Backdoor.Binghe
This malware was reported by: Symantec
Backdoor.Binghe is a back door Trojan horse program that allows unauthorized access to a compromised computer. The Trojan logs keystrokes, steals information, and has ability to execute programs.
Prutec.I
This malware was reported by: Computer Associates
Description Win32.Prutec.I is a trojan that downloads and installs various potentially unwanted applications. It has been distributed as a UPX-packed, Win32 executable.
Bloon.C
This malware was reported by: Computer Associates
Mytob.A
This malware was reported by: Computer Associates
Description Win32.Mytob.A is a worm that spreads via e-mail. The worm also acts as an IRC bot, allowing a controller unauthorized access to the infected machine, and further spreading by
W32/Myfip-G
This malware was reported by: Sophos
W32/Agobot-QL
This malware was reported by: Sophos
W32.Assiral.B@mm
This malware was reported by: Symantec
W32.Assiral.B@mm is a mass-mailing worm that sends a copy of itself to email addresses gathered from a compromised computer. The worm also ends various processes, some of which may be security related.
The email will have a variable subject and attachme
Trojan.Klassir
This malware was reported by: Symantec
Trojan.Klassir is a Trojan horse program that attempts to end various processes and delete files.
The Trojan may be downloaded by W32.Assiral.B@mm.
W32/Flopslene.worm.gen
This malware was reported by: Network Associates Inc
This is a floppy worm which is written in Visual Basic.
When executed, the worm copies itself as SELENE.EXE to the %Sysdir% folder.
e.g. C:WinntSystem32SELENE.EXE
The following registry key is created so that the worm runs automatical
VBS.Allem@mm
This malware was reported by: Symantec
VBS.Allem@mm is a mass-mailing worm that sends itself to email addresses it finds in the Microsoft Outlook Address Book. It also spreads using MIRC, and copies itself as .VBS and .VBE files. VBS.Allem@mm is an encrypted VBScript worm that lowers security
Downloader-PX
This malware was reported by: Network Associates Inc
Adware-Apropos.dll
This malware was reported by: Network Associates Inc
Adware-Apropos
This malware was reported by: Network Associates Inc
Myfip.H
This malware was reported by: F-Secure
HackerDefender.sys
This malware was reported by: Network Associates Inc
W32/Myfip-H
This malware was reported by: Sophos
W32/Rbot-WV
This malware was reported by: Sophos
Troj/Kelebek-G
This malware was reported by: Sophos
Trojan.Feutel.B
This malware was reported by: Symantec
Trojan.Feutel.B is a back door Trojan horse program that logs keystrokes and downloads remote files. The Trojan hides its presence on the compromised computer.
W32.Comdor.A@mm
This malware was reported by: Symantec
PWSteal.Bankash.B
This malware was reported by: Symantec
PWSteal.Bankash.B is a Trojan horse that attempts to steal passwords and user names for certain financial Web sites. The Trojan will also disable antivirus software.
W32/Bagle.dldr.gen
This malware was reported by: Network Associates Inc
This is a generic detection of W32/Bagle.dldr. For information on this threat, see: http://vil.nai.com/vil/content/v_129512.htm
Top of Page
Adware-Qoolaid
This malware was reported by: Network Associates Inc
Adware-SRNG.dldr
This malware was reported by: Network Associates Inc
Downloader-WJ
This malware was reported by: Network Associates Inc
Dampig.A
This malware was reported by: F-Secure
Dampig.A is a malicious SIS file dropper, that pretends to be
a crack for version 3.2 of FSCaller application.
The Dampig.A disables some system applications and third party file managers
and installs several variants of Cabir worm on the phone.
The
Del-468 trojan
This malware was reported by: Network Associates Inc
W32/Sdbot.worm!46257
This malware was reported by: Network Associates Inc
This is a variant of W32/Sdbot.worm
which bears strong resemblance to the many other members of this rapidly growing family. It is detected as W32/Sdbot.worm.gen.y
with the specified engine and DATs, and bears the look for vulnerable
W32/Rbot-WW
This malware was reported by: Sophos
W32/Mytob-C
This malware was reported by: Sophos
W32/Assiral-B
This malware was reported by: Sophos
Troj/BagleDl-M
This malware was reported by: Sophos
W32/Francette-Q
This malware was reported by: Sophos
W32/Bagle.bo
This malware was reported by: Network Associates Inc
Glieder.S
This malware was reported by: Computer Associates
Description Win32.Glieder.S is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 33,792-byte, W
Bagle.BD
This malware was reported by: Computer Associates
Description Win32.Bagle.BD is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32.Glieder.S), which at
Trojan.Tooso.E
This malware was reported by: Symantec
Trojan.Tooso.E is a Trojan horse program that interferes with the operation of security software by terminating processes, removing registry entries, stopping services, and deleting files.
Troj/Goldun-O
This malware was reported by: Sophos
VBS/Speery-A
This malware was reported by: Sophos
W32/Sdbot.worm!78803
This malware was reported by: Network Associates Inc
This is a variant of W32/Sdbot.worm
which bears strong resemblance to the many other members of this rapidly growing family.
It is detected as W32/Sdbot.worm.gen.g
with the specified engine and DATs, and bears the following character
W97M.Sting.B
This malware was reported by: Symantec
W97M.Sting.B is a macro virus that infects Microsoft Word templates and documents.
When an infected file is first opened the virus will disable the following:
The prompt to confirm document conversions
The Word macro security feature
The prompt to
Backdoor.Sdbot.AP
This malware was reported by: Symantec
Backdoor.Sdbot.AP is a worm with back door capabilities that gives an attacker remote access to the compromised computer via IRC channels.
JS.Trojan.Blinder
This malware was reported by: Symantec
JS.Trojan.Blinder is an embedded JavaScript Trojan horse that spoofs the URL displayed in the browser address bar.
Trojan.Bankash.C
This malware was reported by: Symantec
PWSteal.Bankash.C is a Trojan horse program that attempts to steal user names and passwords for certain financial Web sites. The Trojan will also disable antivirus software.
Trojan.Flush.A
This malware was reported by: Symantec
Trojan.Flush.A is a Trojan horse program that modifies DNS settings on the compromised computer.
W32.Beagle.BK@mm
This malware was reported by: Symantec
W32.Beagle.BK@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.E. The worm also opens a back door on the compromised computer through TCP port 80.
W32/Forbot-EP
This malware was reported by: Sophos
W32/Mytob-A
This malware was reported by: Sophos
W32/Rbot-WX
This malware was reported by: Sophos
W32/Agobot-QO
This malware was reported by: Sophos
W32.Kobot.L
This malware was reported by: Symantec
W32.Kobot.L is a worm that spreads through open network shares and remotely exploitable vulnerabilities. The worm also has the ability to act as a back door server program and attack other systems.
JS/Exploit-Script
This malware was reported by: Network Associates Inc
W32/Kelvir.worm
This malware was reported by: Network Associates Inc
This worm spreads via MSN Messenger. The worm, sends the following message to Contact List recipients:
omg this is funny! http://
{blocked}.home.att.net/cute.pif
note: the actual address has been blocked here to prevent infection.
W32.Kelvir.A
This malware was reported by: Symantec
W32.Kelvir.A is a worm that spreads through Windows and MSN Messenger. The worm attempts to download and execute a variant of W32.Spybot.Worm.
The worm arrives in a Windows Messenger window with a link to the file cute.pif.
Note: Virus definitions vers
W32/Kelvir-B
This malware was reported by: Sophos
W32/Myfip-G
This malware was reported by: Sophos
W32/Kelvir.worm.b
This malware was reported by: Network Associates Inc
This worm spreads via MSN Messenger. The worm, sends the following message to Contact List recipients:
omg this is funny! http://
{blocked}.home.att.net/cute.pif
note: the actual address has been blocked here to prevent infection.
Bropia.T
This malware was reported by: Computer Associates
W32/Forbot-ER
This malware was reported by: Sophos
W32/Myfip-H
This malware was reported by: Sophos
W32.Serflog.A
This malware was reported by: Symantec
PWSteal.Bankash.C
This malware was reported by: Symantec
PWSteal.Bankash.C is a Trojan horse program that attempts to steal user names and passwords for certain financial Web sites. The Trojan will also disable antivirus software.
W32/Crog.worm
This malware was reported by: Network Associates Inc
This detection is for a worm written in MSVB, and packed with MEW, bearing the following characteristics:
propagates via MSN Instant Messenger
propagates via eMule P2P networks
modifies various Registry settings on the victim machine, l
Kelvir
This malware was reported by: F-Secure
Kelvir is an IM (Instant Messenger) worm that spreads by sending
a link to its file using MSN Messenger. The worm also tries to
download and run a file from Internet.
W32/Kelvir-C
This malware was reported by: Sophos
W32/Rbot-WV
This malware was reported by: Sophos
W32/Kelvir.worm.c
This malware was reported by: Network Associates Inc
W32.Kelvir.B
This malware was reported by: Symantec
W32.Kelvir.B is a worm that spreads through Windows Messenger and MSN Messenger and attempts to download and execute a variant of W32.Spybot.Worm.
W32/Sumom-A
This malware was reported by: Sophos
W32/Rbot-WW
This malware was reported by: Sophos
Kelvir.B
This malware was reported by: Panda Software
Kelvir.B is a worm that downloads a copy of another worm, detected as W32/Gaobot.BKY.worm, to the affected computer.Kelvir.B spreads via MSN Messenger, in a message that contains a link. When the user clicks the link, a copy of the worm is downloaded to
Sumom.A
This malware was reported by: F-Secure
Sumom is an IM (Instant Messaging) worm that appeared on March
7th, 2005. This worm spreads using MSN Messenger and P2P
(peer-to-peer) networks. It can also copy itself to CD-Rs. The
Sumom worm contains a message to the author of Assiral worm.
Backdoor.Nibu.I
This malware was reported by: Symantec
Backdoor.Nibu.I is a back door Trojan horse that opens a back door on a compromised computer. The Trojan also runs a keylogger, periodically sending the stolen information to a predetermined email address.
Commwarrior.A
This malware was reported by: F-Secure
Commwarrior is a worm that operates on Symbian Series 60 devices,
the worm is capable of spreading both over Bluetooth and MMS messages.
When Commwarrior infects a phone it will start searching other phones
that in can reach over Bluetooth and send
Kelvir.C
This malware was reported by: Panda Software
Kelvir.C is a worm that downloads a copy of a backdoor, detected as Bck/Sdbot.CEX, to the affected computer.Kelvir.C spreads via MSN Messenger, in a message that contains a link. When the user clicks the link, a copy of the worm is downloaded to the comp
Fatso.A
This malware was reported by: Panda Software
Fatso.A is a worm that ends processes belonging to several security tools, such as antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.This worm also prevents access to the websites
New Win32
This malware was reported by: Network Associates Inc
W32/Kelvir.worm.c
was proactively detected as New Win32 on March 7, 2005
This is a heuristic detection which indicates that a file is possibly a Win32 virus. Win32 stands for 32-bit Windows and includes Windows 95, 98, NT, 2000, XP, ME,
SymbOS/Commwarrior.a
This malware was reported by: Network Associates Inc
This threat is a malicious .SIS
file targeting Nokia series 60 based devices. The virus masquerades as a variety of benign applications, including games, porn, and cross platform emulators. See “Table 1
- MMS Message Text” for a more com
W32/Sober-L
This malware was reported by: Sophos
W32.Kelvir.C
This malware was reported by: Symantec
W32.Kelvir.C is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.
Note: Virus definitions version 70307p (extended version 3/7/2005 rev. 16) or greater are required to detect this threat.
SymbOS.Commwarrior.A
This malware was reported by: Symantec
SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 13th of any month, the threat resets the devic
W32/Kelvir-D
This malware was reported by: Sophos
Troj/BagleDl-M
This malware was reported by: Sophos
W32/Kelvir.worm.d
This malware was reported by: Network Associates Inc
W32.Sober.L@mm
This malware was reported by: Symantec
Bropia.U
This malware was reported by: Computer Associates
Description Win32.Sumom.A is a worm that spreads via MSN Messenger and Peer-to-Peer file sharing networks. It has been distrubuted as a 17,429 byte, MEW-Packed, Win32 executable.
Sober.L
This malware was reported by: Computer Associates
Description Win32.Sober.L is a worm that spreads via e-mail, attached to messages that can be either in English or German. The worm has been distributed as a 45,454-byte ZIP archive that
Sumom.A
This malware was reported by: Computer Associates
Description Win32.Sumom.A is a worm that spreads via MSN Messenger and Peer-to-Peer file sharing networks. It has been distrubuted as a 17,429 byte, MEW-Packed, Win3
Kelvir.B
This malware was reported by: Computer Associates
Sober.L
This malware was reported by: F-Secure
Sober.L worm was seeded in e-mails on 7th of March 2005. It
has less functionality than the previous variant, composing
a smaller amount of different messages. Sober.L sends itself
as an attachment in e-mail messages with English or German texts.
Kelvir.C
This malware was reported by: Computer Associates
Kelvir.D
This malware was reported by: Computer Associates
W32.Kelvir.D
This malware was reported by: Symantec
W32/Kelvir.worm.f
This malware was reported by: Network Associates Inc
The website used by this virus has been shutdown, therefore this threat no longer poses a risk.
This worm spreads via MSN Messenger. The worm, sends the following message to Contact List recipients:
haha look at us~http://
{blocked}.net/
SymbOS/Commwarrior.a!sys
This malware was reported by: Network Associates Inc
This threat is a malicious .SIS
file targeting Nokia series 60 based devices. The virus masquerades as a variety of benign applications, including games, porn, and cross platform emulators. See “Table 1
- MMS Message Text” for a more com
Trojan.StartPage.J
This malware was reported by: Symantec
Trojan.StartPage.J is a Trojan horse program that attempts to modify settings in Internet Explorer. The Trojan is a minor variant of Trojan.StartPage.I.
Note: Virus definitions 41888 (extended version 20050308.001) or greater are required to detect th
Tibick.E
This malware was reported by: Computer Associates
Description Win32.Tibick.E is a worm that spreads via Peer-to-Peer file sharing networks. It also contains limited backdoor functionalitythat allows its controller to download and execut
ForBot.MY
This malware was reported by: Computer Associates
Description Win32.Forbot.MY is an IRC-controlled worm that can be instructed to perform an array of malicious functions on an affected machine.
W32.Serflog.B
This malware was reported by: Symantec
W32.Serflog.B is a worm that spreads through file-sharing networks and MSN Messenger. The worm also lowers security settings.
The worm arrives via an MSN Messenger window with a blank message.
Sober.O
This malware was reported by: Panda Software
Sober.O is a worm that spreads via e-mail, in a message written in English or German.The e-mail message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein