W32/Myfip-F
This malware was reported by: Sophos
W32/Agobot-OV
This malware was reported by: Sophos
W32.Mugly.F@mm
This malware was reported by: Symantec
W32.Mugly.F@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The worm also drops and runs a W32.Spybot.Worm variant.
W32/Rbot-AGZ
This malware was reported by: Sophos
W32/Wurmark-D
This malware was reported by: Sophos
W32/Rbot-TL
This malware was reported by: Sophos
W32/Rbot-TE
This malware was reported by: Sophos
ADW_ADROAR.A
This malware was reported by: Trendmicro
Alias: AdRoar (PestPatrol), Adware-Adroar.dr (NAI), AdRoar (Ad-Aware), Adware.AdRoar (Symantec)
W32/Sdbot-TJ
This malware was reported by: Sophos
W32/Forbot-DK
This malware was reported by: Sophos
W32/Rbot-TP
This malware was reported by: Sophos
W32/Bobax-D
This malware was reported by: Sophos
EXPL_DHTMLEDIT.A
This malware was reported by: Trendmicro
Backdoor.Sdbot.AK
This malware was reported by: Symantec
Backdoor.Sdbot.AK is a network-aware worm that opens a back door and allows a remote attacker to gain unauthorized access to the compromised computer.
W32.Pejaybot
This malware was reported by: Symantec
W32.Pejaybot is a worm that attempts to spread via file-sharing networks and opens a back door by connecting to an IRC server.
Trojan.Blubber
This malware was reported by: Symantec
Trojan.Blubber is a rootkit that hooks several APIs in order to hide its services, processes, and files.
Backdoor.Omega
This malware was reported by: Symantec
Backdoor.Omega is a back door Trojan horse program that allows a remote attacker to take control of a compromised computer.
W32/MyDoom-AA
This malware was reported by: Sophos
W32/Rbot-TF
This malware was reported by: Sophos
W32/Mydoom.ap@MM
This malware was reported by: Network Associates Inc
This threat is proactively detected as W32/Mydoom.gen@MM with released DAT files.
AVERT is currently analyzing this threat. More information will be posted shortly.
Top of Page
EXPL_DHTML.GEN
This malware was reported by: Trendmicro
The detection for the generic pattern for file-based exploits of EXPL_DHTML.GEN has been removed since official pattern release 2.355.00 and above. This is mainly due to the fact that the patterns have encountered a number of False Alarms.
W32/Rbot-TQ
This malware was reported by: Sophos
W32/Wurmark-E
This malware was reported by: Sophos
W32/Forbot-DM
This malware was reported by: Sophos
W32/Sdbot-TG
This malware was reported by: Sophos
Mydoom.AH
This malware was reported by: Computer Associates
Win32.Mydoom.AH is a worm that spreads by sending e-mail that contains a link to the worm. It also contains keylogging functionality and attempts to steal s
Mydoom.AI
This malware was reported by: Computer Associates
Win32.Mydoom.AI is a worm that spreads via e-mail and P2P file sharing networks.
Exploit-IEPageSpoof
This malware was reported by: Network Associates Inc
Trojan.Netdepix.B
This malware was reported by: Symantec
Trojan.Netdepix.B is a Trojan horse program that attempts to exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) on randomly selected computers. This causes a remote file to be downloaded onto the com
Troj/Multidr-BP
This malware was reported by: Sophos
W32/Baba-B
This malware was reported by: Sophos
W32/Myfip-F
This malware was reported by: Sophos
W32/Baba-C
This malware was reported by: Sophos
W32/Rbot-AGZ
This malware was reported by: Sophos
Mydoom.AE
This malware was reported by: Panda Software
Mydoom.AE is a worm that modifies the HOSTS file, in order to prevent the user from accessing websites belonging to several antivirus companies.Mydoom.AE ends processes belonging to several antivirus programs, which leaves the affected computer vulnerabl
Backdoor.Lateda.B
This malware was reported by: Symantec
Backdoor.Lateda.B is a back door Trojan horse program that allows a remote attacker to download and execute files onto a compromised computer.
W32/Rbot-TS
This malware was reported by: Sophos
W32/Rbot-TL
This malware was reported by: Sophos
WORM_ZAR.A
This malware was reported by: Trendmicro
WORM_ZAR.A propagates via email using its own Messaging Application Programming Interface (MAPI) engine. It uses email addresses gathered from Microsoft Outlook as its recepients.
Tibick.C
This malware was reported by: Computer Associates
Win32.Tibick.C is a worm that spreads via Peer-to-Peer file sharing networks. It also contains limited backdoor functionality that allows its controller to
Backdoor.IRC.Whisper.B
This malware was reported by: Symantec
Backdoor.IRC.Whisper.B is a back door that allows an attacker unauthorized remote access to a compromised host through an IRC channel. The back door also allows the remote attacker access to use the compromised computer to exploit other hosts.
W32.Zar.A@mm
This malware was reported by: Symantec
W32.Zar.A@mm is a mass-mailing worm that uses MAPI to send an email to all addresses in the Microsoft Outlook Address Book. This threat is written in Visual Basic.
Note: Virus definitions dated prior to January 18, 2005 detect this threat as Bloodhound
VBS.Rowam.A
This malware was reported by: Symantec
VBS.Rowam.A is a Trojan horse program that attempts to delete files on a compromised computer. The Trojan may send email to all addresses in the Microsoft Address Book, but this is not used as a method of propagation.
Zar.a
This malware was reported by: F-Secure
Zar.A is a simple massmailer that attempts to spread on emails with
subject "Tsunami Donation! Please help!".
W32/Agobot-XB
This malware was reported by: Sophos
W32/Sdbot-TJ
This malware was reported by: Sophos
FakeTet
This malware was reported by: Network Associates Inc
This worm attempts to spread across the network using predefined network resources.
Executing this worm will load a functional, Tetris-style game on your system that might look similar to the pictures shown below.
Closing this worm will
W32/Zar@MM
This malware was reported by: Network Associates Inc
--Update 01/18/2005
This virus has been updated to Low-Profiled due to media attention:
http://www.itweb.co.za/sections/internet/2005/0501181134.asp?O=FPQQ
--
McAfee users are proactively protected from this threat when using the 4.2
Zar.A
This malware was reported by: Panda Software
Zar.A is a worm that attempts to launch DoS (Denial of Service) attacks against the website www.hacksector.de.Zar.A spreads via e-mail, in a message that refers to the tsunamis ocurred in South Asia in December 2004.
W32/Sdbot-TO
This malware was reported by: Sophos
W32/Rbot-TP
This malware was reported by: Sophos
W32/FakeTet.worm
This malware was reported by: Network Associates Inc
This worm attempts to spread across the network using predefined network resources.
Executing this worm will load a functional, Tetris-style game on your system that might look similar to the pictures shown below.
Closing this worm will
W32/Kassbot-A
This malware was reported by: Sophos
W32/MyDoom-AA
This malware was reported by: Sophos
WORM_WURMARK.D
This malware was reported by: Trendmicro
DlCust.A
This malware was reported by: Computer Associates
Win32.Dlcust.A is a trojan downloader. It has been distributed as an FSG-packed, Win32 executable.
DedRunner.B
This malware was reported by: Computer Associates
Envid.C
This malware was reported by: Computer Associates
Win32.Envid.C is a worm that spreads by sending e-mail that contains a link to the worm. The worm is downloaded when the user clicks on the link.
Agobot.ANW
This malware was reported by: Computer Associates
W32/Rbot-TV
This malware was reported by: Sophos
W32/Rbot-TQ
This malware was reported by: Sophos
W32/Rbot-TW
This malware was reported by: Sophos
W32/Forbot-DM
This malware was reported by: Sophos
Cabir.R
This malware was reported by: F-Secure
Cabir.R is a minor variant of Cabir.B the only significant
difference is that Cabir.R Spreads in fuyuan.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.T
This malware was reported by: F-Secure
Cabir.T is a minor variant of Cabir.B the only significant
difference is that Cabir.T Spreads in iLoveU.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/Cabir.Thtml
Cabir.O
This malware was reported by: F-Secure
Cabir.O is a minor variant of Cabir.B the only significant
difference is that Cabir.O Spreads in mobile.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.S
This malware was reported by: F-Secure
Cabir.S is a minor variant of Cabir.B the only significant
difference is that Cabir.S Spreads in guan4u.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.P
This malware was reported by: F-Secure
Cabir.P is a minor variant of Cabir.B the only significant
difference is that Cabir.P Spreads in 22207-.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.N
This malware was reported by: F-Secure
Cabir.N is a minor variant of Cabir.B the only significant
difference is that Cabir.N Spreads in -SEXY-.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.U
This malware was reported by: F-Secure
Cabir.U is a minor variant of Cabir.B the only significant
difference is that Cabir.U Spreads in SEXXXY.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Downloader.Admincash
This malware was reported by: Symantec
Trojan.Admincash is a Trojan horse program that infects the Explorer.exe file, lowers security settings in Windows, and downloads adware and dialers.
Note: Virus definitions dated prior to January 21, 2005 may detect this threat as Downloader.Admincash.
W32/Sdbot-TQ
This malware was reported by: Sophos
Troj/Multidr-BP
This malware was reported by: Sophos
PWSteal.Formglieder
This malware was reported by: Symantec
PWSteal.Formglieder is a Trojan horse program with keylogging capabilities that steals passwords for several banking Web sites and Web applications.
Rowam
This malware was reported by: Computer Associates
VBS.Rowam is an intended e-mail worm that can be harmful to Windows users. It deletes files and folders contained in the %Windows% and %System% directories
W32.Bropia
This malware was reported by: Symantec
Bropia.A
This malware was reported by: Computer Associates
Win32.Bropia.A is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
W32/Bropia.worm
This malware was reported by: Network Associates Inc
AVERT is currently analyzing this threat. More details will be posted shortly.
This worm may spread via MSN Messenger with the following filenames:
Drunk_lol.pif
Webcam_004.pif
sexy_bedroom.pif
naked_party.pif
love_me.pif
The worm
Zar.A
This malware was reported by: Computer Associates
Win32.Zar.A is a worm that spreads via e-mail.
RemAdm-DWRC
This malware was reported by: Network Associates Inc
Bropia.A
This malware was reported by: F-Secure
Bropia.A is a worm that uses MSN messenger for spreading by sending itself
as "Drunk_lol.pif", "Webcam_004.pif", "sexy_bedroom.pif", "naked_party.pif"
or "love_me.pif". It also drops a variant of Rbot
W32/Forbot-DR
This malware was reported by: Sophos
WORM_BROPIA.A
This malware was reported by: Trendmicro
This memory-resident worm attempts to propagate itself via MSN Messenger by sending a copy of itself using different file names. Thus, users of the said messaging program should not accept or open these files to avoid infection.
W32/Oddbob-C
This malware was reported by: Sophos
W32/Baba-C
This malware was reported by: Sophos
Bropia.A
This malware was reported by: Panda Software
Bropia.A is a worm that drops the worm detected by Panda Software as W32/Gaobot.CPC.worm in the affected computer.Aditionally, Bropia.A disables the shortcut keys Ctrl + Alt + Del and the secondary mouse button, and prevents the Task Manager and the Comm
Gaobot.batch
This malware was reported by: Panda Software
Worms belonging to the Gaobot family use several methods in order to spread to other computers. Some of those methods include downloading a file belonging to a variant of the Gaobot worm to a specific folder in a remote computer. Then, this file is run,
W32.Mydoom.AL@mm
This malware was reported by: Symantec
W32.Mydoom.AL@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses that it finds on a compromised computer. It also spreads by using ICQ instant messenger. The worm attempts to exploit the Microsoft Internet Explore
Trojan.Tannick.B
This malware was reported by: Symantec
Trojan.Tannick.B is a Trojan horse program that monitors Web sites visited and sends the information to a remote attacker.
PWSteal.Tarno.L
This malware was reported by: Symantec
PWSteal.Tarno.L is a password stealing Trojan horse program that attempts to log information entered into Web forms.
W32/Sdbot-TS
This malware was reported by: Sophos
W32/Rbot-TS
This malware was reported by: Sophos
VBS.Swerun
This malware was reported by: Symantec
VBS.Swerun is a VBScript virus that attempts to overwrite all .vbs files on all drives with a copy of itself.
Bloodhound.Exploit.23
This malware was reported by: Symantec
Bloodhound.Exploit.23 is a heuristic detection for web pages which could contain an embedded executable program disguised as a URL link. In some web browsers, clicking on such a link results in execution of the embedded file. The Opera browser is known
Trojan.Admincash
This malware was reported by: Symantec
Trojan.Admincash is a Trojan horse program that infects the Explorer.exe file, lowers security settings in Windows, and downloads adware and dialers.
Note: Virus definitions dated prior to January 21, 2005 may detect this threat as Downloader.Admincash.
Trojan.Admincash
This malware was reported by: Symantec
Trojan.Admincash is a Trojan horse program that infects the Explorer.exe file, lowers security settings in Windows, and downloads adware and dialers.
Note: Virus definitions dated prior to January 21, 2005 may detect this threat as Downloader.Admincash.
W32/Forbot-DS
This malware was reported by: Sophos
W32/Agobot-XB
This malware was reported by: Sophos
Palored.A
This malware was reported by: Computer Associates
Win32.Palored.A is a trojan that downloads and executes arbitrary files.
W32/Rbot-UC
This malware was reported by: Sophos