Trojan-PSW.Win32.QQspy.f
This malware was reported by: F-Secure
Trojan.Win32.Puper.ak
This malware was reported by: F-Secure
W32/Kelvir.worm.eh
This malware was reported by: Network Associates Inc
The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.
Later variants of this threat are used more like a spam tool than a worm
Troj/Nailpol-A
This malware was reported by: Sophos
W32/Mytob-DY
This malware was reported by: Sophos
BAT/Monad
This malware was reported by: Network Associates Inc
This detection covers several proof of concept viruses targeting the Microsoft Command Shell, which may be included in a future version of the Microsoft Windows operating system. These viruses are not currently a threat to end users.
Backdoor.Mousey
This malware was reported by: Symantec
Backdoor.Mousey is a Trojan horse that opens a back door and allows a remote attacker to have unauthorized access to a compromised computer via IRC channels.
Note: Definitions dated prior to August 10, 2005 may detect this threat as Backdoor.IRC.Bot.
W32/Sdbot-ABR
This malware was reported by: Sophos
W32/Tilebot-B
This malware was reported by: Sophos
IRC-Itlebot
This malware was reported by: Network Associates Inc
Troj/Litebot-A
This malware was reported by: Sophos
BAT/Danom
This malware was reported by: Network Associates Inc
This detection covers several proof of concept viruses targeting the Microsoft Command Shell, which may be included in a future version of the Microsoft Windows operating system. These viruses are not currently a threat to end users.
Damon.A
This malware was reported by: Panda Software
Damon.A is a proof of concept virus that infects files with an MSH extension.MSH (Microsoft Shell), also known as Monad, is a shell that will replace earlier shells, such as cmd and command. New characteristics of MSH include the capability to interact w
Damon.B
This malware was reported by: Panda Software
Damon.B is a proof of concept virus that uses the technique known as cross infection in order to infect files with a BAT, CMD and MSH extension.Using cross infection, Damon.B can replicate by running from the batch scripting interpreter or the MSH interp
Damon.C
This malware was reported by: Panda Software
Damon.C is a proof of concept virus that uses the technique known as EPO (Entry Point Obscuring) in order to infect files with an MSH extension.By using this method, Damon.C adds its own code to an intermediate point of the code of the original file, whi
Damon.D
This malware was reported by: Panda Software
Damon.D is a proof of concept virus that overwrites the files with an MSH extension that are in its same directory with a copy of its own code. MSH (Microsoft Shell), also known as Monad, is a shell that will replace earlier shells, such a
Damon.E
This malware was reported by: Panda Software
Damon.E is a proof of concept virus that uses the technique known as prepending in order to infect files with an MSH extension.This technique consists in adding its own code to the beginning of the original file. MSH (Microsoft Shell), also known as
Troj/BMDrop-A
This malware was reported by: Sophos
Troj/BMDrop-A will drop and execute a file to the Windows system folder with the name index.exe.
At the time of analysis this file is detected as Troj/Dloader-RM.
W32/Fan-A
This malware was reported by: Sophos
W32/Fan-A is a worm for the Windows platform.
W32/Fan-A searches for open Microsoft Word documents and Microsoft Excel spreadsheets and copies itself into the folder containing the document using the same name as the document and an exten
Rewrit.b
This malware was reported by: Network Associates Inc
Troj/HideProc-H
This malware was reported by: Sophos
Troj/HideProc-H is a DLL used for hiding processes.
Malicious software may install Troj/HideProc-H in order to prevent itself from being listed by the Windows Task Manager.
W32/Mytob-DZ
This malware was reported by: Sophos
W32/Mytob-DZ is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-DZ spreads through email. W32/Mytob-DZ harvests email addresses from files on the infected computer an
W32/Bagle-BW
This malware was reported by: Sophos
W32/Bagle-BW is a worm and backdoor for the Windows platform.
W32/Bagle-BW spreads via file sharing on P2P networks and via email.
Emails sent by the worm have the following characteristics:
Subject line: randomly chosen from a list
Trojan.Tooso.K
This malware was reported by: Symantec
Trojan.Tooso.K is a Trojan horse that lowers security settings by ending processes, stopping services, removing registry entries, and deleting files.
W32.Beagle.CC@mm
This malware was reported by: Symantec
W32.Beagle.CC@mm is a mass-worm that uses its own SMTP engine to send out copies of Trojan.Tooso.K. The worm also opens a back door on the compromised computer on TCP port 80.
W32/Sdbot-ABV
This malware was reported by: Sophos
W32/Sdbot-ABV is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ABV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC c
W32/Sdbot-ABS
This malware was reported by: Sophos
W32/Sdbot-ABS is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-ABS connects to a predetermined IRC channel and awaits further commands from remote users.
The worm spreads through network shares protecte
Bagle.BY
This malware was reported by: F-Secure
Trojan.Wayphisher.B
This malware was reported by: Symantec
Trojan.Wayphisher.B is a Trojan horse that modifies the hosts file and redirects HTTP access from financial sites to a predetermined Web site chosen.
W32.Qdens.E
This malware was reported by: Symantec
W32.Qdens.E is a worm that lowers security settings and spreads through the instant messenger programs QQ Messenger and Tencent Messenger.
Blankfont.A
This malware was reported by: F-Secure
Blankfont.A is a SIS file trojan that installs corrupted Font file into
infected device. The corrupted font does not cause device to crash, but
if the device is rebooted it will lose the system font, and is unable to
display user interface texts.
W32/Mytob-ED
This malware was reported by: Sophos
W32/Mytob-ED is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-ED includes functionality to change browser settings.
W32/Mytob-ED is capable of spreading through
W32/Rbot-AKA
This malware was reported by: Sophos
W32/Rbot-AKA is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-AKA spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system v
Troj/Nailpol-A
This malware was reported by: Sophos
Troj/Nailpol-A is a Trojan for the Windows platform.
Troj/Nailpol-A contains functionality to download further malicious code.
Troj/Nailpol-A may monitor the internet usage of an infected computer.
Adware-Url.gen
This malware was reported by: Network Associates Inc
W32/Sdbot-ABR
This malware was reported by: Sophos
W32/Sdbot-ABR is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ABR spreads to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil and W32/MyDoom.
W32/Sdbot-ABR attempts to log keystrokes to
Bloodhound.Exploit.42
This malware was reported by: Symantec
Bloodhound.Exploit.41
This malware was reported by: Symantec
Bloodhound.Exploit.41 is a heuristic detection for the Anchorclick Behavior Cross Frame Scripting Vulnerability, (as described in Microsoft Security Bulletin MS05-038).
Rbot.xt
This malware was reported by: F-Secure
W32/Mytob-JM
This malware was reported by: Sophos
W32/Mytob-JM is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-JM spreads through email. W32/Mytob-JM harvests email addresses from files on the infected computer
Troj/Litebot-A
This malware was reported by: Sophos
Troj/Litebot-A is a Trojan for the Windows platform.
Troj/Litebot-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
MS Vulnerability MS05-043
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-042
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-041
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-040
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-039
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-038
This malware was reported by: Network Associates Inc
Adware-AppsTraka
This malware was reported by: Network Associates Inc
MS05-038
This malware was reported by: Panda Software
Troj/BankSnif-B
This malware was reported by: Sophos
Troj/BankSnif-B is an information stealing Trojan for the Windows platform.
The Trojan modifies the HOSTS file (typically located in <System>driversetcHOSTS) redirecting preconfigured domains to the local computer where the Troja
MS05-039
This malware was reported by: Panda Software
SymbOS.Blankfont.A
This malware was reported by: Symantec
SymbOS.Blankfont.A is a Trojan horse that drops a corrupt GDR font file onto the compromised device. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.
It is reported that the trojan arrives as the
MS05-040
This malware was reported by: Panda Software
MS05-043
This malware was reported by: Panda Software
MS05-041
This malware was reported by: Panda Software
MS05-042
This malware was reported by: Panda Software
Troj/Oran-A
This malware was reported by: Sophos
Troj/Oran-A is a a backdoor Trojan for the Windows platform that allows full remote access capabilities via a remote client.
The client application allows the creation of server applets which act as the backdoor when installed on the infe
Troj/BMDrop-A
This malware was reported by: Sophos
Troj/BMDrop-A will drop and execute a file to the Windows system folder with the name index.exe.
At the time of analysis this file is detected as Troj/Dloader-RM.
Troj/HideProc-H
This malware was reported by: Sophos
Troj/HideProc-H is a DLL used for hiding processes.
Malicious software may install Troj/HideProc-H in order to prevent itself from being listed by the Windows Task Manager.
X97M.Sarsnan
This malware was reported by: Symantec
X97M.Sarsnan is a macro virus that infects Microsoft Excel workbooks
W32.Beagle.CD@mm
This malware was reported by: Symantec
W32.Beagle.CD@mm is a mass-mailing worm that opens a back door on the compromised computer on TCP port 80.
WORM_KELVIR.CH
This malware was reported by: Trendmicro
This worm propagates via the instant messaging application MSN Messenger. It sends an instant message to all the online contacts of an affected user. The said instant message contains the following detail:
TROJ_BAGLE.AA
This malware was reported by: Trendmicro
This memory-resident Trojan opens the application Mspaint, then drops a copy of itself in the Windows system folder as WINSHOST.EXE. It also drops its DLL component using the file name WIWSHOST.EXE. The dropped DLL carries malicious routines.
WORM_MYTOB.JM
This malware was reported by: Trendmicro
Like other MYTOB variants, this worm propagates by sending a copy of itself to email addresses harvested from the default address book of the system. It uses its own SMTP (Simple Mail Transfer Protocol) engine for its mailing routine.
TROJ_DROPPER.JA
This malware was reported by: Trendmicro
This Trojan arrives on a system as an attachment to an email message that contains the following details:
BKDR_LITBOT.A
This malware was reported by: Trendmicro
This backdoor program is dropped by TROJ_DROPPER.JA.
WORM_CHOD.D
This malware was reported by: Trendmicro
This worm may arrive via email or via the instant messaging application, MSN Messenger. It spreads by sending copies of itself as an attachment to email messages, which it sends to different addresses. It gathers these addresses from the Windows reg
WORM_BAGLE.BN
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
WORM_BAGLE.BM
This malware was reported by: Trendmicro
PE_BOBAX.AB
This malware was reported by: Trendmicro
WORM_REATLE.E
This malware was reported by: Trendmicro
This worm propagates via email. It sends copies of itself as attachments to email messages that it sends out using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_REATLE.D
This malware was reported by: Trendmicro
This worm propagates via email. It sends copies of itself as attachments in email messages that it sends out using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_MYTOB.JH
This malware was reported by: Trendmicro
Like other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_MYTOB.JF
This malware was reported by: Trendmicro
WORM_XIPI.A
This malware was reported by: Trendmicro
This worm propagates by dropping copies of itself into known shared folders of popular peer-to-peer (P2P) file sharing applications.
WORM_MYTOB.IG
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target addresses gathered on an affected system using its own Simple Mail Transfer Protocol (SMTP
WORM_KELVIR.BZ
This malware was reported by: Trendmicro
This memory-resident worm propagates via MSN Messenger. It sends the following message to all online contacts of an affected user:
WORM_MYTOB.HU
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_BAGLE.BD
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
WORM_MYTOB.IV
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
WORM_MYTOB.HO
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
W32/Tilebot-D
This malware was reported by: Sophos
W32/Tilebot-D is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels.
W32/Tilebot-D spreads to network sha
W32/Sdbot-ABV
This malware was reported by: Sophos
W32/Sdbot-ABV is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ABV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC c
Bloon.E
This malware was reported by: Computer Associates
Litbot.A
This malware was reported by: Computer Associates
Description Win32.Litbot.A is an IRC-controlled backdoor trojan that allows unauthorized remote access to an affected machine. Computer Associates have received repo
Nochod.D
This malware was reported by: Computer Associates
Description Win32.Nochod.D is an IRC controlled worm that can spread via MSN Messenger. It has been distributed as a 112,923-byte, MEW-packed, Win32 executable.
Canbede.J
This malware was reported by: Computer Associates
Description Canbede.J is a backdoor trojan that downloads its commands from a remote site registered in Panama.
Tansid.A
This malware was reported by: Computer Associates
Description Win32.Tansid.A is a downloading trojan that installs itself as a Browser Helper Object.
Wadnock Family
This malware was reported by: Computer Associates
Description Win32.Wadnock are a family of worms that spread by exploiting Windows vulneribilities. They also disable direct access to Internet banking sites and have
Spudrag
This malware was reported by: Computer Associates
Description Win32/Spudrag is a family of trojans dropped by several Win32.Alemod variants to display a fake infected message. This message is intended to intimidate
Sundor.A
This malware was reported by: Computer Associates
Description W97M/Sundor.A is a Word macro virus that infects Word 2000 and later documents. It replicates when an infected document is closed.
Chooket.A
This malware was reported by: Computer Associates
Description Win32.Chooket.A is a keylogging trojan that records sensitive information and sends it to a remote location.
Pinteep Family
This malware was reported by: Computer Associates
Description Win32.Pinteep is a family of multi-component trojans that give an attacker unauthorized access to an affected machine. This access may include stealing s
Jginko.A
This malware was reported by: Computer Associates
Description Win32.Jginko.A is a password stealing trojan.
Secdrop.HS
This malware was reported by: Computer Associates
Description Win32.Secdrop.HS is a trojan that is used to lower security settings in Internet Explorer by modifying the registry.
Reatle.B
This malware was reported by: Computer Associates
Description Win32.Reatle.B is a worm that spreads via e-mail and by exploiting the Microsoft Windows LSASS buffer overflow vulnerability. It has been distributed as
Wren.A
This malware was reported by: Computer Associates
Description Win32.Wren.A is a trojan that downloads and installs potentially unwanted files onto an affected system.
Eyeveg.F
This malware was reported by: Computer Associates
Description Win32.Eyeveg.F is a worm that spreads via e-mail, and may be ordered by a remote controller to spread via network shares. It also acts as a keylogger, al
Backdoor.Microkos
This malware was reported by: Symantec
Backdoor.Microkos is a Trojan horse that opens a back door and allows unauthorized access to the compromised computer.
NTRootkit-L
This malware was reported by: Network Associates Inc