W32/Ahker-B
This malware was reported by: Sophos
W32/Bobax-F
This malware was reported by: Sophos
W32/Bagle.aa@MM
This malware was reported by: Network Associates Inc
-- Update February 3, 2005 --
The assessment of this threat has been downgraded to Low-Profiled due to a decrease in prevalence.
--
-- Update May 2nd --
Due to a decrease in prevalence, the risk assessment of this threat has bee
W32.Dopbot
This malware was reported by: Symantec
W32.Dopbot is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).
W32/Protorid-AB
This malware was reported by: Sophos
Troj/Banito-E
This malware was reported by: Sophos
Downloader-TX
This malware was reported by: Network Associates Inc
Keylog-Curio
This malware was reported by: Network Associates Inc
BackDoor-CMQ
This malware was reported by: Network Associates Inc
MultiDropper-MD
This malware was reported by: Network Associates Inc
Downloader-TY
This malware was reported by: Network Associates Inc
Gaobot.CTX
This malware was reported by: Panda Software
Gaobot.CTX is a worm with backdoor characteristics that allows hackers to gain remote control over the affected computer and carry out actions such as command execution, download and execute files, log keystrokes, obtain different information on the comp
Troj/Shine-B
This malware was reported by: Sophos
W32/Sdbot-UN
This malware was reported by: Sophos
W32/Generic.Delphi
This malware was reported by: Network Associates Inc
This is a generic detection for a series of worms which are all written in Borland Delphi.
The detection of these worms is using a generic detection method, so precise descriptions of the behaviour of a particular variant cannot be guarante
W32/Traxg-C
This malware was reported by: Sophos
W32/MyDoom-AO
This malware was reported by: Sophos
W32/Rbot-VD
This malware was reported by: Sophos
W32.Gaobot.CII
This malware was reported by: Symantec
W32.Gaobot.CII is a network-aware worm that has back door capabilities and can be controlled through IRC channels. It attempts to lower security settings by blocking access to security-related Web sites and by terminating processes. It spreads by exploi
VBS.Redlof.B
This malware was reported by: Symantec
VBS.Redlof.B is a Visual Basic script virus that appends itself to HTML files.
W32/Rbot-VC
This malware was reported by: Sophos
W32/LegMir-Z
This malware was reported by: Sophos
W32/Bobax-H
This malware was reported by: Sophos
Troj/Baley-A
This malware was reported by: Sophos
W32/Bropia-D
This malware was reported by: Sophos
W32/Bropia-F
This malware was reported by: Sophos
W32/Netsky.p@MM!zip
This malware was reported by: Network Associates Inc
This is a detection for W32/Netsky.p@MM while the virus is contained within a ZIP file.
Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level
W32/Lovgate.x@MM!zip
This malware was reported by: Network Associates Inc
This is a detection for W32/Lovgate.x@MM while the virus is contained within a ZIP file.
Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level
W32/Netsky.z@MM!zip
This malware was reported by: Network Associates Inc
This is a detection for W32/Netsky.z@MM while the virus is contained within a ZIP file.
Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level
W32/Netsky.c@MM!zip
This malware was reported by: Network Associates Inc
This is a detection for W32/Netsky.c@MM while the virus is contained within a ZIP file.
Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level
W32/Netsky.b.eml!exe
This malware was reported by: Network Associates Inc
This is a detection for W32/Netsky.b@MM while the virus is detected within the email system as an EXE file.
Although the McAfee scan engine can understand EML format, the process of decomposing the EML takes some time to calculate, and henc
W32/Netsky.b@MM!zip
This malware was reported by: Network Associates Inc
This is a detection for W32/Netsky.b@MM while the virus is contained within a ZIP file.Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level ZI
W32/Rbot-VM
This malware was reported by: Sophos
W32/Ahker-B
This malware was reported by: Sophos
W32/Protorid-AB
This malware was reported by: Sophos
Admincash.A
This malware was reported by: Panda Software
Admincash.A is a Trojan that downloads malware to the affected computer, using a list of web addresses that it obtains from a certain website.Admincash.A creates or modifies entries in the Windows Registry, in order to carry out the following actions:Dis
W32.Bropia.L
This malware was reported by: Symantec
W32.Bropia.L is a worm that propagates using MSN Messenger and drops a variant of W32.Spybot.Worm.
W32.Wallz
This malware was reported by: Symantec
W32.Wallz is a worm that attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011). The worm spreads by randomly scanning IP addresses for computers vulnerable
Troj/Shine-B
This malware was reported by: Sophos
W32/Agobot-PN
This malware was reported by: Sophos
W32/Traxg-C
This malware was reported by: Sophos
Bropia.F
This malware was reported by: Computer Associates
Win32.Bropia.F is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
Bloodhound.Exploit.24
This malware was reported by: Symantec
Bloodhound.Exploit.24 is a heuristic detection for malformed Portable Network Graphics (PNG) files attempting to exploit one of the several buffer overflows in libPNG (which is described in Microsoft Security Bulletin MS05-009.
This applies to applicati
Rbot.BPB
This malware was reported by: Computer Associates
W32.Mydoom.AR@mm
This malware was reported by: Symantec
W32.Kipis.J@mm is a mass-mailing worm that that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. It also attempts to spread through file-sharing networks.
Note: Virus definitions published February
Troj/Chimo-A
This malware was reported by: Sophos
W32.Bobax.N
This malware was reported by: Symantec
W32.Bobax.N is a worm that sends an email to addresses gathered from the compromised computer and may exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011). The compromised computer may als
W32/Rbot-VO
This malware was reported by: Sophos
MS Vulnerability MS05-011
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-010
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-009
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-008
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-007
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-006
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-004
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-005
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-015
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-014
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-013
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-012
This malware was reported by: Network Associates Inc
W32/Valla
This malware was reported by: Network Associates Inc
For more information on this virus, please see the following description:
http://vil.nai.com/vil/content/v_100456.htm
Top of Page
Bloodhound.Exploit.25
This malware was reported by: Symantec
Bloodhound.Exploit.25 is a heuristic detection for the Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability (which is described in Microsoft Security Bulletin MS05-005).
Imiserv Family
This malware was reported by: Computer Associates
Win32.Imiserv is a family of downloading trojans.
W32/Rbot-ALO
This malware was reported by: Sophos
W32/LegMir-Z
This malware was reported by: Sophos
W32/MyDoom-AR
This malware was reported by: Sophos
Troj/Baley-A
This malware was reported by: Sophos
Mydoom.AK
This malware was reported by: Panda Software
W32/MyDoom-AQ
This malware was reported by: Sophos
W32/Bropia-F
This malware was reported by: Sophos
MS05-009
This malware was reported by: Panda Software
MS05-005
This malware was reported by: Panda Software
Exploit-PNGfile
This malware was reported by: Network Associates Inc
W32/Agobot-PQ
This malware was reported by: Sophos
W32/Rbot-VM
This malware was reported by: Sophos
BettInet
This malware was reported by: Computer Associates
Backdoor.Netshadow
This malware was reported by: Symantec
Backdoor.Netshadow is a Trojan horse that opens a back door and allows a remote attacker to take control of the compromised computer.
Bloodhound.Exploit.26
This malware was reported by: Symantec
Bloodhound.Exploit.26 is a heuristic detection for the Symantec UPX Parsing Engine Heap Overflow.
Note: Virus definitions version 70209af (extended version 2/9/2005 rev. 32) or greater contain this heuristic.
Trojan.Eneles
This malware was reported by: Symantec
Trojan.Eneles is a Trojan horse program that continuously displays a message box and copies itself to the A drive.
This threat is written in the Microsoft Visual Basic programming language.
W32.Kipis.J@mm
This malware was reported by: Symantec
W32.Kipis.J@mm is a mass-mailing worm that that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. It also attempts to spread through file-sharing networks.
Note: Virus definitions published February
W32/Rbot-VQ
This malware was reported by: Sophos
W32.Mydoom.AS@mm
This malware was reported by: Symantec
W32.Mydoom.AS@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses that it finds on the compromised computer. It also propagates through file sharing networks.
The email will have a variable subject and attachment n
MS05-010
This malware was reported by: Panda Software
PWSteal.Bankash.A
This malware was reported by: Symantec
W32/Sdbot-UW
This malware was reported by: Sophos
MS05-011
This malware was reported by: Panda Software
W32.Mydoom.AU@mm
This malware was reported by: Symantec
W32.Mydoom.AU@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses that it gathers from a compromised computer. This worm is a minor variant of W32.Mydoom.AM@mm.
PWS-Banker.j
This malware was reported by: Network Associates Inc
PNGBO
This malware was reported by: Panda Software
Adware-WhenU
This malware was reported by: Network Associates Inc
PWS-Banker.j.dll
This malware was reported by: Network Associates Inc
Adware-WhenU.dr
This malware was reported by: Network Associates Inc
Trojan.Hexem
This malware was reported by: Symantec
Trojan.Hexem is a malicious PNG file that exploits the Microsoft MSN Messenger/Windows Messenger PNG Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS02-066). This causes a remote executable to be downloaded and executed on th
Adware-SaveNow.dr
This malware was reported by: Network Associates Inc
W32/Rbot-VT
This malware was reported by: Sophos
W32/Agobot-PN
This malware was reported by: Sophos
Mydoom.AP
This malware was reported by: Computer Associates
Mydoom.AQ
This malware was reported by: Computer Associates
Mydoom.AR
This malware was reported by: Computer Associates
Linkbot Family
This malware was reported by: Computer Associates
Win32.Linkbot is a family of worms that spread via network shares by exploiting various Windows vulnerabilties and weak passwords. The worm also contains ba