Bagz.F
This malware was reported by: Computer Associates
Win32.Bagz.F is a worm that spreads via e-mail. It has been distributed as a 166,913-byte, UPX-packed, Win32 executable, which may be inside a ZIP archive.
W32.Bagz.H@mm
This malware was reported by: Symantec
W32.Bagz.H@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses gathered from a compromised system. It also lowers the security settings by overwriting the local hosts file and preventing access to several securit
WORM_AGOBOT.AAN
This malware was reported by: Trendmicro
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
Backdoor.Alcani
This malware was reported by: Symantec
W32/Rbot-OV
This malware was reported by: Sophos
W32/Agobot-NU
This malware was reported by: Sophos
W32/Bagz.gen@MM
This malware was reported by: Network Associates Inc
This is a generic detection for members of the W32/Bagz family of viruses. If the sample is identified as W32/Bagz.gen@MM then McAfee AV products will successfully clean the virus from your system
Top of Page
W32/Bagz.f@MM
This malware was reported by: Network Associates Inc
This variant bears the following characteristics:harvests email addresses from the victim machine
consists of multiple file components
constructs messages using its own SMTP engine, attaching itself as an EXE (sometimes within a ZIP arch
Backdoor.Alnica
This malware was reported by: Symantec
Backdoor.Alnica is a Backdoor Trojan horse that allows unauthorized remote access to the infected computer.
JS/QHosts21-A
This malware was reported by: Sophos
W32/Forbot-BZ
This malware was reported by: Sophos
W32.Shodi.D
This malware was reported by: Symantec
W32.Shodi.D is a virus that infects .exe files but does not infect system files. It attempts to open a backdoor to allow remote attackers to have unauthorized access to a compromised system.
W32.Josam.Worm
This malware was reported by: Symantec
W32.Josam.Worm is a worm that spreads via email using its own SMTP engine. It requires the run-time files, Vcl50.bpl and NMFast50.bpl, to run.
W32/Rbot-OX
This malware was reported by: Sophos
W32/Bagle-AU
This malware was reported by: Sophos
W32/Famus-F
This malware was reported by: Sophos
W32/Bagle-AV
This malware was reported by: Sophos
Exploit-MS04-032!gdi
This malware was reported by: Network Associates Inc
W32/Bagle!eml.gen
This malware was reported by: Network Associates Inc
WORM_RBOT.WI
This malware was reported by: Trendmicro
This worm propagates via network shares. It searches for and lists down shared folders, where it drops a copy of itself using the gathered information. It uses a hardcoded list of passwords to access shared folders.
W32/Rbot-OY
This malware was reported by: Sophos
W32/Shodi-F
This malware was reported by: Sophos
Backdoor.Ranky.L
This malware was reported by: Symantec
Backdoor.Ranky.L is a backdoor server program that allows a remote attacker to proxy HTTP traffic through a compromised system.
The backdoor arrives on the system as favad.exe.
Backdoor.Hacarmy.F
This malware was reported by: Symantec
Backdoor.Hacarmy.F is a backdoor server program that allows unauthorized remote access to an infected computer.
W32/Rbot-PA
This malware was reported by: Sophos
W32/Leebad-A
This malware was reported by: Sophos
W32/Killis
This malware was reported by: Network Associates Inc
This virus infects existing files and then corrupts them.
When run, the virus searches for files with the extensions "*.ex" or ".sc*" under the following directories.
Current Directory
Windows Directory, typically C:Windows
System Dire
Defacer
This malware was reported by: Network Associates Inc
VBS/IISDel.worm
This malware was reported by: Network Associates Inc
Thi VBS script virus spreads via floppy diskette, and deletes files in the IIS web directory.
When run, this virus copies itself to "a:freexxx", "C:windowssys16klvb.vbs". Next, it drops a file named ms-iispatch.bat file in the directory "C:
Bagz.H
This malware was reported by: Panda Software
Bagz.H is a worm that modifies the HOSTS file in order to prevent access to websites belonging to several computer security companies, among others. By doing this, Bagz.H does not allow to update antivirus programs.Bagz.H also prevents certain security t
Mitglieder.AY
This malware was reported by: Panda Software
Mitglieder.AY is a worm that ends processes belonging to applications that provide updates for different antivirus programs.Every six hours, Mitglieder.AY attempts to download a file from different web addresses. If successful, this file downloads and ru
Citifraud.A
This malware was reported by: Panda Software
Citifraud.A is a Trojan that exploits the Internet Explorer vulnerability Improper URL Canonicalization, which allows to misrepresent the web address displayed in the address bar of Internet Explorer.Citifraud.A consists of an HTML file that contains a l
W32/Sdbot-QX
This malware was reported by: Sophos
W32/Rbot-OP
This malware was reported by: Sophos
Exploit-IframeBO
This malware was reported by: Network Associates Inc
X97M.Avone.A
This malware was reported by: Symantec
X97M.Avone.A is a virus that infects Excel workbooks and deletes files.
Trojan.Beagooz
This malware was reported by: Symantec
Trojan.Beagooz is a Trojan that collects and sends email addresses to a remote server.
The Trojan is downloaded by W32.Beagle.AV@mm and W32.Beagle.AW@mm.
Backdoor.Maxload
This malware was reported by: Symantec
Backdoor.Maxload is a backdoor Trojan horse that affects Linux and Unix computers and allows unauthorized remote access to an infected computer.
TROJ_GETEGOLD.A
This malware was reported by: Trendmicro
TrendLabs has recently discovered another Trojan that seeks to gain profit for its author.
W32/Forbot-CD
This malware was reported by: Sophos
W32/Rbot-OR
This malware was reported by: Sophos
Exploit-MS04-022
This malware was reported by: Network Associates Inc
W32.Randex.BTB
This malware was reported by: Symantec
W32.Randex.BTB is a network-aware worm that spreads to network shares protected by weak passwords. It also opens a back door and may be remotely controlled via IRC channels.
W32/Rbot-PC
This malware was reported by: Sophos
W32/Bagz-F
This malware was reported by: Sophos
W32/Rbot-PE
This malware was reported by: Sophos
W32/Rbot-OV
This malware was reported by: Sophos
W32.Linkbot.A
This malware was reported by: Symantec
W32.Linkbot.A is a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-11) to propagate. It also creates an IRC backdoor and attempts to install adware on the infected computer.
Troj/Bancban-AC
This malware was reported by: Sophos
JS/QHosts21-A
This malware was reported by: Sophos
VBS.Midfin@mm
This malware was reported by: Symantec
VBS.Midfin@mm is a mass-mailing worm that sends itself to all the email addresses in the Microsoft Outlook address book. It also spreads using MIRC, and it infects all the VBS and VBE files.
W32/Bofra-A
This malware was reported by: Sophos
W32/Rbot-OX
This malware was reported by: Sophos
W32.Gaobot.BQJ
This malware was reported by: Symantec
W32.Gaobot.BQJ is a network-aware worm that opens a backdoor and can be controlled through IRC channels. It also attempts to lower security settings by terminating processes and by blocking access to security related Web sites. It spreads by exploiting v
Backdoor.IRC.Bifrut
This malware was reported by: Symantec
Backdoor.IRC.Bifrut is a Trojan horse program that opens a backdoor and allows a remote attacker to control the compromised system through IRC and FTP channels.
Trojan.Beagooz.B
This malware was reported by: Symantec
Trojan.Beagooz.B is a Trojan that gathers and sends email addresses to a remote server.
Variants of this Trojan have been known to be downloaded by worms of the Beagle family.
W32/Mydoom.ag@MM
This malware was reported by: Network Associates Inc
This W32/Mydoom@MM variant makes use of a zero day attack targeting a Microsoft Internet Explorer IFRAME buffer overflow vulnerability
.
The virus spreads by sending email messages to addresses found on the local system. The message appea
W32/Forbot-CF
This malware was reported by: Sophos
W32/Famus-F
This malware was reported by: Sophos
Trojan.Beagooz.C
This malware was reported by: Symantec
Trojan.Beagooz.C is a Trojan horse program that collects email addresses and sends them to a remote server.
It has been reported that variants of this Trojan may be downloaded by worms from the Beagle family.
W32/Mydoom.ah@MM
This malware was reported by: Network Associates Inc
Bloodhound.Exploit.18
This malware was reported by: Symantec
Bloodhound.Exploit.18 is a heuristic detection for HTML files attempting to exploit the recent Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability discovered in Internet Explorer 6.0. The vulnerability is still unpatched by
WORM_MYDOOM.AI
This malware was reported by: Trendmicro
WORM_MYDOOM.AH
This malware was reported by: Trendmicro
Like previous MYDOOM variants, this worm spreads via email. However, it is the first variant to use the Microsft Internet Explorer (IE) IFRAME exploit.
W32/Mydoom.gen!eml
This malware was reported by: Network Associates Inc
This is a generic detection covering email messages sent by W32/Mydoom.ag@MM
and W32/Mydoom.ah@MM
. These messages do not contain an attachment.
Top of Page
W32.Mydoom.AH@mm
This malware was reported by: Symantec
W32/Bofra-B
This malware was reported by: Sophos
W32/Rbot-OY
This malware was reported by: Sophos
WORM_MYDOOM.AF
This malware was reported by: Trendmicro
This memory resident worm spreads via email through Simple Mail Transfer Protocol (SMTP), gathering target recipients from the local hard disk. It also generates email addresses by selecting a user name from its own list, and appending it to a selected do
MyDoom.AF
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.AF, was found on October
27th, 2004. The worm is similar to previous variants.
Note: this description has been renamed from Mydoom.AG to Mydoom.AF
on 9th of November, 2004.
W32.Mydoom.AI@mm
This malware was reported by: Symantec
W32/Rbot-PG
This malware was reported by: Sophos
W32/Rbot-PA
This malware was reported by: Sophos
MyDoom.AH
This malware was reported by: F-Secure
MyDoom.AH was renamed to Bofra.B. For a detailed description
please visit
http://www.f-secure.com/v-descs/bofra_b.shtml
Mydoom.AG
This malware was reported by: Computer Associates
Win32.Bofra.E is a worm that spreads via e-mail. The worm is a 21,508-byte Win32 executable. The worm executable is not attached to e-mail; rather, the e-
Mydoom.AF
This malware was reported by: Computer Associates
Win32.Bofra.C is a worm that spreads via e-mail. The worm is a 20,751-byte Win32 executable. The worm executable does not attach to e-mail; rather, the e-ma
Troj/StartPa-DO
This malware was reported by: Sophos
W32/Sdbot-QX
This malware was reported by: Sophos
W32.Orpheus.A
This malware was reported by: Symantec
W32.Orpheus.A is a network-aware worm that opens a backdoor on the infected host.
Note: Virus definitions dated prior to November 10, 2004 may detect this threat as W32.Cerberus.A.
MS04-039_ISA_SERVER
This malware was reported by: Trendmicro
This entry explains a vulnerability affecting Microsoft Internet Security and Acceleration (ISA) Server 2000 and Proxy Server 2.0.
MS Vulnerability MS04-039
This malware was reported by: Network Associates Inc
Mydoom.AH
This malware was reported by: Computer Associates
Win32.Bofra.B is a worm that spreads via e-mail. The worm is a 20,648-byte Win32 executable. The worm executable is not attached to e-mail; rather, the e-ma
W32/Beagooz
This malware was reported by: Network Associates Inc
W32/Rbot-PH
This malware was reported by: Sophos
W32/Forbot-CD
This malware was reported by: Sophos
Adware-IEDriver.dr
This malware was reported by: Network Associates Inc
Adware-IEDriver
This malware was reported by: Network Associates Inc
StartPage-FJ
This malware was reported by: Network Associates Inc
W32/Rbot-PJ
This malware was reported by: Sophos
W32/Rbot-PC
This malware was reported by: Sophos
StartPage-CP.gen
This malware was reported by: Network Associates Inc
IFRAME.BoF
This malware was reported by: Panda Software
IFRAME.BoF is an exploit for a buffer overrun vulnerability that occurs in Internet Explorer v6.0 running on Windows XP/2000 computers, and allows to remotely execute arbitrary code in the vulnerable computer, with the same privileges as the current user
Mydoom.AF
This malware was reported by: Panda Software
Mydoom.AF is a worm that opens the port 6667 and attempts to connect to several IRC servers.In order to spread to other computers, Mydoom.AF opens the port 1639 and makes the affected computer act as an HTTP server. Then, it sends e-mail messages to diff
Mydoom.AE
This malware was reported by: Panda Software
Mydoom.AE is a worm that opens the port 6667 and attempts to connect to several IRC servers.In order to spread to other computers, Mydoom.AE opens the port 1639 and makes the affected computer act as an HTTP server. Then, it sends e-mail messages to diff
Theug.B
This malware was reported by: Panda Software
Theug.B is a worm that does not have direct destructive effects.Theug.B spreads through the peer-to-peer (P2P) file sharing programs LimeWire and Morpheus.
MyDoom.AI
This malware was reported by: F-Secure
MyDoom.AI was renamed to Bofra.A. For a detailed description
please visit
http://www.f-secure.com/v-descs/bofra_a.shtml
Gavir.A
This malware was reported by: Panda Software
Gavir.A is a worm that downloads and runs the Trojan Legmir.BM in the affected computer.Gavir.A spreads across shared network resources, as it attempts to copy itself to the shared resources IPC$ and ADMIN$.
W32/Bofra-D
This malware was reported by: Sophos
W32/Rbot-PE
This malware was reported by: Sophos
W32.Mydoom.AJ@mm
This malware was reported by: Symantec
W32.Mydoom.AJ@mm is a mass-mailing worm that exploits Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515). It spreads by sending a link via email to the addresses that it finds on an infected computer.