Rootkit
This malware was reported by: F-Secure
PoeBot.d
This malware was reported by: F-Secure
RemoteLogger
This malware was reported by: Panda Software
W32/Gael
This malware was reported by: Network Associates Inc
For details on this threat, see:
http://vil.nai.com/vil/content/v_134857.htm
Top of Page
W32.Mytob.IA@mm
This malware was reported by: Symantec
W32.Mytob.IA@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
Trojan.Jevprox
This malware was reported by: Symantec
Trojan.Jevprox is a downloader Trojan that exploits the Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability (described in Microsoft Security Bulletin MS05-037).
Note: Virus definitions dated prior to July 19,
Trojan.Kirvo
This malware was reported by: Symantec
Trojan.Kirvo is a Trojan that sends a link to all MSN Messenger contacts.
Note: Virus definitions released prior to July 19, 2005 may detect this as W32.Kelvir.FN.
W32/Francette-T
This malware was reported by: Sophos
Troj/BesTof-C
This malware was reported by: Sophos
W32/Forbot-FD
This malware was reported by: Sophos
Trojan.Exlife
This malware was reported by: Symantec
Trojan.Exlife is a Trojan horse that steals the user name and email address on the compromised computer and secretly registers that user to a pornographic Web site.
Trojan.Killproc!gen
This malware was reported by: Symantec
Trojan.Killproc!gen is a generic detection for a suspicious file that may disable security-related programs.
Lebreat.A
This malware was reported by: Panda Software
Lebreat.A is a worm that downloads other malware to the affected computer, such as FlyVB.D and Sdbot.EKE.Additionally, it launches DoS (Denial of Service) attacks against the web page www.symantec.com.It also attempts to disable several Windows tools, su
Troj/Prorat-O
This malware was reported by: Sophos
W32/Kalel-D
This malware was reported by: Sophos
Trojan.Sacrep
This malware was reported by: Symantec
Trojan.Sacrep is a Trojan horse that logs keystrokes and sends the stolen information to a predetermined email address.
Lebreat.B
This malware was reported by: Panda Software
Lebreat.B is a worm that downloads other malware to the affected computer, such as the worm FlyVB.D.Additionally, it launches DoS (Denial of Service) attacks against the web page www.symantec.com.It also attempts to disable several Windows tools, such as
Troj/Bancos-DH
This malware was reported by: Sophos
Troj/DlDial-A
This malware was reported by: Sophos
Lebreat.C
This malware was reported by: Panda Software
Lebreat.C is a worm that downloads other malware to the affected computer, such as FlyVB.D and Sdbot.EKE.Additionally, it launches DoS (Denial of Service) attacks against the web page www.symantec.com.It also attempts to disable several Windows tools, su
W32.Mytob.IC@mm
This malware was reported by: Symantec
W32.Mytob.IC@mm is a mass-mailing worm that opens a back door and lowers security settings.
ICE Virus Mobile Phone Hoax
This malware was reported by: Network Associates Inc
W32/Sdbot-AAZ
This malware was reported by: Sophos
W32/Lebreat-A
This malware was reported by: Sophos
W32/Opanki-F
This malware was reported by: Sophos
W32/Lebreat-B
This malware was reported by: Sophos
W32/Kelvir-AQ
This malware was reported by: Sophos
W32/Lebreat-C
This malware was reported by: Sophos
Banker
This malware was reported by: F-Secure
Vidlo
This malware was reported by: F-Secure
Troj/Brospy-A
This malware was reported by: Sophos
W32/Mytob-DS
This malware was reported by: Sophos
Trojan.Kirvo.B
This malware was reported by: Symantec
Trojan.Kirvo.B is a Trojan that sends a malicious URL to MSN Messenger contacts.
Troj/Borobot-I
This malware was reported by: Sophos
W32.Gavgent.A@mm
This malware was reported by: Symantec
Downloader-ZQ
This malware was reported by: Network Associates Inc
Troj/Iyus-N
This malware was reported by: Sophos
Troj/BesTof-C
This malware was reported by: Sophos
W32.Gavgent.A
This malware was reported by: Symantec
W32.Gavgent.A is a network-aware worm that frequently restarts the compromised computer.
Codbot.BC
This malware was reported by: Panda Software
Codbot.BC is a worm with backdoor characteristics that connects to several IRC servers in order to receive control commands, such as download files via HTTP and run them, check the computer for currently known vulnerabilities, log keystrokes in orde
Troj/Bancban-DV
This malware was reported by: Sophos
Troj/Prorat-O
This malware was reported by: Sophos
AFXFireWall.A
This malware was reported by: Panda Software
AFXFireWall.A is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.AFXFireWall.A is a firewall that filters SYN (SYNchroni
Tenga.A
This malware was reported by: Panda Software
Tenga.A is a virus with worm characteristics that downloads and runs the Trojan detected as Downloader.DNX.Tenga.A shows a very a complex infection routine, which it uses in order to infect all the executable files on the computer, excepting NTOSKRNL.EXE
W32/Mytob-DU
This malware was reported by: Sophos
W32/Sdbot-AAZ
This malware was reported by: Sophos
W32.Opanki.D
This malware was reported by: Symantec
W32.Opanki.D is a worm that connects to a remote server and sends a malicious URL through AOL Instant Messenger.
Note: Virus definitions dated prior to July 21, 2005 detect this threat as W32.Allim.
W32/Kelvir.worm.ea
This malware was reported by: Network Associates Inc
The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.
Later variants of this threat are used more like a spam tool than a worm
W32.Mytob.IE@mm
This malware was reported by: Symantec
W32/Kelvir.worm.dz
This malware was reported by: Network Associates Inc
The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.
Later variants of this threat are used more like a spam tool than a worm
W32/Mytob-IN
This malware was reported by: Sophos
W32/Opanki-F
This malware was reported by: Sophos
W32/Mytob.eu@MM
This malware was reported by: Network Associates Inc
This worm is proactively detected as New Malware.f when scanning with program heuristics enabled using the 4539 DAT files or greater. It may also be detected as Generic Malware.a!zip with email scanners.
This detection is for a mass-mail
PWSteal.Bankash.F
This malware was reported by: Symantec
PWSteal.Bankash.F is a Trojan horse program that attempts to steal user names and passwords.
SymbOS.Doomboot.C
This malware was reported by: Symantec
SymbOS.Doomboot.C is a Trojan horse that drops corrupt files and copies of other threats on to the compromised device. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.
SymbOS.Doomboot.B
This malware was reported by: Symantec
SymbOS.Doomboot.B is a Trojan horse that drops corrupt files containing SymbOS.Cabir, SymbOS.MGDropper, and SymbOS.Skulls.L on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephon
SymbOS.Skulls.L
This malware was reported by: Symantec
SymbOS.Skulls.L is a Trojan horse that affects Symbian series 60 phones. The Trojan overwrites several applications and replaces the application icons with skull icons.
Adware-DigitalNames
This malware was reported by: Network Associates Inc
PWSteal.Omerstroke
This malware was reported by: Symantec
PWSteal.Omerstroke is a Trojan horse that monitors the AOL interface and emails passwords to a predetermined address. It also monitors open IM windows in the AOL interface and may send the captured IM messages to a predetermined AOL chatroom.
W32/Kelvir-AQ
This malware was reported by: Sophos
QHosts-14
This malware was reported by: Network Associates Inc
ProcKill-CG
This malware was reported by: Network Associates Inc
E-eliminator
This malware was reported by: Panda Software
Keylog-Elt
This malware was reported by: Network Associates Inc
ProcKill-BZ
This malware was reported by: Network Associates Inc
Adware-Need2Find
This malware was reported by: Network Associates Inc
Delete these directories
%programfilesdir%\NEED2FIND\BAR\1.BIN
%programfilesdir%\NEED2FIND\BAR
%programfilesdir%\NEED2FIND
Delete these files
%programfilesdir%\NEED2FIND\BAR\1.BIN\N2FFXTBR.JAR
%programfilesdir%\NEED2FIND\BAR\1.BIN\N2NTSTBR.JAR
%programfilesdir%\NEED2FIND\BAR\1.BIN\N2PLUGIN.DLL
%programfilesdir%\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL
NPND2FN.DLL
%programfilesdir%\NEED2FIND\BAR\1.BIN\PARTNER.DAT
Delete the following keys
NEED2FINDBAR.SETTINGSPLUGIN
NEED2FINDBAR.SETTINGSPLUGIN.1
NEED2FINDBAR.TOOLBARPLUGIN
NEED2FINDBAR.TOOLBARPLUGIN.1
NEED2FINDBAR.SETTINGSPLUGIN
NEED2FINDBAR.SETTINGSPLUGIN.1
NEED2FINDBAR.TOOLBARPLUGIN
NEED2FINDBAR.TOOLBARPLUGIN.1
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
{630D6140-04C5-4DB0-B27A-020D766FF09B}
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
{014DA6C9-189F-421A-88CD-07CFE51CFF10}
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
{630D6140-04C5-4DB0-B27A-020D766FF09B}
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
BAR
NEED2FIND
NEED2FINDBAR UNINSTALL
{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
Delete the following registry values
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
Adware-Instafinder
This malware was reported by: Network Associates Inc
Adware-ClearSurfing
This malware was reported by: Network Associates Inc
W32/Kelvir-AR
This malware was reported by: Sophos
Troj/Brospy-A
This malware was reported by: Sophos
Trojan.Abwiz.C
This malware was reported by: Symantec
Trojan.Abwiz.C is a Trojan horse that downloads and executes remote files and sends confidential system information to a remote attacker.
W32/Sdbot.worm.gen.bx!60416
This malware was reported by: Network Associates Inc
This worm has been packed using the AntiDeb packer in order to avoid detection by Anti-Virus vendors.
It spreads via network shares checking for the existence of the following mapped drives on the compromised system:
C:, D:, E:, F:, G:,
W32/Sdbot-AAY
This malware was reported by: Sophos
Troj/Bancos-DH
This malware was reported by: Sophos
CouponBar.dr
This malware was reported by: Network Associates Inc
W32/Mytob-HM
This malware was reported by: Sophos
Trojan.Helemoo
This malware was reported by: Symantec
Trojan.Helemoo is a back door Trojan that exploits the Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability (described in Microsoft Security Bulletin MS05-020).
Troj/Mdrop-F
This malware was reported by: Sophos
Troj/Borobot-I
This malware was reported by: Sophos
Trojan.Desktophijack.C
This malware was reported by: Symantec
Trojan.Desktophijack.C is a Trojan horse that modifies the desktop settings on the compromised computer.
Troj/DownLdr-HI
This malware was reported by: Sophos
Troj/Iyus-N
This malware was reported by: Sophos
W32.Mytob.IG@mm
This malware was reported by: Symantec
W32.Mytob.IG@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
W32/Mytob-DW
This malware was reported by: Sophos
Troj/Bancban-DV
This malware was reported by: Sophos
W32/Mytob-DU
This malware was reported by: Sophos
W32.Mytob.IH@mm
This malware was reported by: Symantec
W32.Mytob.IH@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
CouponBar
This malware was reported by: Network Associates Inc
W32/Mytob-IN
This malware was reported by: Sophos
Troj/Myftu-H
This malware was reported by: Sophos
PWS-Behz
This malware was reported by: Network Associates Inc
W32.Rants.C@mm
This malware was reported by: Symantec
W32.Rants.C@mm is a mass-mailing worm that spreads using Collaboration Data Objects (CDO) and the America Online user interface. It also ends security-related processes and disables Windows security features.
W32/Rbot-AJA
This malware was reported by: Sophos
W32/Kelvir-AR
This malware was reported by: Sophos
Redhand
This malware was reported by: Panda Software
Redhand is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Redhand monitors all the actions that the user carries out on
Ip-Harvester
This malware was reported by: Panda Software
Ip-Harvester is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Ip-Harvester sends advertising messages to computers con
RiotImmort-510
This malware was reported by: Sophos
W32/Sdbot-AAY
This malware was reported by: Sophos
W32/Mytob-DX
This malware was reported by: Sophos
W32/Mytob-HM
This malware was reported by: Sophos