Mytob.W
This malware was reported by: Panda Software
Mytob.W is a worm with backdoor characteristics. It connects to a server and accepts remote control commands that are run in the affected computed.In addition to this, Mytob.W prevents the user from accessing certain web pages belonging to antivirus comp
Mytob.V
This malware was reported by: Panda Software
Mytob.V is a worm with backdoor characteristics. It connects to a server and accepts remote control commands that are run in the affected computed.In addition to this, Mytob.V prevents the user from accessing certain web pages belonging to antivirus comp
Troj/StartPa-FM
This malware was reported by: Sophos
Trojan.Webus.E
This malware was reported by: Symantec
Trojan.Webus.E is a Trojan horse that connects to an IRC server and opens a back door on the compromised computer.
W32/Mytob-W
This malware was reported by: Sophos
W32/Rbot-ZP
This malware was reported by: Sophos
W32.Randex.DFJ
This malware was reported by: Symantec
W32.Randex.DFJ is a network-aware worm that spreads to network shares protected by weak passwords. It also opens a back door and may be remotely controlled via IRC channels.
Trojan.SpBot
This malware was reported by: Symantec
Trojan.Spbot is a Trojan horse program that allows a compromised computer to be used as an email relay. Computers compromised in this way are often used to relay spam.
W32.Dreffort
This malware was reported by: Symantec
W32.Dreffort is a file infector of .EXE and .SCR files with back door capabilities.
W32.Spybot.LXJ
This malware was reported by: Symantec
W32.Spybot.LXJ is a worm that opens a back door on the compromised computer.
This worm may be dropped by W32.Kelvir.L.
W32.Kelvir.L
This malware was reported by: Symantec
W32.Kelvir.L is a worm that spreads through MSN Messenger and drops W32.Spybot.LXJ.
VBS.Ypsan.C@mm
This malware was reported by: Symantec
VBS.Ypsan.C@mm is a mass mailing VBScript worm that uses Microsoft Outlook to send itself to all email addresses in the Microsoft Outlook address book.
Note: Definitions dated prior to April 6, 2005 detect this threat as VBS.Haster@mm.
W32/Reper-A
This malware was reported by: Sophos
W32/Sdbot-WS
This malware was reported by: Sophos
W32/Rbot-AAC
This malware was reported by: Sophos
W32/Rbot-ZQ
This malware was reported by: Sophos
W32.Spybot.LZI
This malware was reported by: Symantec
W32.Spybot.LZI is a worm that opens a back door and attempts to lower security settings on a compromised computer. The worm spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bul
Fontal.A
This malware was reported by: F-Secure
Fontal.A is a SIS file trojan that installs corrupted Font file into
infected device, thus causing the device to fail at next reboot.
If a phone is infected with Fontal.A, it must not be rebooted as the
trojan will prevent the phone from booting a
Troj/Nuclear-F
This malware was reported by: Sophos
W32/Mytob-Q
This malware was reported by: Sophos
SymbOS.Fontal.A
This malware was reported by: Symantec
SymbOS.Fontal.A is a Trojan horse that replaces system files, which disables the application manager and prevents the device from restarting if it is switched off.
X97M.Yini
This malware was reported by: Symantec
X97M.Yini is a Microsoft Excel macro virus that infects all worksheets, lowers security settings, and displays a message.
WM97/Xaler-A
This malware was reported by: Sophos
W32/Mytob-R
This malware was reported by: Sophos
Kelvir.f
This malware was reported by: F-Secure
Kelvir.f is a worm that uses MSN Messenger to send out a link.
The link points to a site that contains self-extracting file
which will install Kelvir.f and a new Sdbot variant.
Troj/Bdoor-ZAT
This malware was reported by: Sophos
W32/Agobot-RJ
This malware was reported by: Sophos
Troj/Agent-CZ
This malware was reported by: Sophos
W32/Rbot-AAF
This malware was reported by: Sophos
W32/Kelvir-H
This malware was reported by: Sophos
Cabir.J
This malware was reported by: Panda Software
Cabir.J is a worm that only affects cellular phones that use the operating system Symbian 60 series.Cabir.J spreads to other Bluetooth devices that are near the affected cellphone, by sending a SIS file to them. It also monitors SMS messages and MMS mess
W32/Mytob-W
This malware was reported by: Sophos
Adware-WinShow
This malware was reported by: Network Associates Inc
PWS-Banker.q
This malware was reported by: Network Associates Inc
SymbOS/Fontal!sis
This malware was reported by: Network Associates Inc
SymbOS/Fontal!app
This malware was reported by: Network Associates Inc
SymbOS/Fontal!aif
This malware was reported by: Network Associates Inc
W32/Rbot-AAG
This malware was reported by: Sophos
W32/Reper-A
This malware was reported by: Sophos
W32/Mytob-S
This malware was reported by: Sophos
W32/Rbot-AAC
This malware was reported by: Sophos
Backdoor.Verify
This malware was reported by: Symantec
Backdoor.Verify is a back door Trojan that allows unauthorised remote access to the compromised computer.
W32/Sdranck-C
This malware was reported by: Sophos
Troj/Nuclear-F
This malware was reported by: Sophos
Troj/Ablank-P
This malware was reported by: Sophos
WM97/Xaler-A
This malware was reported by: Sophos
W32.Aprilcone.A@mm
This malware was reported by: Symantec
W32.Aprilcone.A@mm is a mass-mailing worm that uses JMail to send emails to addresses that it gathers from the compromised computer.
W32.Mytob.AD@mm
This malware was reported by: Symantec
W32.Mytob.AD@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-0
W32.Kelvir.O
This malware was reported by: Symantec
W32.Kelvir.O is a worm that spreads through MSN Messenger.
Trojan.Anicmoo.D
This malware was reported by: Symantec
Trojan.Anicmoo.D is a Trojan that exploits the Windows User32.DLL ANI File Header Handling Stack-Based Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-002) and downloads other threats.
PWSteal.Ldpinch.F
This malware was reported by: Symantec
PWSteal.Ldpinch.F is a password-stealing Trojan horse that attempts to steal information from the compromised computer.
PWSteal.Cardwiz
This malware was reported by: Symantec
PWSteal.Cardwiz is a password-stealing Trojan horse that attempts to steal credit card information from the compromised computer.
Troj/Shed-A
This malware was reported by: Sophos
W32/Agobot-RJ
This malware was reported by: Sophos
W32.Myfip.AB
This malware was reported by: Symantec
W32.Myfip.AB is a network-aware worm that steals files from a compromised computer.
W32.Kipis.N@mm
This malware was reported by: Symantec
W32.Kipis.N@mm is a mass-mailing, network-aware worm that spreads by sending an email to addresses it finds on an compromised computer. The worm also copies itself to folders which contain the string "share".
VBS.Ypsan.D@mm
This malware was reported by: Symantec
VBS.Ypsan.D@mm is a mass-mailing worm that sends itself to all email addresses gathered from the Windows Address Book and attempts to shut down the compromised computer.
W32/MyDoom-AJ
This malware was reported by: Sophos
W32/Rbot-AAF
This malware was reported by: Sophos
W32.Mytob.AE@mm
This malware was reported by: Symantec
W32.Mytob.AE@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-0
W32.Mytob.AG@mm
This malware was reported by: Symantec
W32.Mytob.AG@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflo
W32.Mytob.AH@mm
This malware was reported by: Symantec
W32.Mytob.AH@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-02
W32.Mytob.AI@mm
This malware was reported by: Symantec
W32.Mytob.AI@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-02
W32/Kelvir-H
This malware was reported by: Sophos
Troj/Istsvc-A
This malware was reported by: Sophos
W32.Mytob.AK@mm
This malware was reported by: Symantec
W32.Mytob.AK@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-
W32.Mytob.AJ@mm
This malware was reported by: Symantec
W32.Mytob.AJ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-0
W32/Mytob-AB
This malware was reported by: Sophos
W32/Rbot-AAG
This malware was reported by: Sophos
SymbOS/Mabir.a!sis
This malware was reported by: Network Associates Inc
W32.Mytob.AM@mm
This malware was reported by: Symantec
W32.Mytob.AM@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflo
W32.Mytob.AL@mm
This malware was reported by: Symantec
W32.Mytob.AL@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-
W32.Mytob.AN@mm
This malware was reported by: Symantec
W32.Mytob.AN@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service
W32.Kelvir.P
This malware was reported by: Symantec
W32.Kelvir.P is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.NLI.
W32.Spybot.NLI
This malware was reported by: Symantec
W32.Spybot.NLI is a worm that opens a back door on the compromised computer. The worm may be dropped by W32.Kelvir.P.
Troj/Agent-DH
This malware was reported by: Sophos
W32/Mytob-S
This malware was reported by: Sophos
W97M.Spatch
This malware was reported by: Symantec
W97M.Spatch is a macro virus that infects Microsoft Word documents and lowers the security level settings for macros.
Mytob.gen
This malware was reported by: Panda Software
Mytob.gen is not a specific worm, but a generic detection for unknown variants of the Mytob family. Worms belonging to this family have the following common characteristics:They connect to an IRC server in order to receive remote control commands, such a
W32/Tirbot-D
This malware was reported by: Sophos
W32/Sdranck-C
This malware was reported by: Sophos
W32.Mytob.AO@mm
This malware was reported by: Symantec
W32.Mytob.AO@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflo
W32.Mytob.AQ@mm
This malware was reported by: Symantec
W32.Mytob.AQ@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the Microsoft Windows Local Security Authority S
W32.Mytob.AP@mm
This malware was reported by: Symantec
W32.Mytob.AP@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads by exploiting the Microsoft Windows Local Security Authority S
W32.Mytob.AR@mm
This malware was reported by: Symantec
W32.Kelvir.Q
This malware was reported by: Symantec
W32.Kelvir.Q is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.
SymbOS/Mabir.a!app
This malware was reported by: Network Associates Inc
Please see
http://vil.nai.com/vil/content/v_132804.htm
for main description.
Top of Page
Troj/Ablank-P
This malware was reported by: Sophos
W32.Mytob.AS@mm
This malware was reported by: Symantec
W32/Rbot-AAJ
This malware was reported by: Sophos
Troj/Shed-A
This malware was reported by: Sophos
W32/Mytob-AX
This malware was reported by: Sophos
W32.Kelvir.R
This malware was reported by: Symantec
W32.Spybot.NLX
This malware was reported by: Symantec
W32.Spybot.NLX is a worm that has distributed denial of service and back door capabilities.
The worm spreads through network shares protected by weak passwords and by exploiting the following vulnerabilities:
The Microsoft Windows DCOM RPC Interface
Bloodhound.Exploit.33
This malware was reported by: Symantec
Bloodhound.Exploit.33 is a heuristic detection for the MSN Messenger Crash on Parsing GIFS as described in CAN-2005-0562.
Bloodhound.Exploit.32
This malware was reported by: Symantec
Bloodhound.Exploit.32 is a heuristic detection for the Content Advisor Memory Corruption Vulnerability as described in CAN-2005-0555.
W32.Mytob.AU@mm
This malware was reported by: Symantec
W32.Mytob.AU@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through network shares protected by weak passwords. The worm spreads by exploiting the DC
Mytob.AR
This malware was reported by: Panda Software
Mytob.AR is a worm with backdoor characteristics that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.It downloads other malware to the affected computer, such as a worm detected as Faribot.B
Mytob.AT
This malware was reported by: Panda Software
Mytob.AT is a worm with backdoor characteristics that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.It downloads other malware to the affected computer, such as the worm detected as Faribot.
W32.Mytob.AF@mm
This malware was reported by: Symantec
W32.Mytob.AF@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overfl