WORM_KELVIR.CP
This malware was reported by: Trendmicro


BKDR_MOCBOT.A
This malware was reported by: Trendmicro
 This memory-resident backdoor program takes advantage of a Microsoft Plug and Play vulnerability. The said exploit could allow an attacker to take complete control of an affected system. An attacker could then install programs; view, change, or dele

W32/Mytob-FC
This malware was reported by: Sophos
W32/Mytob-FC is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network. W32/Mytob-FC runs continuously in the background, providing a backdoor server which allows a remote intruder to

W32/Rbot-ASS
This malware was reported by: Sophos
W32/Rbot-ASS is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ASS spreads:to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optixto other network computers b

Bloodhound.Exploit.51
This malware was reported by: Symantec
Bloodhound.Exploit.51 is a heuristic detection for the Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege, as described in Microsoft Security Bulletin MS05-047.

Bloodhound.Exploit.50
This malware was reported by: Symantec
Bloodhound.Exploit.50 is a heuristic detection for the Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (as described in Microsoft Security Bulletin MS05-039).

Adware-SBSoft
This malware was reported by: Network Associates Inc


PWSteal.Tarno.P
This malware was reported by: Symantec
PWSteal.Tarno.P is a password-stealing Trojan horse that attempts to log information entered into Web forms.

Troj/Hanlo-B
This malware was reported by: Sophos
Troj/Hanlo-B is a Trojan for the Windows platform. Troj/Hanlo-B includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Hanlo-B downloads the following files: tBmp107.exe tBmp207.exe tBmp3

W32/Rbot-AST
This malware was reported by: Sophos
W32/Rbot-AST is a worm and backdoor Trojan for the Windows platform. W32/Rbot-AST spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007) and

Mirkov
This malware was reported by: Panda Software
 Mirkov is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Mirkov is used to control the affected computer remotely by me

Cabir.AA
This malware was reported by: F-Secure
Cabir.AA is a variant of SymbOS/Cabir worm that is recompiled from original Cabir source code. Functionally it is very similar to original Cabir, with the exception that it shows image on worm startup. Cabir.AA replicates over bluetooth connection

W32/Rbot-ATC
This malware was reported by: Sophos
W32/Rbot-ATC is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATC spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and WKS (MS03-

W32.Mocbot.A
This malware was reported by: Symantec
W32.Mocbot.A is a worm with back door capabilities that exploits the Microsoft Windows Plug and Play Buffer Overflow vulnerability (as described in Microsoft Security Bulletin MS05-039). Note: Virus definitions dated October 24, 2005 or earlier m

IRCBot.NT
This malware was reported by: Panda Software
 IRCBot.NT is a backdoor that connects to several IRC servers in order to receive remote control commands. It can be instructed to search for computers to affect, launch DoS (Denial of Service) attacks, download files, etc.IRCBot.NT does not spread by its

WORM_LOOKSKY.A
This malware was reported by: Trendmicro
 This worm arrives as an attachment to an email message. It gathers target email addresses from found .HTM files in the personal folder and the Windows address book (.WAB) file. Users who receive the malicious email may think that it comes from a kno

Troj/Midrug-B
This malware was reported by: Sophos
Troj/Midrug-B is a Trojan for the Windows platform. It may attempt to connect to a remote server.

Troj/Dloader-WO
This malware was reported by: Sophos
Troj/Dloader-WO is a downloader Trojan for the Windows platform. The Trojan attempts to download and install further software and disable Microsoft Anti-Spyware. Troj/Dloader-WO may also monitor user activity.

SymbOS.Cabir.V
This malware was reported by: Symantec
SymbOS.Cabir.V is a proof-of-concept worm that propagates through Bluetooth-enabled devices. The worm runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.

W97M_EMBED.C
This malware was reported by: Trendmicro


W97M_EXEDROP.E
This malware was reported by: Trendmicro
 This macro virus arrives on a system attached to a Microsoft Word document file. When an infected document is opened, this macro executes and drops an executable (.EXE) file embedded in it. Trend Micro detects this dropped file as BKDR_LECNA.E.

Mytob.JW
This malware was reported by: Computer Associates


Tompai.B
This malware was reported by: Computer Associates
Description Win32.Tompai.B is a worm that spreads via floppy disks, network shares and by infecting ZIP archives. It has been distributed as a 61,440-byte,Win32 exec

W32.Looksky.A@mm
This malware was reported by: Symantec
W32.Looksky.A@mm is a mass-mailing worm that drops additional threats and lowers security settings on the compromised computer.

W32/Brontok-D
This malware was reported by: Sophos
W32/Brontok-D is an email worm that sends itself to the addresses gathered from the infected computer by searching files with the following extensions: ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB W32/Brontok-D may arrive attached with

Troj/Perda-G
This malware was reported by: Sophos
Troj/Perda-G is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. Troj/Perda-G may attempt to steal confidential information and send it to a remote location via HTTP or email. Troj/Perda-G

W32.Mydoom.FP@mm
This malware was reported by: Symantec
W32.Mydoom.FP@mm is a mass-mailing worm that uses its own SMTP engine to spread by email.

Esbot.M
This malware was reported by: Computer Associates
Description Win32.Esbot.M is a worm that spreads by exploiting the Microsoft Windows Plug and Play service buffer overflow vulnerability. The worm can also be used a

W32/Tilebot-P
This malware was reported by: Sophos
W32/Tilebot-P is a worm and IRC backdoor Trojan for the Windows platform. W32/Tilebot-P spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011) and RPC-DCOM (MS04-012) and b

W32/Rbot-ASH
This malware was reported by: Sophos
W32/Rbot-ASH is a network worm with backdoor Trojan functionality for the Windows platform.

W32/Loosky-A
This malware was reported by: Sophos
W32/Loosky-A is a mass-mailing worm for the Windows platform. When first run W32/Loosky-A copies itself to temp.bak. W32/Loosky-A can spread by sending itself as an email attachment to email addresses harvested from the infected comput

Troj/Feutel-AD
This malware was reported by: Sophos
Troj/Feutel-AD is a backdoor Trojan for the Windows platform.

BKDR_IRCBOT.AW
This malware was reported by: Trendmicro
 This backdoor program does not propagate on its own. However, it usually arrives on a system when a user clicks on a link within an instant message sent via AOL Instant Messenger. The said message contains the following link:

Trojan.Finfanse
This malware was reported by: Symantec
Trojan.Finfanse is a Trojan horse that attempts to capture screenshots of various online games and send them to a predetermined server.

W32/Rbot-APU
This malware was reported by: Sophos
W32/Rbot-APU is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-APU spreads: - to other network computers infected with W32/Sasser - to other network computers by exploiting common buffer overflow vulnerabilities,

W32/Brontok-E
This malware was reported by: Sophos
W32/Brontok-E is a worm that spreads by copying itself to network shares and by emailing itself to addresses harvested from files stored locally. W32/Brontok-E includes functionality to: - modify the HOSTS file in an attempt to preven

WORM_RONTOKBRO.J
This malware was reported by: Trendmicro
 This worm propagates by sending a copy of itself as an attachment to email messages. It gathers target email addresses by searching an affected system for files with certain extensions.

W32/Lerma-A
This malware was reported by: Sophos
W32/Lerma-A is a worm for the Windows platform. W32/Lerma-A can spread to other networked computers. W32/Lerma-A may also overwrite files with the following file extensions with copies of itself: jpg pdf txt rtf bmp zip doc xls

W32/Mytob-FC
This malware was reported by: Sophos
W32/Mytob-FC is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network. W32/Mytob-FC runs continuously in the background, providing a backdoor server which allows a remote intruder to

W97M.Exedrop
This malware was reported by: Symantec
W97M.Exedrop is a Trojan horse that drops and executes a file.

Trojan.Zlob.D
This malware was reported by: Symantec
Trojan.Zlob.D is a Trojan horse that creates an encryption key and can download and execute remote files.

Naiva.A
This malware was reported by: Panda Software
 Naiva.A is a macro Trojan that passes itself off as a Word document containing information about the bird flu epidemic. Once opened, Naiva.A drops the Trojan detected as Ranky.FY. It can also handle files, deleting, modifying or creating them.Naiva.A doe

W32.Looksky.B
This malware was reported by: Symantec
W32.Looksky.B is a Trojan horse program that allows a remote attacker to have unauthorized access to the compromised computer through IRC channels.

Trojan.Popper
This malware was reported by: Symantec
Trojan.Popper is a Trojan horse that displays pop up advertisements and may download and install other threats.

W32/Bozori.worm.a!CME-540
This malware was reported by: Network Associates Inc
Please review the W32/IRCbot.worm!MS05-039  description. Top of Page

BKDR_MOSUCKER.AI
This malware was reported by: Trendmicro
 This memory-resident backdoor drops the file named LSASS.EXE, which is also detected as BKDR_MOSUCKER.AI, into the Fonts folder. This dropped file is used to provide backdoor access to the affected system.

Adware-VCatch
This malware was reported by: Network Associates Inc


W32.Rontokbro.K@mm
This malware was reported by: Symantec
W32.Rontokbro.K@mm is a mass-mailing worm that causes system instability. The email arrives with a blank subject line and an attachment of Kangen.exe.

W32/Rbot-ATE
This malware was reported by: Sophos
W32/Rbot-ATE is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATE spreads to network shares with weak passwords and by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039)

Troj/Hanlo-B
This malware was reported by: Sophos
Troj/Hanlo-B is a Trojan for the Windows platform. Troj/Hanlo-B includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Hanlo-B downloads the following files: tBmp107.exe tBmp207.exe tBmp3

W97M.Nometz.B
This malware was reported by: Symantec
W97M.Nometz.B is a macro virus that infects Microsoft Word documents and uploads Word documents to a remote domain.

Troj/Keylog-AP
This malware was reported by: Sophos
Troj/Keylog-AP is a keylogging Trojan for the Windows platform.

W32/Rbot-ATC
This malware was reported by: Sophos
W32/Rbot-ATC is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATC spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and WKS (MS03-

W32/Agobot-TW
This malware was reported by: Sophos
W32/Agobot-TW is a worm and backdoor Trojan for the Windows platform. W32/Agobot-TW runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer. W32/Agob

Troj/Midrug-B
This malware was reported by: Sophos
Troj/Midrug-B is a Trojan for the Windows platform. It may attempt to connect to a remote server.

Poler.A
This malware was reported by: F-Secure


Virkel.A
This malware was reported by: F-Secure


W32/Chode-J
This malware was reported by: Sophos
W32/Chode-J is a worm with IRC backdoor Trojan functionality. W32/Chode-J attempts to spread via MSN Instant Messenger and AOL Instant Messenger, by sending users a link to a copy of the worm. W32/Chode-J includes functionality to:

Samony.A.worm
This malware was reported by: Panda Software
 Samony.A is a worm with backdoor characteristics that remains listening to port 321, in order to receive control commands, which allow the affected computer to be remotely administrated. It can be instructed to download, run, copy and delete files, list

Samony.A
This malware was reported by: Panda Software
 Samony.A is a worm with backdoor characteristics that remains listening to port 321, in order to receive control commands, which allow the affected computer to be remotely administrated. It can be instructed to download, run, copy and delete files, list

Backdoor.Bifrose.D
This malware was reported by: Symantec
Backdoor.Bifrose.D is a Trojan horse that opens a back door and sends information to a remote server.

W32/Rbot-ATL
This malware was reported by: Sophos
W32/Rbot-ATL is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATL spreads: - to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (M

W32/Brontok-D
This malware was reported by: Sophos
W32/Brontok-D is an email worm that sends itself to the addresses gathered from the infected computer by searching files with the following extensions: ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB W32/Brontok-D may arrive attached with

Muquest.B
This malware was reported by: Computer Associates


Muquest.C
This malware was reported by: Computer Associates


Suclove.A
This malware was reported by: Computer Associates
Description Win32.Suclove.A is a worm that spreads via e-mail and attempts to spread via mIRC. It also contains backdoor functionality that allows unauthorized acces

W32/Agobot-ADS
This malware was reported by: Sophos
W32/Agobot-ADS is a network worm with backdoor Trojan functionality for the Windows platform. W32/Agobot-ADS is capable of spreading to computers on the local network protected by weak passwords. The backdoor component runs continuousl

W32/Tilebot-P
This malware was reported by: Sophos
W32/Tilebot-P is a worm and IRC backdoor Trojan for the Windows platform. W32/Tilebot-P spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011) and RPC-DCOM (MS04-012) and b

Spam-YFakeAccount
This malware was reported by: Network Associates Inc


Troj/Dloader-XF
This malware was reported by: Sophos
Troj/Dloader-XF is a Trojan for the Windows platform.

W32/Loosky-A
This malware was reported by: Sophos
W32/Loosky-A is a mass-mailing worm for the Windows platform. When first run W32/Loosky-A copies itself to temp.bak. W32/Loosky-A can spread by sending itself as an email attachment to email addresses harvested from the infected comput

W32/Rbot-APU
This malware was reported by: Sophos
W32/Rbot-APU is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-APU spreads: - to other network computers infected with W32/Sasser - to other network computers by exploiting common buffer overflow vulnerabilities,

Sdbot.FME
This malware was reported by: Panda Software
 Sdbot.FME is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, obtain Protected Storage service keys, including Outlook or Internet Explorer pass

Troj/Inor-V
This malware was reported by: Sophos
Troj/Inor-V is an HTML script Trojan. Troj/Inor-V drops and runs a file named fiks.exe. This file is detected by Sophos as Troj/Hiddl-C.

W32/Lerma-A
This malware was reported by: Sophos
W32/Lerma-A is a worm for the Windows platform. W32/Lerma-A can spread to other networked computers. W32/Lerma-A may also overwrite files with the following file extensions with copies of itself: jpg pdf txt rtf bmp zip doc xls

W32/Brepibot
This malware was reported by: Network Associates Inc
There are several variants of this worm, and the specific actions taken are decided by the hacker who uses this malware, so this description is meant as a general guide. This detection is for a simple Internet Relay Chat (IRC) bot worm.

WORM_RBOT.CJN
This malware was reported by: Trendmicro
 This memory-resident worm spreads by dropping copies of itself in the default network shares. It uses cached user names and passwords to gain access to these shares. It also uses a long list of generic user names and passwords, apart from those it g

W32/Rbot-ATT
This malware was reported by: Sophos
W32/Rbot-ATT is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATT spreads: - to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix - to other network

W32/Rbot-ATE
This malware was reported by: Sophos
W32/Rbot-ATE is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATE spreads to network shares with weak passwords and by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039)

Trojan.Goldun.G
This malware was reported by: Symantec
Trojan.Goldun.G is a Trojan horse program that steals passwords and bank account details and sends the information to a remote attacker.

W32/Rbot-ATQ
This malware was reported by: Sophos
W32/Rbot-ATQ is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC cha

Troj/Keylog-AP
This malware was reported by: Sophos
Troj/Keylog-AP is a keylogging Trojan for the Windows platform.

Nochod.S
This malware was reported by: Computer Associates


Nochod.Q
This malware was reported by: Computer Associates


Lecna.A
This malware was reported by: Computer Associates


WORM_FANBOT.H
This malware was reported by: Trendmicro
 

Updrop.A:trojan
This malware was reported by: Computer Associates


Troj/Banker-GD
This malware was reported by: Sophos
Troj/Banker-GD is a password stealing Trojan for the Windows platform. Troj/Banker-GD targets the customers of certain Brazilian online banking websites by monitoring browser activity and taking screengrabs.

W32/Agobot-TW
This malware was reported by: Sophos
W32/Agobot-TW is a worm and backdoor Trojan for the Windows platform. W32/Agobot-TW runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer. W32/Agob

W32/Randex-Y
This malware was reported by: Sophos
W32/Randex-Y is a network worm with backdoor capabilities which allows a remote intruder to access and control the computer via IRC channels. W32/Randex-Y chooses IP addresses at random and tries to connect to the IPC$ share using simple

W32/Chode-J
This malware was reported by: Sophos
W32/Chode-J is a worm with IRC backdoor Trojan functionality. W32/Chode-J attempts to spread via MSN Instant Messenger and AOL Instant Messenger, by sending users a link to a copy of the worm. W32/Chode-J includes functionality to:

Troj/Squado-A
This malware was reported by: Sophos
Troj/Squado-A is a downloader Trojan for the Windows platform.

W32/Rbot-ATL
This malware was reported by: Sophos
W32/Rbot-ATL is a worm and IRC backdoor Trojan for the Windows platform. W32/Rbot-ATL spreads: - to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (M

WORM_RBOT.CLC
This malware was reported by: Trendmicro
 The presence of msaconfigurez.exe in the Windows system folder indicates infection of this worm.

W32/Rbot-AUF
This malware was reported by: Sophos
W32/Rbot-AUF is a worm and IRC backdoor for the Windows platform. W32/Rbot-AUF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Agobot-ADS
This malware was reported by: Sophos
W32/Agobot-ADS is a network worm with backdoor Trojan functionality for the Windows platform. W32/Agobot-ADS is capable of spreading to computers on the local network protected by weak passwords. The backdoor component runs continuousl

Troj/Dloader-XF
This malware was reported by: Sophos
Troj/Dloader-XF is a Trojan for the Windows platform.

WORM_MOCBOT.A
This malware was reported by: Trendmicro
 Upon execution, this memory-resident backdoor creates a copy of itself as WUDPCOM.EXE in the Windows system folder, which has an archive attribute. It also drops a non-malicious file DCPROMO.LOG in the %Windows%debug folder.

Spam-Maxy
This malware was reported by: Network Associates Inc


W32/Nemsi.b
This malware was reported by: Network Associates Inc
Nemsi.b is a file infecting virus. It infects Windows portable executable (PE) files on the compromised machine. It is also pre-programmed to prevent the system from booting up on a pre-determined date. Top of Page


Anti virus links

Anti-virus programs
Virus history
Top-100 malware
Svenska
Antivirus programs


Sitemap


Anti virus and malware

  Anti virus