W32.Mytob.HG@mm
This malware was reported by: Symantec
W32.Mytob.HG@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
W32.Rants.A@mm
This malware was reported by: Symantec
W32.Rants.A@mm is a mass-mailing worm that spreads using Microsoft Outlook and America Online user interface. It also lowers security settings by ending security-related processes and by disabling several Windows security features.
InvisibleKlog
This malware was reported by: Panda Software
BackDoor-CPX
This malware was reported by: Network Associates Inc
Troj/Spexta-A
This malware was reported by: Sophos
Troj/Mitglie-CE
This malware was reported by: Sophos
Backdoor.Nibu.M
This malware was reported by: Symantec
Backdoor.Nibu.M is a Trojan horse that opens a back door on a compromised computer and blocks access to security-related Web sites. It also runs a keylogger, periodically sending the stolen information to a remote attacker.
W32.Mytob.HH@mm
This malware was reported by: Symantec
W32.Mytob.HH@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
W32/Mytob-DJ
This malware was reported by: Sophos
W32/Rbot-BWI
This malware was reported by: Sophos
PWSteal.Flecsip
This malware was reported by: Symantec
PWSteal.Flecsip is a password stealing Trojan that logs passwords and other confidential data entered by the user accessing Web pages through Internet Explorer. The Trojan saves a log file with stolen data and attempts to send it to a remote attacker.
W32/Kelvir.worm.dq
This malware was reported by: Network Associates Inc
The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.
This variant simply sends a URL to messenger contacts:
http://www.djboo
SymbOS/Booton.A
This malware was reported by: Network Associates Inc
SymbOS/Cadomesk.A
This malware was reported by: Network Associates Inc
W32/Kelvir.worm.dw
This malware was reported by: Network Associates Inc
The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.
This variant simply sends a URL to messenger contacts:
holy, never seen
SymbOS/Bootton.A
This malware was reported by: Network Associates Inc
SymbOS/Skudoo.A
This malware was reported by: Network Associates Inc
W32/Mytob-DK
This malware was reported by: Sophos
W32.Mytob.HI@mm
This malware was reported by: Symantec
W32.Mytob.HI@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
Mabtal
This malware was reported by: F-Secure
W32/Mytob-DM
This malware was reported by: Sophos
Troj/Feutel-L
This malware was reported by: Sophos
Bobin.A
This malware was reported by: Panda Software
PWS-Jginko
This malware was reported by: Network Associates Inc
Delf.h
This malware was reported by: F-Secure
This remotely controlled trojan appeared on July 8th, 2005, just
after terrorists attacked London. It was spead with an HTML-based
e-mail that contained news about explosions.
W32/Sdbot-AAL
This malware was reported by: Sophos
Troj/Torpig-A
This malware was reported by: Sophos
Spam-SPM
This malware was reported by: Network Associates Inc
W32/Codbot-P
This malware was reported by: Sophos
W32.Kedebe.E@mm
This malware was reported by: Symantec
W32.Kedebe.E@mm is a mass-mailing worm that lowers security settings by deleting files, ending processes, and preventing access to security-related Web sites.
Bloodhound.Exploit.38
This malware was reported by: Symantec
Bloodhound.Exploit.38 is a heuristic detection for the Microsoft Color Management Module Vulnerability (as described in Microsoft Security Bulletin MS05-036).
MS Vulnerability MS05-037
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-036
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-035
This malware was reported by: Network Associates Inc
W32/Agobot-TA
This malware was reported by: Sophos
W32/Rbot-AHT
This malware was reported by: Sophos
Troj/Fishnat-A
This malware was reported by: Sophos
Troj/Zlob-L
This malware was reported by: Sophos
SymbOS/OneHop.A
This malware was reported by: Network Associates Inc
Troj/BindFil-G
This malware was reported by: Sophos
W32/Mytob-DJ
This malware was reported by: Sophos
Adware-Lop.dldr
This malware was reported by: Network Associates Inc
Java.Classloader
This malware was reported by: F-Secure
The Classloader files are part of Internet Explorer homepage hijacker
trojans, that infect IE through malicous web page that uses Java
classloader byteverify exploit or other vulnerability in Internet Explorer.
These trojans usually change the browse
SillyDownloader
This malware was reported by: F-Secure
SillyDownloader is a family of simple script trojan downloaders written with
JavaScript or Visual Basic Script languages. These downloader use various
vulnerabilities in Internet Explorer to download and execute other malware.
W32/Mytob-DK
This malware was reported by: Sophos
MS05-037
This malware was reported by: Panda Software
MS05-036
This malware was reported by: Panda Software
MS05-035
This malware was reported by: Panda Software
Mytob.HT
This malware was reported by: Panda Software
Mytob.HT is a worm with backdoor characteristics that connects to an IRC server in order to receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging to several security tools, such as ant
W32/Mytob-DP
This malware was reported by: Sophos
W32/Mytob-DM
This malware was reported by: Sophos
Mytob.HV
This malware was reported by: Panda Software
Mytob.HV is a worm with backdoor characteristics that connects to an IRC server in order to receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging to several security tools, such as ant
Mytob.HU
This malware was reported by: Panda Software
Mytob.HU is a worm with backdoor characteristics that connects to the channel #God of the IRC server ftp.bloodx.info in order to receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging t
Troj/Spexta-A
This malware was reported by: Sophos
W32/Rbot-AHZ
This malware was reported by: Sophos
W32.Kelvir.ER
This malware was reported by: Symantec
W32.Kelvir.ER is a worm that attempts to spread through MSN Messenger.
PWSteal.Bancos.Z
This malware was reported by: Symantec
PWSteal.Bancos.Z
This malware was reported by: Symantec
PWSteal.Bancos.Z is a Trojan horse that steals passwords and logs keystrokes entered into certain financial Web sites.
W32.Licum
This malware was reported by: Symantec
W32.Licum is a file-infecting worm that may spread by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).
Trojan.Wayphisher
This malware was reported by: Symantec
Trojan.Wayphisher is a Trojan that modifies the hosts file and redirects HTTP access from financial sites to a predetermined Web site chosen by the remote attacker.
WM97/Sundor-A
This malware was reported by: Sophos
W32/Sdbot-AAL
This malware was reported by: Sophos
W32/Francette-T
This malware was reported by: Sophos
W32.Mytob.HM@mm
This malware was reported by: Symantec
W32.Mytob.HM@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
PHP.RSTBackdoor
This malware was reported by: Symantec
PHP.RSTBackdoor is a back door Trojan that is written in PHP. It runs only on HTTP servers with PHP interpreters installed.
Avgold
This malware was reported by: F-Secure
Some programs are detected as hoaxes by F-Secure Anti-Virus. A
program is detected as a hoax if it does not do what it claims to
be doing. For example a program that claims to remove malware and
that does not do it (it only imitates scanning of a hard
Trojan.Zlob.C
This malware was reported by: Symantec
Trojan.Zlob.C is a Trojan that opens a back door and allows a remote attacker to have unauthorized access on a compromised computer.
W32/Gael.worm.a
This malware was reported by: Network Associates Inc
This detection covers a parasitic worm virus that spreads to both host executables as well as over accessible systems on a network. The worm also downloads and executes other files.
When run, the worm infects .EXE files on the local system
Trojan.Vicsfram
This malware was reported by: Symantec
Trojan.Vicsfram is a Trojan that downloads and executes malicious files from remote sites. The Trojan is also able to delete files and lower security settings on the compromised computer.
Downloader-ACZ
This malware was reported by: Network Associates Inc
QUrl-4
This malware was reported by: Network Associates Inc
W32/Forbot-FD
This malware was reported by: Sophos
W32/Agobot-TA
This malware was reported by: Sophos
QlowZones-25
This malware was reported by: Network Associates Inc
QLowZones-24
This malware was reported by: Network Associates Inc
Adware-RXBar
This malware was reported by: Network Associates Inc
W32/Kalel-D
This malware was reported by: Sophos
Troj/Fishnat-A
This malware was reported by: Sophos
SpyPc.A
This malware was reported by: Panda Software
SpyPc is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.SpyPc allows the computer to be controlled:It logs the keystrok
SpyPc
This malware was reported by: Panda Software
SpyPc is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.SpyPc allows the computer to be controlled:It logs the keystrok
W32.Looked.E
This malware was reported by: Symantec
W32.Looked.E is a worm that spreads through network shares and attempts to infect .exe files. It also lowers security settings and downloads and executes a remote file.
Note: Definitions prior to July 14, 2005 may detect this worm as PWSteal.Lemir.Gen
Backdoor.Homutex
This malware was reported by: Symantec
Backdoor.Homutex is a Trojan horse with back door capabilities that allows a remote attacker to have unauthorized access to the compromised computer.
Troj/DlDial-A
This malware was reported by: Sophos
Troj/BindFil-G
This malware was reported by: Sophos
W32/Reatle.gen@MM
This malware was reported by: Network Associates Inc
This detection is for several variants of a mass-mailing worm written in MSVC, and packed with MEW. The worm bears the following characteristics:
contains its own SMTP engine for mailing itself outgoing messages have spoofed From: address
Lebreat
This malware was reported by: F-Secure
W32/Lebreat.A@mm is a mass-mailer and a network worm. It was
found on July 15th, 2005. Shortly after the initial version,
there appeared 2 more variants. The worm also has a backdoor, a
trojan downloader and DoS (Denial of Service) attack
capabilities
W32.Kelvir.FJ
This malware was reported by: Symantec
W32.Kelvir.FJ is a worm that spreads through MSN Messenger.
VeryLince
This malware was reported by: Network Associates Inc
W32.Rants.B@mm
This malware was reported by: Symantec
W32.Rants.B@mm is a mass-mailing worm that spreads using Microsoft Outlook, MSN Messenger and the America Online user interface. It also ends security-related processes and disables Windows security features.
W32.Reatle@mm
This malware was reported by: Symantec
W32.Reatle@mm is a mass-mailing worm that opens a back door and attempts to propagate by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) on TCP port 445.
W32/Lebreat-A
This malware was reported by: Sophos
W32.Kelvir.FK
This malware was reported by: Symantec
W32.Kelvir.FK is a worm that spreads through MSN Messenger and drops a copy of W32.Spybot.Worm.
W32.Reatle.C@mm
This malware was reported by: Symantec
W32.Reatle.C@mm is a variant of W32.Reatle@mm, and is a mass-mailing worm that opens a back door and attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) on TCP port 445.
It a
W32/Lebreat-B
This malware was reported by: Sophos
W32/Mytob-DP
This malware was reported by: Sophos
W32.Beagle.BW@mm
This malware was reported by: Symantec
W32.Beagle.BW@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.J. The worm also opens a back door on the compromised computer on TCP port 80.
W32/Lebreat-C
This malware was reported by: Sophos
W32/Mytob-DS
This malware was reported by: Sophos
W32/Rbot-AHZ
This malware was reported by: Sophos
WM97/Sundor-A
This malware was reported by: Sophos