sites.
Uploader-S
This malware was reported by: Network Associates Inc
MyDoom.U
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.U, was found on September
9th, 2004. This worm variant is similar to previous ones. It
spreads in e-mails with different subject and body texts,
downloads and activates a backdoor.
MyDoom.W
This malware was reported by: F-Secure
And yet another new variant of MyDoom worm - Mydoom.W, was found
on September 9th, 2004. This worm variant is very similar to
previous variants: Mydoom.U and Mydoom.V. It spreads in e-mails
with different subject and body texts, downloads and activate
MyDoom.V
This malware was reported by: F-Secure
Another new variant of MyDoom worm - Mydoom.V, was found on
September 9th, 2004. This worm variant is very similar to
previous variant: Mydoom.U. It spreads in e-mails with different
subject and body texts, downloads and activates a backdoor.
W32.Mydoom.T@mm
This malware was reported by: Symantec
W32.Mydoom.T@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B.
W32.Mydoom.T@mm differs from W32.Mydoom.S@mm as follows:
Different mutex name.
Different file names.
Mydoom.W
This malware was reported by: Panda Software
Mydoom.W is a worm that connects to several websites in order to download and installs a file belonging to a backdoor, on the affected computer.Mydoom.W spreads via e-mail in a message with variable characteristics.
Mydoom.V
This malware was reported by: Panda Software
Mydoom.V is a worm that connects to several websites in order to download and installs a file belonging to a backdoor, on the affected computer.Mydoom.V spreads via e-mail in a message with variable characteristics.
Mydoom.U
This malware was reported by: Panda Software
Mydoom.U is a worm that connects to several websites in order to download and installs a file belonging to a backdoor, on the affected computer.Mydoom.U spreads via e-mail in a message with variable characteristics.
W32/MyDoom-V
This malware was reported by: Sophos
Mydoom.U
This malware was reported by: Computer Associates
Win32.Mydoom.U is a worm that spreads via e-mail. It has been distributed as a 18,200-byte, UPX-packed Win32 executable and may be included in a ZIP archive
Gavvo.C
This malware was reported by: Computer Associates
W32.Gaobot.BIQ
This malware was reported by: Symantec
W32.Gaobot.BIQ is a network-aware worm that has backdoor capabilities and can be controlled through IRC channels.
Trojan.Dasda
This malware was reported by: Symantec
Trojan.Dasda is a Trojan horse that can download and execute remote files and open a backdoor on an infected computer.
W32.Mydoom.U@mm
This malware was reported by: Symantec
W32.Mydoom.U@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension.
WORM_MYDOOM.P
This malware was reported by: Trendmicro
This MYDOOM variant mainly propagates via email. Using its own SMTP (Simple Mail Transfer Protocol) engine, this worm sends an email with varying subjects, message bodies, and attachment file names. The file attachment may arrive inside a .ZIP archive.
Mydoom.W
This malware was reported by: Computer Associates
Win32.Mydoom.W is a worm that spreads via e-mail. It has been distributed as a 18,432-byte, UPX-packed Win32 executable and may be included in a ZIP archive
Mydoom.X
This malware was reported by: Computer Associates
Win32.Mydoom.X is a worm that spreads via e-mail. The worm has been distributed as a UPX-packed Win32 executable and may be included in a ZIP archive.
Mydoom.V
This malware was reported by: Computer Associates
Win32.Mydoom.V is a worm that spreads via e-mail. It has been distributed as a 18,200-byte, UPX-packed Win32 executable and may be included in a ZIP archive
W32/Rbot-IY
This malware was reported by: Sophos
Troj/Optix-PRO
This malware was reported by: Sophos
MyDoom.X
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.X, was found on September
10th, 2004. This worm variant is similar to previous variants:
Mydoom.U-W. It spreads in e-mails with different subject and body
texts, downloads and activates a backdoor.