W32/Sdbot-QH
This malware was reported by: Sophos


W32.Spybot.FBG
This malware was reported by: Symantec
W32.Spybot.FBG is a worm that may be remotely controlled via IRC channels. It includes distributed denial of service (DDoS) and back door capabilities. The worm also attempts to steal confidential information from the infected computer. Note: Virus defi

MS04-028
This malware was reported by: Computer Associates


W32/Forbot-BN
This malware was reported by: Sophos


W32/Sdbot-QJ
This malware was reported by: Sophos


W32/Rbot-ND
This malware was reported by: Sophos


W32/Traxg-B
This malware was reported by: Sophos


WORM_WOOTBOT.BJ
This malware was reported by: Trendmicro
This worm takes advantage of the Windows LSASS vulnerability in order to propagate.

W32/Forbot-BP
This malware was reported by: Sophos


W32/Forbot-BI
This malware was reported by: Sophos


Mydoom.AD
This malware was reported by: Panda Software
 Mydoom.AD is a worm that modifies the HOSTS file, in order to prevent the user from accessing several antivirus companies.Additionally, Mydoom.AD attempts to download another worm, detected by Panda Software as W32/Scranor.A.worm, from a certain website.

Exploit-ZIP
This malware was reported by: Network Associates Inc


W32.Bacros
This malware was reported by: Symantec
W32.Bacros is a Trojan horse that drops W97M.Bacros.

W32.Darby.B
This malware was reported by: Symantec
W32.Darby.B is a worm that uses file-sharing networks, email, network file sharing, and Internet Relay Chat (IRC) to spread. The worm may also attempt to disable antivirus and firewall software. Note: Virus Definitions dated prior to October 18, 2004 ma

W32/Bagz.d@MM
This malware was reported by: Network Associates Inc
This variant of W32/Bagz@MM is similar to previous variants (for example W32/Bagz.b@MM ), bearing the following characteristics: it is packed with UPX consists of multiple file components constructs messages using its own SMTP engine, at

WORM_MYDOOM.AA
This malware was reported by: Trendmicro
This MYDOOM worm, like earlier MYDOOM variants, mainly spreads via email. The email message it sends out has varying subjects, message bodies and attachment names, some examples of which are as follows:

Backdoor.Roxe.B
This malware was reported by: Symantec
Backdoor.Roxe.B is a backdoor Trojan horse that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028). Note: Virus definitions dated prior to October 19, 2004 de

W32.Spybot.FCD
This malware was reported by: Symantec
W32.Spybot.FCD: Is a worm that may be remotely controlled, via Internet Relay Chat (IRC) channels. Includes Distributed Denial of Service (DDoS) and backdoor capabilities. Attempts to steal confidential information from the compromised system Attempt

W32.Watsoon.A
This malware was reported by: Symantec
W32.Watsoon.A is a polymorphic Trojan horse that opens a backdoor on a compromised computer. By default is uses TCP port 19381.

Scranor.A
This malware was reported by: Computer Associates
Win32.Scranor.A is a worm that spreads via P2P file sharing networks and IRC.

W32/Spybot-DF
This malware was reported by: Sophos


W32/Forbot-BQ
This malware was reported by: Sophos


W32/Rbot-NC
This malware was reported by: Sophos


W32/Forbot-BR
This malware was reported by: Sophos


W32/Wort-B
This malware was reported by: Sophos


StartPage-EK
This malware was reported by: Network Associates Inc


Bagz.E
This malware was reported by: Panda Software
 Bagz.E is a worm that ends processes belonging to antivirus programs and other security tools, among others. This leaves the affected computer vulnerable to the attack of other malware.Bagz.E also modifies the HOSTS file, so that several websites belongi

W32.Bagz.D@mm
This malware was reported by: Symantec
W32.Bagz.D@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from an infected computer. This worm also prevents access to several Web sites by overwriting the local hosts file. It also disables certain sec

BackDoor-CEB.e
This malware was reported by: Network Associates Inc


WORM_BAGZ.C
This malware was reported by: Trendmicro
This WORM_BAGZ variant utilizes SMTP or Simple Mail Transfer Protocol to mass-mail copies of itself to recipients gathered from an infected system.

Bloodhound.Exploit.17
This malware was reported by: Symantec
Bloodhound.Exploit.17 is a heuristic detection for malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) image files that are potentially related to the Graphics Rendering Engine vulnerability, which is described in Microsoft Security Bulletin M

KillFiles.AB
This malware was reported by: Computer Associates


W32/Rbot-NG
This malware was reported by: Sophos


W32/Sluter-E
This malware was reported by: Sophos


W32/Rbot-NA
This malware was reported by: Sophos


Troj/Banker-EK
This malware was reported by: Sophos


W32/Forbot-AR
This malware was reported by: Sophos


PWCrack-Brutus
This malware was reported by: Network Associates Inc


Trojan.Sens
This malware was reported by: Symantec
Trojan.Sens is a Trojan horse program that installs itself as a service and monitors network activity on the infected computer. The Trojan also sends information stolen from the infected computer to a remote attacker.

Agobot
This malware was reported by: F-Secure
Agobot is an IRC-controlled backdoor with network spreading capabilities. When spreading it can exploit several vulnerabilities: - RPC/DCOM (MS03-026) - RPC/Locator (MS03-001) - WebDAV (MS03-007) RPC/DCOM and RPC/Locator is used when the worm trie

Netsky.AG
This malware was reported by: F-Secure
The worm previous identified as NetSky.AH and NetSky.AG has been renamed to Buchon. A closer look revealed that they have little in common. The description for Buchon can be found from: http://www.f-secure.com/v-descs/buchon.shtml

W32/Netsky.ah@MM
This malware was reported by: Network Associates Inc
-- Update October 22nd 2004 -- The risk assessment of this threat has been deemed Low-Profiled due to the following media attention: http://www.zdnet.com.au/news/security/0,2000061744,39163849,00.htm The worm is referred to as a new

W32/Netsky-AE
This malware was reported by: Sophos


W32/Forbot-BN
This malware was reported by: Sophos


Backdoor.Emcommander
This malware was reported by: Symantec
Backdoor.Emcommander is a Backdoor Trojan distributed as an EMF image file. It exploits the Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS04-032) and allows an attacker

Backdoor.Haxdoor.C
This malware was reported by: Symantec
Backdoor.Haxdoor.C is a Trojan horse program that opens a back door on the compromised system and allows unauthorized access to a remote attacker. It also attempts to steal passwords.

Netsky.AG
This malware was reported by: Computer Associates
Win32.Buchon.B is a worm that spreads via e-mail. It spreads in the form of a 30,752-byte, UPX-packed executable.

Netsky.AF
This malware was reported by: Computer Associates


WORM_NETSKY.AI
This malware was reported by: Trendmicro


W32.Netsky.AE@mm
This malware was reported by: Symantec
W32.Buchon.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the infected computer. Notes: Definitions dated prior to Oct 23, 2004 detect this threat as W32.Netsky.AE@mm.

W32/Rbot-NJ
This malware was reported by: Sophos


W32/Rbot-ND
This malware was reported by: Sophos


MS04-032.gen
This malware was reported by: Panda Software


EMFTrojan
This malware was reported by: Panda Software


W32/Baba-A
This malware was reported by: Sophos


W32/Forbot-BP
This malware was reported by: Sophos


Netsky.AI
This malware was reported by: Panda Software


Netsky.AH
This malware was reported by: Panda Software


W32/Spybot-DF
This malware was reported by: Sophos


W32/Buchon.gen@MM
This malware was reported by: Network Associates Inc
-- Update October 22nd 2004 -- The risk assessment of this threat has been deemed Low-Profiled due to the following media attention: http://www.zdnet.com.au/news/security/0,2000061744,39163849,00.htm The worm is referred to as a new

W32/Buchon@mm
This malware was reported by: F-Secure
The worm previous identified as NetSky.AH and NetSky.AG has been renamed to Buchon. A closer look revealed that they have little in common. The description for Buchon can be found from: http://www.f-secure.com/v-descs/buchon.shtml

W32/Buchon@mm
This malware was reported by: F-Secure
W32/Buchon@mm worm was found on October 21st, 2004. This variant is probably a hack made in South Korea. It was originally identified as Netsky, but all major Antivirus vendors realized it has not much to do with that family besides some similarities

W32/NetSky.AH@mm
This malware was reported by: F-Secure
The worm previous identified as NetSky.AH and NetSky.AG has been renamed to Buchon. A closer look revealed that they have little in common. The description for Buchon can be found from: http://www.f-secure.com/v-descs/buchon.shtml

W32/NetSky.AG@mm
This malware was reported by: F-Secure
The worm previous identified as NetSky.AH and NetSky.AG has been renamed to Buchon. A closer look revealed that they have little in common. The description for Buchon can be found from: http://www.f-secure.com/v-descs/buchon.shtml

WORM_BAGZ.D
This malware was reported by: Trendmicro
This worm arrives via email. Upon execution, it drops the following files in the Windows system folder:

Buchon.B
This malware was reported by: Computer Associates
Win32.Buchon.B is a worm that spreads via e-mail. It spreads in the form of a 30,752-byte, UPX-packed executable.

Buchon.A
This malware was reported by: Computer Associates
Win32.Buchon.A is a worm that spreads via e-mail. It spreads in the form of a 30,752-byte, UPX-packed executable.

W32.Buchon.A@mm
This malware was reported by: Symantec
W32.Buchon.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the infected computer. Notes: Definitions dated prior to Oct 23, 2004 detect this threat as W32.Netsky.AE@mm.

WORM_BUCHON.B
This malware was reported by: Trendmicro
This worm propagates itself via email using email addresses it gathers from an affected system.

W32/Bagz-D
This malware was reported by: Sophos


W32/Forbot-BW
This malware was reported by: Sophos


W32/Forbot-BQ
This malware was reported by: Sophos


W32.Bagz.E@mm
This malware was reported by: Symantec
W32.Bagz.E@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from an infected computer. This worm also prevents access to several Web sites by overwriting the local hosts file. The email will have a varia

WORM_TURON.B
This malware was reported by: Trendmicro
This memory resident worm arrives and propagates through email using its own SMTP engine. It is also able to propagate via network shares.

Gema.D
This malware was reported by: Computer Associates
Win32.Gema.D is a trojan that downloads and executes arbitrary files. It has been distributed as a 14,336-byte, PECompact compressed, Win32 executable.

Bagz.B
This malware was reported by: Computer Associates
Win32.Bagz.B is a worm that spreads via e-mail.

SH/Renepo-A
This malware was reported by: Sophos


W32/Forbot-BR
This malware was reported by: Sophos


W32/Rbot-NK
This malware was reported by: Sophos


W32/Rbot-NG
This malware was reported by: Sophos


W32/Forbot-BU
This malware was reported by: Sophos


OF97/Toraja-I
This malware was reported by: Sophos


StartPage-FG
This malware was reported by: Network Associates Inc


W32/Bagz.e@MM
This malware was reported by: Network Associates Inc
This variant is similar to its predecessor, bearing the following characteristics: harvests email addresses from the victim machine consists of multiple file components constructs messages using its own SMTP engine, attaching itself as

W32.Huayu
This malware was reported by: Symantec
W32.Huayu is a worm that spreads by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability, described in Microsoft Security Bulletin MS04-011. It only spreads to IP addresses between 211.159.93.0 and 211.159.93.255. This worm opens a bac

MacOS.Renepo.B
This malware was reported by: Symantec
SH.Renepo.B is a data-collecting script virus that only runs on Mac OS X systems. Note: Virus definitions dated prior to October 26, 2004 may detect this threat as MacOS.Renepo.B or Hacktool.Openerscript.

Backdoor.Sdbot.AE
This malware was reported by: Symantec
Backdoor.Sdbot.AE is a backdoor Trojan horse program that spreads via network shares and allows a remote attacker to gain unauthorized access to a compromised system. Existence of the file samx.exe is an indication of a possible infection.

Renepo.A
This malware was reported by: Computer Associates
SH.Renepo.A is a worm that copies itself to Mac OS X systems through OS X file sharing. Its purpose is to gather sensitive user information and passwords. I

WORM_SWASH.A
This malware was reported by: Trendmicro
This memory resident worm spreads via email through Simple Mail Transfer Protocol (SMTP), gathering target recipients from the local hard disk. It also generates email addresses by selecting a user name from its own list, and appending it to a selected do

Renepo
This malware was reported by: Computer Associates
SH.Renepo.A is a worm that copies itself to Mac OS X systems through OS X file sharing. Its purpose is to gather sensitive user information and passwords. I

W32/Rbot-NS
This malware was reported by: Sophos


Troj/Banker-EK
This malware was reported by: Sophos


W32/Rbot-NT
This malware was reported by: Sophos


W32/Rbot-NJ
This malware was reported by: Sophos


W32.Mydoom.AG@mm
This malware was reported by: Symantec
W32.Mydoom.AG@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on the infected computer. It also propagates through popular peer-to-peer networks. The email will have a variable subject and att

Mydoom.AE
This malware was reported by: Computer Associates
Win32.Mydoom.AE is a worm that spreads via e-mail and P2P file sharing networks.

WORM_VOTE.L
This malware was reported by: Trendmicro
This memory resident worm arrives and propagates via email. Upon execution, it drops a copy of itself as the file IRAQ.SCR in the Windows system folder and the Recycle Bin.

W32/Rbot-NU
This malware was reported by: Sophos


W32/Baba-A
This malware was reported by: Sophos


MAC_RENEPO.B
This malware was reported by: Trendmicro
This malicious startup script installs itself on an affected system in order to execute itself at every system startup. When executed, this script performs the following operations:


Anti virus links

Anti-virus programs
Virus history
Top-100 malware
Svenska
Antivirus programs


Sitemap


Anti virus and malware

  Anti virus