MSIL.Idonut
This malware was reported by: Symantec
MSIL.Idonus is an overwriter virus that copies itself over .exe files. It works only on Microsoft .NET Framework 2.0, which is included by default in Windows Vista beta 1, but is also available as an add-on for Windows 2000, XP, and 2003. Note: Virus de

Bloodhound.Exploit.49
This malware was reported by: Symantec
Bloodhound.Exploit.49 is a heuristic detection for the Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (as described in MS05-048). The Bloodhound.Exploit.49 detection does not cover all attack vectors of this vul

PE_DONUT.B
This malware was reported by: Trendmicro
 Upon execution, this file infector creates a list of folders found in drive C of an affected system. From the said list, it randomly chooses one folder, where it drops a copy of itself. It overwrites all .EXE files in the said folder. Executable, or

W32.Spybot.YQW
This malware was reported by: Symantec
W32.Spybot.YQW is a network-aware worm that opens a back door on the compromised computer.

PE_NOFACE.B
This malware was reported by: Trendmicro
 This memory-resident PE (portable executable) virus searches for all executable (.EXE) files found in C: and its subfolders before infecting. It then creates a file with the exact name of the host file but only prepended with the character "_". T

WORM_RONTOKBRO.E
This malware was reported by: Trendmicro
 This memory-resident worm drops several copies of itself into various folder locations on the affected system. It then overwrites the file AUTOEXEC.BAT, which is located in C:, with the following string:

WORM_MYTOB.LM
This malware was reported by: Trendmicro
 This memory-resident worm arrives as an attachment to email messages. The email message usually poses as an account notification in order to trick a user into downloading and executing the attachment.

SYMBOS_COMWAR.C
This malware was reported by: Trendmicro
 This Symbian malware affects mobile devices running on Symbian OS Series 60 platform.

WORM_MYTOB.LN
This malware was reported by: Trendmicro
 Upon execution, this memory-resident worm drops a copy of itself as WID32.EXE in the Windows system folder.

WORM_MYTOB.LP
This malware was reported by: Trendmicro
 This memory-resident worm arrives as an attachment to email messages. The email message usually poses as an account notification in order to trick a user into downloading and executing the attachment.

W32.Mytob.KR@mm
This malware was reported by: Symantec
W32.Mytob.KR@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

W32.Mytob.KU@mm
This malware was reported by: Symantec


WORM_MYTOB.LR
This malware was reported by: Trendmicro
 This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

WORM_MYTOB.LS
This malware was reported by: Trendmicro


Mytob.JP
This malware was reported by: Computer Associates


Mytob.JS
This malware was reported by: Computer Associates
Description Win32.Mytob.JS is a worm that spreads via e-mail. It also acts as an IRC bot, allowing a controller unauthorized acccess to the affected machine. It has

Mytob.JL
This malware was reported by: Computer Associates


Mytob.JM
This malware was reported by: Computer Associates


WORM_FANBOT.A
This malware was reported by: Trendmicro
 This worm spreads copies of itself as an attachment to email messages that it sends to target recipients, using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, it does not need other applications, such as Microsoft Outlook, to send out

MSIL.Idonus
This malware was reported by: Symantec
MSIL.Idonus is an overwriter virus that copies itself over .exe files. It works only on Microsoft .NET Framework 2.0, which is included by default in Windows Vista beta 1, but is also available as an add-on for Windows 2000, XP, and 2003. Note: Virus de

MS05-045
This malware was reported by: Panda Software


MS05-044
This malware was reported by: Panda Software


W32/Tenrobot.b
This malware was reported by: Network Associates Inc
Like its precedent , this virus variant affects Windows (PE) executable files. It propagates by infecting EXE files on local Win9x/ME systems; appending viral code to the end of files, and modifying the entry point to run the virus code fir

TROJ_SSPLOIT.A
This malware was reported by: Trendmicro


Sdbot.FJA
This malware was reported by: Panda Software
 Sdbot.FJA is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, obtain Protected Storage service keys, including Outlook or Internet Explorer pass

Adware-SearchMore
This malware was reported by: Network Associates Inc


Adware-QwertSearch
This malware was reported by: Network Associates Inc


WORM_DABORA.A
This malware was reported by: Trendmicro
 This memory-resident worm arrives on an affected system via email. Upon execution, it drops a copy of itself as UPDATEXP.EXE in the Windows system folder.

SvrAny.A
This malware was reported by: Panda Software
 SvrAny.A is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.SvrAny.A can manage services from the command line. As a res

W32.Fanbot.A@mm
This malware was reported by: Symantec
W32.Fanbot.A@mm is a mass-mailing worm that lowers security settings on the compromised computer. It also spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) and th

WORM_RONTOKBRO.F
This malware was reported by: Trendmicro
 This worm propagates by sending a copy of itself as an attachment to email messages. It gathers target email addresses by searching an affected system for files with certain extensions.

W32.Mytob.LD@mm
This malware was reported by: Symantec
W32.Mytob.LD@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

WORM_FANBOT.B
This malware was reported by: Trendmicro
 This worm spreads copies of itself as an attachment to email messages that it sends to target recipients, using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, it does not need other applications, such as Microsoft Outlook, to send out e

Mytob.JT
This malware was reported by: Computer Associates
Description Win32.Mytob.JT is a worm that spreads via e-mail. It also acts as an IRC bot, allowing a controller unauthorized acccess to the affected machine. It has

Adware-WorldSearch
This malware was reported by: Network Associates Inc


WORM_FANBOT.C
This malware was reported by: Trendmicro
 This worm spreads copies of itself as an attachment to email messages that it sends to target recipients, using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, it does not need other applications, such as Microsoft Outlook, to send out e

WORM_MYTOB.LV
This malware was reported by: Trendmicro
 This worm propagates by sending a copy of itself as an attachment to email messages it sends using its own Simple Mail Transfer Protocol. Hence, it does not need a mail application like, Microsoft Outlook to send email messages.

WORM_MYTOB.LW
This malware was reported by: Trendmicro
 Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, it does not

Exploit-Ssploit
This malware was reported by: Network Associates Inc


W32.Mytob.LE@mm
This malware was reported by: Symantec


W32.Dabora.A@mm
This malware was reported by: Symantec
W32.Dabora.A@mm is a mass-mailing worm that mimics financial Web sites and downloads a Bancos variant.

WORM_MYTOB.LY
This malware was reported by: Trendmicro
 Like other WORM_MYTOB variants, this polymorphic worm spreads by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

WORM_DREFIR.F
This malware was reported by: Trendmicro
 Like earlier DREFIR variants, this memory-resident worm has the capability to spread via email and Internet Relay Chat (IRC).

W32.Loxbot.A
This malware was reported by: Symantec
W32.Loxbot.A is a worm that opens a back door and can receive commands from a remote attacker. It can spread using AOL Instant Messenger. The worm also uses rootkit capabilities to hide its process in memory.

Oneraw Family
This malware was reported by: Computer Associates


TROJ_JUNY.A
This malware was reported by: Trendmicro
 When executed, this memory-resident Trojan encrypts files with certain extensions names on the affected system using a special encryption routine. It lists the files it encrypts in a text file named ÏÈÇÄÅÖ Ê ÂÀÌ Â ÃÎÑÒÈ!.TXT, which roughly translate

Adware-HalfLemon
This malware was reported by: Network Associates Inc


Adware-ToolbarCC
This malware was reported by: Network Associates Inc


WORM_FANTOB.E
This malware was reported by: Trendmicro


Adware-Fastlook
This malware was reported by: Network Associates Inc


WORM_FANBOT.E
This malware was reported by: Trendmicro
 Upon execution, this memory-resident worm displays the following fake error message to trick users into thinking that the file did not run on an affected system:

Mytob.KN
This malware was reported by: Panda Software
 Mytob.KN is a worm with backdoor characteristics that connects to an IRC server in order to receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging to several security tools, such as ant

WORM_MYTOB.LZ
This malware was reported by: Trendmicro
 Similar to other MYTOB variants, this memory-resident worm spreads copies of itself as an attachment to an email message that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, this worm does not need a m

Net-Worm.Win32.Mytob.bi
This malware was reported by: F-Secure


AKeyLogger
This malware was reported by: Panda Software
 AKeyLogger is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.AKeyLogger logs the keystrokes typed by the user, which ca

ActiKeyLogger
This malware was reported by: Panda Software
 ActiKeyLogger is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.ActiKeyLogger logs the keystrokes typed by the user, wh

WORM_MYTOB.MB
This malware was reported by: Trendmicro
 Upon execution, this memory-resident worm drops a copy of itself as TASKGMR.EXE in the Windows system folder. It also drops the file HELLMSN.EXE in the root folder (usually C:), which is detected by Trend Micro as WORM_MYTOB.J.

WORM_COMBRA.G
This malware was reported by: Trendmicro
 

WORM_FANBOT.F
This malware was reported by: Trendmicro
 Upon execution, this memory-resident worm displays the following fake error message to trick users into thinking that the file did not run on an affected system:

WORM_MYTOB.MD
This malware was reported by: Trendmicro
 Upon execution, this memory-resident worm drops a copy of itself in the Windows system folder as MSCDVVS.EXE.

W32/Mytob.gr@MM
This malware was reported by: Network Associates Inc
This detection is for a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality.  This variant spreads via email, P2P sharing applications, and the MS05-039 vulnerability . Email attachments sent by t

PWSteal.Tarno.O
This malware was reported by: Symantec
PWSteal.Tarno.O is a password-stealing Trojan horse program that attempts to log information entered into Web forms.

TROJ_JUNY.B
This malware was reported by: Trendmicro
 Like its predecessor, TROJ_JUNY.A, this Trojan encrypts files of certain types, such as Microsoft Word documents, HTML files, text files, and ZIP files, so that they can no longer be opened or executed by an affected user.

W32.Spybot.YXX
This malware was reported by: Symantec
W32.Spybot.YXX is a network-aware worm that opens a back door on the compromised computer. It spreads by exploiting common system vulnerabilities. The worm is also dropped by W32.Botter.A@mm.

W32.Botter.A@mm
This malware was reported by: Symantec
W32.Botter.A@mm is a mass-mailing worm that also spreads through IRC. It also drops W32.Spybot.YXX, and inserts itself into rar archives.

SymbOS.Commwarrior.C
This malware was reported by: Symantec
SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file nam

Trojan.Gamqowi
This malware was reported by: Symantec
Trojan.Gamqowi is a Trojan horse that opens a back door and lowers security settings on the compromised computer. It also attempts to end security-related processes.

DNSChanger.a
This malware was reported by: Network Associates Inc


TROJ_YABE.B
This malware was reported by: Trendmicro
 This memory-resident Trojan propagates via email messages sent by a remote malicious user. It cunningly disguises itself as a legitimate email message from the popular online auction site Ebay.

Swizzor
This malware was reported by: Network Associates Inc


TROJ_DLOADER.AJQ
This malware was reported by: Trendmicro
 This Trojan arrives on a system as a downloaded file of TROJ_YABE.B. It registers itself as a service with the name AVP UPDATE IONTERFACE A6.

WORM_NETSKY.AN
This malware was reported by: Trendmicro


New Malware.u
This malware was reported by: Network Associates Inc


WORM_GOLDUN.B
This malware was reported by: Trendmicro
 This memory-resident worm usually arrives on an affected system as a downloaded file of TROJ_DLOADER.AJQ. When executed, it drops copies of itself in the Windows system folder using several attractive file names.

QHosts-47!hosts
This malware was reported by: Network Associates Inc


WeatherBug
This malware was reported by: Panda Software
 WeatherBug is a program that installs the application called MyWay on the affected computer.Additionally, WeatherBug creates in the Desktop a shortcut that, if double-clicked, directs users to a certain website that entices them into contracting Netscape

Doombot.B
This malware was reported by: F-Secure
Doombot.B is a mass-mailer with IRC bot capabilities. It is very similair to original Mytob family of worms, combining functionality of Mydoom and IRC bot. The infected messages comes with subjects like "Notice of account limitation", "

Gaobot.KRM
This malware was reported by: Panda Software
 Gaobot.KRM is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to log keystrokes, send spam, launch DoS (Denial of Service) attacks, download files, etc.This worm also end

Backdoor.Darkmoon.B
This malware was reported by: Symantec
Backdoor.Darkmoon.B is a Trojan horse that opens a back door on a compromised computer and has keylogging capabilities.

WORM_SDBOT.CMJ
This malware was reported by: Trendmicro
 This worm propagates via network shares. It drops a copy of itself in certain default network shares.

TROJ_DLOADER.AKR
This malware was reported by: Trendmicro
 This TROJ_DLOADER variant arrives on a system as a dropped file of VBS_DROPPER.AC.

Toxbot
This malware was reported by: F-Secure


Backdoor.Hesive.dr
This malware was reported by: Symantec
Backdoor.Hesive.dr is a malformed Microsoft Access database file that uses an exploit to drop Backdoor.Hesive.

PWSteal.Wowcraft.B
This malware was reported by: Symantec
PWSteal.Wowcraft.B is a password-stealing Trojan horse that attempts to steal passwords for the World of Warcraft game and send them to a remote attacker.

Troj/Feutel-AD
This malware was reported by: Sophos
Troj/Feutel-AD is a backdoor Trojan for the Windows platform.

W32/Rbot-ASH
This malware was reported by: Sophos
W32/Rbot-ASH is a network worm with backdoor Trojan functionality for the Windows platform.

Troj/Perda-G
This malware was reported by: Sophos
Troj/Perda-G is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. Troj/Perda-G may attempt to steal confidential information and send it to a remote location via HTTP or email. Troj/Perda-G

Troj/Dloader-WO
This malware was reported by: Sophos
Troj/Dloader-WO is a downloader Trojan for the Windows platform. The Trojan attempts to download and install further software and disable Microsoft Anti-Spyware. Troj/Dloader-WO may also monitor user activity.

Troj/Paymite-B
This malware was reported by: Sophos
Troj/Paymite-B is a Start Page Trojan.

W32/Rbot-AST
This malware was reported by: Sophos
W32/Rbot-AST is a worm and backdoor Trojan for the Windows platform. W32/Rbot-AST spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007) and

W32/Rbot-ASS
This malware was reported by: Sophos
W32/Rbot-ASS is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ASS spreads:to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optixto other network computers b

W32/Rbot-ANK
This malware was reported by: Sophos
W32/Rbot-ANK is a worm with backdoor functionality for the Windows platform. W32/Rbot-ANK spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS

W32/Rbot-ASI
This malware was reported by: Sophos
W32/Rbot-ASI is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ASI can spread to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS

Trojan.Elzio.A
This malware was reported by: Symantec
Trojan.Elzio.A is a Trojan horse program that sends out personal information gathered from a compromised computer.

Promobot
This malware was reported by: Network Associates Inc
-- Update Oct 23, 2005 -- After further analysis, AVERT has confirmed that this threat does not exploit MS05-047, but rather MS05-039.  Initial analysis suggested the MS05-047 was being exploited due to similarities between those exploits

IRC-Mocbot
This malware was reported by: Network Associates Inc
-- Update Oct 23, 2005 -- After further analysis, AVERT has confirmed that this threat does not exploit MS05-047, but rather MS05-039.  Initial analysis suggested the MS05-047 was being exploited due to similarities between those exploits

Mocbot.A
This malware was reported by: F-Secure
Mocbot is an IRC bot that can spread using a vulnerability in Windows Plug and Play service (MS05-039).

Backdoor.Eparssa
This malware was reported by: Symantec
Backdoor.Eparssa is a Trojan horse that opens a back door on a compromised computer.

W32/Brontok-E
This malware was reported by: Sophos
W32/Brontok-E is a worm that spreads by copying itself to network shares and by emailing itself to addresses harvested from files stored locally. W32/Brontok-E includes functionality to: - modify the HOSTS file in an attempt to preven

W32/Rbot-ANK
This malware was reported by: Sophos
W32/Rbot-ANK is a worm with backdoor functionality for the Windows platform. W32/Rbot-ANK spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS


Anti virus links

Anti-virus programs
Virus history
Top-100 malware
Svenska
Antivirus programs


Sitemap


Anti virus and malware

  Anti virus