Appdisabler.C
This malware was reported by: F-Secure
Appdisabler.C is a malicious SIS file trojan, which tries to disable
large number of third party applications.
W32.Esbot.B
This malware was reported by: Symantec
W32/Sdbot.worm!51326
This malware was reported by: Network Associates Inc
This worm exploits the MS05-039 vulnerability. There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability. They may be seen with the filenames pnpsrv.exe or winpnp.exe.
See http://vil.nai.com/vil
IRCBot.ex
This malware was reported by: F-Secure
This IRC-based backdoor-worm was found on August 17th, 2005. It
is very similar to the IRCBot.es that was found 2 days earlier.
The backdoor provides unauthorised access to an infected computer
and also has the capability to spread to remote computers
IRCbot.KD
This malware was reported by: Panda Software
IRCbot.KD is a worm that connects to a certain IP address, acting as a backdoor.Additionally, it ends several processes belonging to other malware such as previous variants of Zotob and IRCbot, among others.IRCbot.KD spreads across the Internet, by explo
WORM_ZOTOB.F
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
W32.Zotob.G
This malware was reported by: Symantec
W32/Bozori.worm.b
This malware was reported by: Network Associates Inc
This detection is for a worm that propagates by exploiting systems which are not yet patched for the MS05-039 vulnerability. It is similar to the recent W32/IRCBot.worm!MS05-039
variant.
IRC functionality
This worm is designed to
ModemSpy
This malware was reported by: Panda Software
ModemSpy is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.ModemSpy can record telephonic calls, conversations and mess
Bozori.C
This malware was reported by: F-Secure
Bozori.C is IRC-based backdoor-worm that was found on August 17th, 2005.
The backdoor provides unauthorized access to an infected computer and
also has the capability to spread to remote computers using the
PNP exploit (MS05-039). This variant is func
WORM_ESBOT.C
This malware was reported by: Trendmicro
This worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding the said vulnerability, refer to the following Microsoft Web page:
Drugtob.A
This malware was reported by: Computer Associates
W32.Zotob.H
This malware was reported by: Symantec
W32.Zotob.H is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) on TCP port 445.
Note: While computers running Windows 95/98/Me/NT4/XP
Tpbot.B
This malware was reported by: Computer Associates
Tpbot.C
This malware was reported by: Computer Associates
Esbot.C
This malware was reported by: Computer Associates
Qweasy.A
This malware was reported by: Computer Associates
Toxbot.AV
This malware was reported by: Computer Associates
Mitglieder.EK
This malware was reported by: Panda Software
Mitglieder.EK is a Trojan that attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes key files for their correct functioning.It deletes entries
HTML_BINDSHELL.B
This malware was reported by: Trendmicro
WORM_MYTOB.JU
This malware was reported by: Trendmicro
Processor
This malware was reported by: Panda Software
Processor is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Processor is a command line application that can be locally
WORM_MYTOB.JT
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
Adware-Horoscope.dr
This malware was reported by: Network Associates Inc
Cmdow.A
This malware was reported by: Panda Software
Cmdow.A is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Cmdow.A is a command line utility that does not need to be in
Backdoor.Darkmoon
This malware was reported by: Symantec
Backdoor.Darkmoon is a Trojan horse that opens a back door on a compromised computer and has keylogging capabilities.
Adware-SideSearch.dr
This malware was reported by: Network Associates Inc
Adware-SAHAgent.dr
This malware was reported by: Network Associates Inc
Joke-Melter
This malware was reported by: Network Associates Inc
W32.Zotob.I
This malware was reported by: Symantec
WORM_ZOTOB.I
This malware was reported by: Trendmicro
This memory-resident worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the following Microsoft Web page:
Efewe.H
This malware was reported by: Computer Associates
Efewe.G
This malware was reported by: Computer Associates
Sniff-ProxyAuth
This malware was reported by: Network Associates Inc
W32/Zotob.worm.d
This malware was reported by: Network Associates Inc
This worm exploits the MS05-039 vulnerability. See http://vil.nai.com/vil/content/v_135434.htm
This self-executing worm spreads by exploiting Windows2000 MS05-039 vulnerable systems in order to instruct those systems to download and execu
W32.Spybot.UOL
This malware was reported by: Symantec
W32.Spybot.UOL is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bul
W32.Gaobot.DXO
This malware was reported by: Symantec
W32.Gaobot.DXO is a network-aware worm with back door capabilities that can be controlled through IRC channels and spreads to network shares protected by weak passwords. It also attempts to lower security settings by ending processes.
WORM_ZOTOB.H
This malware was reported by: Trendmicro
This worm arrives via email, or by using a vulnerability in Windows. Upon execution, it drops a copy of itself as FUCK.EXE in the Windows system folder.
W32.Esbot.C
This malware was reported by: Symantec
Backdoor.Tixanbot
This malware was reported by: Symantec
Backdoor.Tixanbot is a Trojan horse that gives a remote attacker control over the compromised computer. It also ends security-related processes, stops services, and sends links to other users using MSN Messenger.
Adclicker-DF
This malware was reported by: Network Associates Inc
Rbot.DGG
This malware was reported by: Computer Associates
PWSteal.Flecsip.B
This malware was reported by: Symantec
PWSteal.Flecsip.B is a password stealing Trojan horse that logs passwords and other confidential data entered by the user onto Internet Explorer Web pages. The Trojan saves a log file with stolen data and sends it to a remote attacker.
Hupigon.BS
This malware was reported by: Panda Software
Hupigon.BS is a backdoor that receives remote control commands such as logging the keystrokes typed by the user, obtaining files from the affected computer, downloading files to the affected system in order to run them later, capturing screenshots or che
Fuetel.T
This malware was reported by: Panda Software
Adware-WebSearch4u
This malware was reported by: Network Associates Inc
W32.Guapim
This malware was reported by: Symantec
W32.Guapim is a worm that spreads through Instant Messenger programs and file-sharing networks. It attempts to lower security settings on the compromised computer and may download and execute a copy of W32.Spybot.Worm.
WORM_MYTOB.JX
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Using its own SMTP
Bloodhound.Morphine
This malware was reported by: Symantec
Symantec antivirus products exclusively use the virus name Bloodhound.Morphine when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actu
W32.Zotob.J@mm
This malware was reported by: Symantec
W32.Ruland.A@mm
This malware was reported by: Symantec
W32.Ruland.A@mm is a mass-mailing worm that spreads using Microsoft Outlook and downloads a Trojan Horse.
Backdoor.IRC.Litebot
This malware was reported by: Symantec
Backdoor.IRC.Litebot is a Trojan horse that opens a back door to a remote IRC server allowing a remote attacker access to the compromised computer and lowers security settings.
Adware-2020Search
This malware was reported by: Network Associates Inc
W32.Zotob.K
This malware was reported by: Symantec
W32.Zotob.K is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) on TCP port 445.
Note: While computers running Windows 95/98/Me/NT4/XP
KGBSpy
This malware was reported by: Panda Software
KGBSpy is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.KGBSpy logs the keystrokes typed by the user, but a filter can
Backdoor.Mepcod
This malware was reported by: Symantec
Backdoor.Mepcod is a Trojan horse that opens a back door and downloads a file containing additional commands.
W32.Kelvir.HI
This malware was reported by: Symantec
W32.Kelvir.HI is a worm that drops a copy of W32.Spybot.Worm and spreads through MSN Messenger.
WORM_REATLE.F
This malware was reported by: Trendmicro
This worm propagates via email. It spreads copies of itself as attachments to email messages that it sends out using its own Simple Mail Transfer Protocol (SMTP) engine.
Lebreat.i
This malware was reported by: F-Secure
Lebreat.i is a network worm spreading through a vulnerability in Windows
Plug and Play service (MS05-039).
Lebreat.m
This malware was reported by: F-Secure
Lebreat.m is a mass mailer and network worm spreading through a vulnerability in Windows Plug and Play service (MS05-039).
Adware-Lop.dr
This malware was reported by: Network Associates Inc
W32.Zotob.L
This malware was reported by: Symantec
W32.Zotob.L is a worm that opens a back door and exploits various vulnerabilities. The worm spreads by exploiting vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS0
IRCBot.KN
This malware was reported by: Panda Software
IRCBot.KN is a backdoor that connects to an IRC server in order to receive remote control commands. It can be instructed to search for computers to affect, launch DoS (Denial of Service) attacks, download files, etc.IRCBot.KN does not spread by its own m
Agent.AII
This malware was reported by: Panda Software
Agent.AII is a Trojan that logs keystrokes entered by the user while accessing websites whose address contain any of the following text strings:1MDC, e-bullion, e-gold, GoldMoney, http://pleskin.com.ua/part3.config, https://www.e-gold.com/acct/accountinf
Downloader.EJD
This malware was reported by: Panda Software
Downloader.EJD is a Trojan that downloads other Trojan to the affected computer from a certain website. That Trojan is detected as Agent.AII.In turn, Agent.AII downloads and installs other malware, which logs the keystrokes typed by the user while access
W32.Reatle.I@mm
This malware was reported by: Symantec
W32.Mytob.JF@mm
This malware was reported by: Symantec
W32.Mytob.JF@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
Reatle.F
This malware was reported by: Computer Associates
Description Win32.Reatle.F is a worm that spreads via e-mail and by exploiting the LSASS buffer overflow (MS04-011) and PnP service bufferoverflow (MS05-039) vulnera
Bagle.BP
This malware was reported by: Computer Associates
Description Win32.Bagle.BP is a worm that spreads via e-mail and peer-to-peer file sharing networks. It has been distributed as a 21,696-byte Win32 executable, and h
Reaplug.A
This malware was reported by: Computer Associates
Description Win32.Reaplug.A is a worm which spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (MS05-039). It has been d
Doomboot.B
This malware was reported by: F-Secure
Doomboot.B is close variant to Doomboot.A. The major difference between
Doomboot.B and Doomboot.A is that the Doomboot.B does not contain Commwarrior
and contains application that reboots the phone.
Doomboot.B pretends to be an utility that can be u
Adware-LNK.gen
This malware was reported by: Network Associates Inc
Trojan.Webus.I
This malware was reported by: Symantec
Trojan.Webus.I is a Trojan horse that connects to an IRC server and opens a back door on the compromised computer.
Nochod.I
This malware was reported by: Computer Associates
Rbot.DHM
This malware was reported by: Computer Associates
Qweasy.B
This malware was reported by: Computer Associates
Description Win32.Qweasy.B is a worm that spreads via e-mail and by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (MS05-039).
Defial.A
This malware was reported by: Computer Associates
Description Win32.Defial.A is a trojan that steals sensitive information from the affected machine. The trojan consists of two components;a 63,566-byte, PECompact-pa
Drugtob.C
This malware was reported by: Computer Associates
Description Win32.Drugtob.C is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability (MS05-039). The worm also
Sdbot.ESE
This malware was reported by: Panda Software
Sdbot.ESE is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, launch DoS (Denial of Service) attacks, add or remove shared resources, search for
W32.Mytob.JH@mm
This malware was reported by: Symantec
W32.Mytob.JH@mm is a mass-mailing worm the opens a back door and lowers security settings on the compromised computer.
New Malware.q
This malware was reported by: Network Associates Inc
W32/Lovsan.worm.a
This malware was reported by: Network Associates Inc
-- Update 21 April 2004 --
A new variant was discovered and was proactively detected as Exploit-DcomRpc
with the 4289 DAT files when scanning compressed executables (default setting)
eschlp.exe
(66,048 bytes)
Detection for this
W32.Bobax.AH@mm
This malware was reported by: Symantec
Adware-SafeSurf.dll
This malware was reported by: Network Associates Inc
WORM_ZOTOB.E
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Trojan.Cdtray
This malware was reported by: Symantec
Trojan.Cdtray is a Trojan horse that repeatedly opens and closes the CD-ROM drive.
Downloader-YN
This malware was reported by: Network Associates Inc
WORM_RBOT.CDX
This malware was reported by: Trendmicro
Downloader-XZ
This malware was reported by: Network Associates Inc
W32/Alcan.worm!p2p
This malware was reported by: Network Associates Inc
PE_BOBAX.AF
This malware was reported by: Trendmicro
This memory-resident virus infects all executable (EXE) files running on an affected system by appending its code to a target file. It does not have an infection marker, thus it can reinfect files upon startup.
WORM_SAVAGE.A
This malware was reported by: Trendmicro
Upon initial execution, this memory-resident worm creates the file Me^sa~e#4% in the Windows temporary folder. It executes the said file using Notepad, and displays the following:
PE_BOBAX.AF-O
This malware was reported by: Trendmicro
This is the detection for the mother virus of PE_BOBAX.AF.
Alemod.H
This malware was reported by: Computer Associates
DlWreck Family
This malware was reported by: Computer Associates
Description Win32.DlWreck are a family of trojans that download and execute other malware. They also inject their main functionality into Internet Explorer in an att
Trojan.Exphook
This malware was reported by: Symantec
Rbot.DJX
This malware was reported by: Computer Associates
Cadomesk.A
This malware was reported by: F-Secure
Cadomesk.A is a SIS file trojan that is quite similar to SymbOS/Bootton.A
Symbian trojan.
Cadomesk.A contains files from Skulls.A, Skulls.D and Bootton.A, Doomboot.A
and drops Doomboot.A and Cabir.G on the device.
Like Bootton.A Cadomesk.A replaces
Cabir.Z
This malware was reported by: F-Secure
Cabir.Z is a minor variant of Cabir.B the only significant
difference is that Cabir.Z Spreads in QEX00R.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
W97M.Anisc.B
This malware was reported by: Symantec
W97M.Anisc.B is a macro virus that infects Microsoft Word documents. It changes the properties of Word documents and lowers the marco security settings.