W32/Reatle.f@MM
This malware was reported by: Network Associates Inc
This detection is for several variants of a mass-mailing worm written in MSVC, and packed with NSPACK. The worm bears the following characteristics:
contains its own SMTP engine for mailing itself outgoing messages have spoofed From: addres
WORM_BOBAX.AE
This malware was reported by: Trendmicro
This memory-resident worm arrives as a dropped file of another malware. It spreads via email, and infiltrates systems that are unpatched against certain Microsoft vulnerabilities.
AdClicker-AJ
This malware was reported by: Network Associates Inc
W32.Mailbancos@mm
This malware was reported by: Symantec
W32.Mailbancos@mm is a worm that downloads and executes a copy of PWSteal.Bancos and sends emails to addresses gathered from the compromised computer.
Banker.AMQ
This malware was reported by: Panda Software
Banker.AMQ is a Trojan with backdoor characteristics that monitors if the user accesses the websites belonging to several Brazilian banking entities. Then, it uses Internet Explorer in order to display a malicious web page that imitates the legitimate on
007Spy
This malware was reported by: Panda Software
007Spy is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.007Spy logs the keystrokes typed by the user and the websites
KeyMask
This malware was reported by: Panda Software
KeyMask is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.KeyMask logs the keystrokes typed by the user, which can be u
AdClicker-BA.dll
This malware was reported by: Network Associates Inc
Downloader-ACV
This malware was reported by: Network Associates Inc
Adware-ZangoSA
This malware was reported by: Network Associates Inc
Backdoor.Graybird.O
This malware was reported by: Symantec
Backdoor.Graybird.O is a Trojan horse that opens a back door and contacts a remote attacker for additional commands.
BKDR_ROBOBOT.AH
This malware was reported by: Trendmicro
This destructive, memory-resident backdoor program may arrive on a system as a downloaded file of TROJ_DLOADER.YD.
WORM_AHKER.J
This malware was reported by: Trendmicro
Like most worms from the WORM_AHKER family, this variant also arrives as an attachment to email messages.
W97M.Nometz.A
This malware was reported by: Symantec
W97M.Nometz.A is a macro virus that infects Microsoft Word documents. It lowers the macro security settings, deletes files and sends out Word documents.
Mail Bomb
This malware was reported by: F-Secure
NetSky.K
This malware was reported by: F-Secure
This is yet another Netsky variant. It drops itself as WINLOGON.EXE to
Windows directory.
Appdisabler.D
This malware was reported by: F-Secure
Appdisabler.D is a malicious SIS file trojan, which tries to disable
large number of third party applications in Nokia 7710 phones.
However due to implementation error the Appdisabler.D does not seem to
be able to install in Nokia 7710 phones. Appdi
Downloader.ENC
This malware was reported by: Panda Software
Downloader.ENC is a Trojan that downloads a variant of the worm Dedler to the affected computer.Downloader.ENC does not spread by its own means. It reaches the computer when the user access certain malicious web pages that exploit the Internet Explorer v
Adware-Adroar.dr
This malware was reported by: Network Associates Inc
WORM_MYTOB.HF
This malware was reported by: Trendmicro
Similar to other WORM_MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
BackDoor-CHJ.cli
This malware was reported by: Network Associates Inc
Keylog-Logit
This malware was reported by: Network Associates Inc
Adware-Apropos.dr
This malware was reported by: Network Associates Inc
BackDoor-CHJ.srv
This malware was reported by: Network Associates Inc
BackDoor-CUC.dr
This malware was reported by: Network Associates Inc
Downloader-MX
This malware was reported by: Network Associates Inc
KeyLogger.c.cfg
This malware was reported by: Network Associates Inc
BackDoor-CUC
This malware was reported by: Network Associates Inc
Keylog-Fearless
This malware was reported by: Network Associates Inc
FakeSecure
This malware was reported by: Network Associates Inc
KeyLogger.c
This malware was reported by: Network Associates Inc
WORM_WURMARK.O
This malware was reported by: Trendmicro
This memory-resident worm propagates via email. A copy of this worm disguises itself as an attachment to a spammed email with an attractive Subject line. Once an unsuspecting user opens the said attachment, this worm automatically executes on a
Generic Downloader.h
This malware was reported by: Network Associates Inc
Trojan.Flush.E
This malware was reported by: Symantec
Trojan.Flush.E is a Trojan horse that modifies the DNS server settings on a compromised computer and redirects the browser to potentially malicious Web sites.
Trojan.Gargafx
This malware was reported by: Symantec
Trojan.Gargafx is a Trojan horse that downloads remote files and attempts to hide its presence on the compromised computer.
PE_BOBAX.AC
This malware was reported by: Trendmicro
This memory-resident, file-infector usually arrives on a system as an attachment to email messages.
W97M.Lunedo
This malware was reported by: Symantec
W97M.Lunedo is a destructive macro virus that deletes files in certain folders and infects the Normal.dot file.
Nochod.J
This malware was reported by: Computer Associates
Description Win32.Nochod.J is an IRC controlled worm that can spread via the MSN Messenger and AOL Instant Messenger networks. It has been distributed as a 119,296-b
W97M.Dranus
This malware was reported by: Symantec
W97M.Dranus is a destructive macro virus that deletes files in System folders and infects the Normal.dot file.
Dedler.BD
This malware was reported by: Panda Software
Dedler.BD is a worm that disables the services associated to the firewall and the Windows XP Security Center, Windows Update and several antivirus programs.Additionally, it attempts to connect to several IRC servers and to download a file from the upsee
PWSteal.Reoxtan
This malware was reported by: Symantec
PWSteal.Reoxtan is a Trojan horse program that attempts to steal user names, passwords, and other computer information. It also attempts to lower security settings on the compromised computer.
GuardMon
This malware was reported by: Panda Software
GuardMon is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.GuardMon logs the keystrokes typed by the user, which can be
Backdoor.Graybird.P
This malware was reported by: Symantec
Backdoor.Graybird.P is a Trojan horse program that hides its presence on the compromised computer and downloads remote files.
Adware-AliToolbar
This malware was reported by: Network Associates Inc
EliteBar.A
This malware was reported by: F-Secure
EliteBar is an intrusive adware that utilizes rootkit features to
hide its presence on an affected computer. Originally it was
detected only with adware databases, but we decided to move its
detection into anti-virus databases because of its intrusive
TROJ_CAGER.A
This malware was reported by: Trendmicro
This memory-resident Trojan may be downloaded from the Internet, dropped by another malware, or manually installed by a user.
Adware-FlashTrack
This malware was reported by: Network Associates Inc
Adware-CovenantEyes
This malware was reported by: Network Associates Inc
Cimuz.X
This malware was reported by: Panda Software
Cimuz.X is a Trojan that opens a random port, acting as a backdoor and allowing the affected computer to be used as an HTTP proxy.Then, it connects to several web addresses, in order to notify its author that the computer has been compromised.Cimuz.X is
W32.Spybot.WOE
This malware was reported by: Symantec
W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability
W32.Theals.A@mm
This malware was reported by: Symantec
W32.Theals.A@mm is a mass-mailing worm that sends itself as password protected .zip file. The worm is also able to spread across the local network using a Windows vulnerability and can hide itself using rootkit functionalities. The worm steals confidenti
Fontal.C
This malware was reported by: F-Secure
Doomboot.C
This malware was reported by: F-Secure
Doomboot.C is close variant to Doomboot.A. The major difference between
Doomboot.C and Doomboot.A is that the Doomboot.C does not contain Commwarrior.
Doomboot.C pretends to be an set of camera effects for Nokia phones. But the
installation package
SymbOS.Doomboot.D
This malware was reported by: Symantec
SymbOS.Doomboot.D is a Trojan horse that drops corrupt files. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. By default, the Trojan has the file name "Nokia Camera Effects v1.05 by Dj 6230.sis."
W32.Bobax.AJ@mm
This malware was reported by: Symantec
W32.Bobax.AJ@mm is a mass-mailing worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445. The worm allows a compromised computer to be used a
PE_BOBAX.AG
This malware was reported by: Trendmicro
PE_BOBAX.AG-O
This malware was reported by: Trendmicro
W32.Spybot.WON
This malware was reported by: Symantec
W32.Spybot.WON is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft
Reboot-AP
This malware was reported by: Network Associates Inc
BAT/KillAV
This malware was reported by: Network Associates Inc
This detection is based on a batch script that attempts to trick the user into believing it is a tool that will make their computer run faster.
Once the user taps any keys to continue, the batch script will attempt to delete the following
Sdbot.EXG
This malware was reported by: Panda Software
Sdbot.EXG is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, launch DoS (Denial of Service) attacks, add or remove shared resources, search for
Reboot-AP.bat
This malware was reported by: Network Associates Inc
Eyeveg.G
This malware was reported by: Computer Associates
Description Win32.Eyeveg.G is a worm that spreads via e-mail, and may be ordered by a remote controller to also spread via network shares. It acts as a keylogger, al
PWS-Harvester.gen.b
This malware was reported by: Network Associates Inc
Keylog-SC.inst
This malware was reported by: Network Associates Inc
Adware-CashFiesta
This malware was reported by: Network Associates Inc
Keylog-Iloveukav
This malware was reported by: Network Associates Inc
Petala.A
This malware was reported by: Panda Software
Petala.A is a backdoor that allows to gain remote access to the affected computer in order to carry out actions that compromise the user confidentiality or impede the task performed.Petala.A allows to copy files, end processes, access the compu
Simbag.A
This malware was reported by: Panda Software
Simbag.A is a worm that spreads via the instant messaging program MSN Messenger by sending a copy of itself to all the addresses in the Contact list of this program.Simbag.A creates several links to different web pages of adult content.
Opaserv.Y
This malware was reported by: Panda Software
Opaserv.Y is a worm without destructive effects that only affects Windows Me/98/95 computers.Opaserv.Y spreads to other computers by attacking IP addresses, in which it tries to make copies of itself to the existing shared network drives.
Gaobot.M
This malware was reported by: Panda Software
Gaobot.M is a worm with backdoor characteristics that infects only Windows XP/2000/NT computers. Gaobot.M exploits the RPC DCOM and WebDAV vulnerabilities to spread to as many computers as possible.Gaobot.M also spreads by attempting to copy it
Gibe.C
This malware was reported by: Panda Software
Gibe.C is a worm that spreads via e-mail, through the peer-to-peer (P2P) file sharing program KaZaA, across shared network drives and via IRC and newsgroups.When Gibe.C spreads via e-mail, it can reach the computer in a message with HTML format that perf
Opaserv.X
This malware was reported by: Panda Software
Opaserv.X is a worm without destructive effects that only affects Windows Me/98/95 computers.Opaserv.X spreads to other computers by attacking IP addresses, in which it tries to make copies of itself to the existing shared network drives.
Surfbar.B
This malware was reported by: Panda Software
Surfbar.B is a malware type adware. Originally, the adware is a kind of program licensing, in which the user agrees to install the application and use it without paying, and in return the program will display advertisements and banner
Backterra.B
This malware was reported by: Panda Software
Backterra.B is a worm without destructive effects that spreads through the peer-to-peer (P2P) file sharing program eMule.Backterra.B tricks the user into thinking that it is a key generator for computer applications and games.
Blaster.G
This malware was reported by: Panda Software
Blaster.G is a worm that infects only Windows 2003/XP/2000/NT computers. Blaster.G exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.Blaster.G launches denial of service (DoS) attacks against the window
Reksa.A
This malware was reported by: Panda Software
Reksa.A is a worm without destructive effects that spreads via e-mail in a message with the subject Support Message and the attachment MSNUPDATE.EXE.Once it is run, Reksa.A displays a message on screen.
Adware-FlashGet
This malware was reported by: Network Associates Inc
BackDoor-AXH
This malware was reported by: Network Associates Inc
BackDoor-DR
This malware was reported by: Network Associates Inc
BackDoor-AXI
This malware was reported by: Network Associates Inc
PE_BOBAX.AH
This malware was reported by: Trendmicro
This memory-resident file infector arrives via email. It infects all .EXE files running on an affected system by appending its code. It does not have an infection marker, thus it can reinfect files upon startup.
Worm.Win32.VB.an
This malware was reported by: F-Secure
Worm.Win32.VB.an is a worm that spreads using P2P-networks. It also tries
to disable several applications on infected system.
Redlof
This malware was reported by: F-Secure
SpyEx.A
This malware was reported by: Panda Software
SpyEx.A is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.SpyEx.A logs the typed keystrokes, the programs that are run
WORM_LEWOR.D
This malware was reported by: Trendmicro
Adware-CasOnline
This malware was reported by: Network Associates Inc
SYMBOS_DOOMED.D
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Some of the affected phone models are the following:
Mytob.JA
This malware was reported by: Computer Associates
Description Win32.Mytob.JA is a worm that spreads via e-mail. The worm also acts as an IRC bot, allowing a controller unauthorized access to, and control of the affe
Adware-AZESearch.dr
This malware was reported by: Network Associates Inc
Adware-Ezula
This malware was reported by: Network Associates Inc
Openconnection
This malware was reported by: F-Secure
The Openconnection is a family of Java applet based trojan downloaders,
that infect Internet Explorer through malicous web page that uses Java
classloader byteverify exploit or other vulnerability in Internet Explorer.
These trojans usually download
Linker
This malware was reported by: F-Secure
JS/Linker is a family of trojans that attempt to download and install
other malware to the system. Different variants of this family use various
techniques, such as simple scripts written with Java Script, invisible
frames and spoofed web links.
Adware-DesktopDetect
This malware was reported by: Network Associates Inc
Bagle.cr
This malware was reported by: F-Secure
This Bagle downloader appeared on Sep 9th, 2005. It is very similair
to earlier Bagle variant Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
It has a different set if download URLs and instead of opening up
mspaint.exe, it executes notepad
W32.Mytob.JI@mm
This malware was reported by: Symantec
W32.Mytob.JI@mm is a mass-mailing worm that opens a back door, lowers security settings, and spreads by exploiting vulnerabilities.
TROJ_BAGLE.CR
This malware was reported by: Trendmicro
This Trojan may arrive on a system using a random file name with the CPL extension. Upon execution, it drops a copy of itself as the file CJECTOR.EXE in the Windows folder. This Trojan then executes the said .EXE file.
Trojan.Tooso.M
This malware was reported by: Symantec
Trojan.Tooso.M is a Trojan horse that lowers security settings by ending processes, stopping services, removing registry entries and deleting files.
W32.Bobax!gen
This malware was reported by: Symantec
W32.Bobax!gen is a generic detection that detects variants of W32.Bobax family of worms.
Backdoor.Graybird.Q
This malware was reported by: Symantec
Backdoor.Graybird.Q is a Trojan horse program that hides its presence on the compromised computer and downloads remote files.