WORM_MOCBOT.A
This malware was reported by: Trendmicro
Upon execution, this memory-resident backdoor creates a copy of itself as WUDPCOM.EXE in the Windows system folder, which has an archive attribute. It also drops a non-malicious file DCPROMO.LOG in the %Windows%debug folder.
Spam-Maxy
This malware was reported by: Network Associates Inc
W32/Nemsi.b
This malware was reported by: Network Associates Inc
Nemsi.b is a file infecting virus. It infects Windows portable executable (PE) files on the compromised machine. It is also pre-programmed to prevent the system from booting up on a pre-determined date.
Top of Page
Troj/Agent-EU
This malware was reported by: Sophos
Troj/Agent-EU is a Trojan for the Windows platform.
Troj/Agent-EU can steal information and may attempt to hide its files. The Trojan can make contact with a remote internet site, and may be used in DDoS attacks.
BackDoor-CVK
This malware was reported by: Network Associates Inc
W32/Rbot-AUL
This malware was reported by: Sophos
W32/Rbot-AUL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AUL spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network
Troj/Inor-V
This malware was reported by: Sophos
Troj/Inor-V is an HTML script Trojan.
Troj/Inor-V drops and runs a file named fiks.exe. This file is detected by Sophos as Troj/Hiddl-C.
Troj/Dagonit-A
This malware was reported by: Sophos
Troj/Dagonit-A is a multicomponent backdoor Trojan for the Windows platform that allows unauthorized remote access through the randomly open TCP port.
The Trojan creates a user account with the name Service thas is used by the intruder to
W32/Rbot-ATT
This malware was reported by: Sophos
W32/Rbot-ATT is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATT spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network
WORM_OPANKI.AC
This malware was reported by: Trendmicro
This memory-resident worm spreads through network shares and AOL Instant Messenger (AIM). To spread through network shares, this worm lists down available network shares, then drops a copy of itself to certain locations if accessible. It gathers cac
KIX_IXLAM.A
This malware was reported by: Trendmicro
This virus infects all .KIX files found in the current folder by appending its code to a target file.
BKDR_BREPLIBOT.B
This malware was reported by: Trendmicro
Upon execution, this memory-resident backdoor drops a copy of itself as CSMSV.EXE in the Windows system folder.
Troj/Bancban-HA
This malware was reported by: Sophos
Troj/Bancban-HA is an internet banking Trojan for the Windows platform.
W32/Rbot-ATQ
This malware was reported by: Sophos
W32/Rbot-ATQ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC cha
Backdoor.Sedepex
This malware was reported by: Symantec
Backdoor.Sedepex is a Trojan horse that opens a back door on the compromised computer allowing a remote attacker to have unauthorized access, and ends various security-related processes.
WORM_MYTOB.KQ
This malware was reported by: Trendmicro
Upon execution, this memory-resident worm drops a copy of itself as INTERNET.EXE in the Windows system folder. The said file name is designed to trick users into thinking that this worm runs the Internet Explorer application.
Troj/Dloader-XQ
This malware was reported by: Sophos
Troj/Dloader-XQ is a Trojan for the Windows platform.
Troj/Dloader-XQ attempts to disable security related software.
Troj/Banker-GD
This malware was reported by: Sophos
Troj/Banker-GD is a password stealing Trojan for the Windows platform.
Troj/Banker-GD targets the customers of certain Brazilian online banking websites by monitoring browser activity and taking screengrabs.
W32.Loxbot.B
This malware was reported by: Symantec
W32.Loxbot.B is a network-aware worm with back door capabilities that can also spread using AOL Instant Messenger.
Backdoor.Civcat
This malware was reported by: Symantec
Backdoor.Civcat is a Trojan horse that opens a back door on the compromised computer, allowing a remote attacker to have unauthorized access.
W32/Rbot-AUQ
This malware was reported by: Sophos
W32/Rbot-AUQ is a worm and IRC backdoor for the Windows platform.
W32/Rbot-AUQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Randex-Y
This malware was reported by: Sophos
W32/Randex-Y is a network worm with backdoor capabilities which allows a remote intruder to access and control the computer via IRC channels.
W32/Randex-Y chooses IP addresses at random and tries to connect to the IPC$ share using simple
W32.Mytob.LM@mm
This malware was reported by: Symantec
W32.Mytob.LM@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also spreads through network shares and by exploiting the Microsoft Windows Local Security Author
Troj/Squado-A
This malware was reported by: Sophos
Troj/Squado-A is a downloader Trojan for the Windows platform.
W32/Mytob-EJ
This malware was reported by: Sophos
W32/Mytob-EJ is a mass-mailing worm and backdoor Trojan for the Windows platform.
W32/Mytob-EJ is capable of spreading through email. Email sent by W32/Mytob-EJ has the following properties:
Subject line chosen from:
Your Account is
W32/Rbot-AUF
This malware was reported by: Sophos
W32/Rbot-AUF is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AUF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC cha
W32/Poebot-P
This malware was reported by: Sophos
W32/Poebot-P is a worm for the Windows platform.
KIX.Ixlam.A
This malware was reported by: Symantec
KIX.Ixlam.A is a virus that infects .KIX files on the compromised computer.
W32/Mytob-FF
This malware was reported by: Sophos
W32/Mytob-FF is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-FF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, inclu
Troj/Agent-EU
This malware was reported by: Sophos
Troj/Agent-EU is a Trojan for the Windows platform.
Troj/Agent-EU can steal information and may attempt to hide its files. The Trojan can make contact with a remote internet site, and may be used in DDoS attacks.
Troj/ParDrop-A
This malware was reported by: Sophos
Troj/ParDrop-A is a dropper Trojan for the Windows platform.
When first run, Troj/ParDrop-A creates the following files (these files have their read-only, hidden file attributes set):
<System>explore.exe - detected as Troj/ParDr
W32/Rbot-AUL
This malware was reported by: Sophos
W32/Rbot-AUL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AUL spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network
MS05-013
This malware was reported by: F-Secure
XCP DRM Software
This malware was reported by: F-Secure
Extended Copy Protection (XCP) is a CD/DVD copy protection technology
created by First 4 Internet Ltd. XCP has been used to protect some audio
CDs released by Sony BMG Music Entertainment. The XCP protected disks
contain digital rights management (DR
Troj/Dagonit-A
This malware was reported by: Sophos
Troj/Dagonit-A is a multicomponent backdoor Trojan for the Windows platform that allows unauthorized remote access through the randomly open TCP port.
The Trojan creates a user account with the name Service thas is used by the intruder to
Troj/Paymite-C
This malware was reported by: Sophos
Troj/Paymite-C is a Trojan for the Windows platform.
Troj/Bancban-HA
This malware was reported by: Sophos
Troj/Bancban-HA is an internet banking Trojan for the Windows platform.
TROJ_BAGLE.AB
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
W32/Bagle.dk@MM
This malware was reported by: Network Associates Inc
W32/Bagle.dl@MM
This malware was reported by: Network Associates Inc
W32/Bagle.dk
This malware was reported by: Network Associates Inc
W32/Bagle.dl
This malware was reported by: Network Associates Inc
W32.Magflag.B
This malware was reported by: Symantec
W32.Magflag.B is a Trojan horse that downloads and executes remote files and lowers security settings on the compromised computer.
Troj/BagleDl-W
This malware was reported by: Sophos
Troj/BagleDl-W is a Trojan for the Windows platform.
Troj/Dloader-XQ
This malware was reported by: Sophos
Troj/Dloader-XQ is a Trojan for the Windows platform.
Troj/Dloader-XQ attempts to disable security related software.
W32.Lodear.A@mm
This malware was reported by: Symantec
Trojan.Lodear is a Trojan horse that attempts to download remote files.
Note:
Further investigation has revealed that this threat is not a worm and all references to the mass-mailing component have been removed.
Virus definitions dated prior to Novemb
W32.Spybot.ZIF
This malware was reported by: Symantec
W32.Spybot.ZIF is a network-aware worm that opens a back door on the compromised computer. It spreads by exploiting common system vulnerabilities.
Mitglieder.FK
This malware was reported by: Panda Software
Mitglieder.FK is a Trojan that attempts to download and run a file from different websites on the affected computer every four hours.Mitglieder.FK injects the executable file HLEADER_DLL.DLL in the system process EXPLORER.EXE, in order to carry out its a
Troj/Goldun-AK
This malware was reported by: Sophos
Troj/Goldun-AK is a Trojan for the Windows platform.
The Trojan steals login credentials entered into web forms related to certain financial institutions.
W32/Bagle.dm
This malware was reported by: Network Associates Inc
WORM_MYTOB.KS
This malware was reported by: Trendmicro
Like other WORM_MYTOB variants, this worm spreads by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
Bagle.CW
This malware was reported by: Computer Associates
Description Win32.Bagle.CW is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Glieder.BZ
This malware was reported by: Computer Associates
Description Win32.Glieder.BZ is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,7
Glieder.CA
This malware was reported by: Computer Associates
Description Win32.Glieder.CA is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 13,
Glieder.CB
This malware was reported by: Computer Associates
Description Win32.Glieder.CB is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 10,
W32/Rbot-AWB
This malware was reported by: Sophos
W32/Rbot-AWB is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-AWB can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-AWB can be instructed by a remote user t
W32/Mytob-EJ
This malware was reported by: Sophos
W32/Mytob-EJ is a mass-mailing worm and backdoor Trojan for the Windows platform.
W32/Mytob-EJ is capable of spreading through email. Email sent by W32/Mytob-EJ has the following properties:
Subject line chosen from:
Your Account is
W32.Vig.C
This malware was reported by: Symantec
W32.Vig.C is a virus that copies itself to local drives as well as floppy disks.
Trojan.Lodear.A
This malware was reported by: Symantec
W32/Mytob-FH
This malware was reported by: Sophos
W32/Mytob-FH is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-FH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the compute
W32/Poebot-P
This malware was reported by: Sophos
W32/Poebot-P is a worm for the Windows platform.
Trojan.Lodear
This malware was reported by: Symantec
Trojan.Lodear is a Trojan horse that attempts to download remote files.
Note:
Further investigation has revealed that this threat is not a worm and all references to the mass-mailing component have been removed.
Virus definitions dated prior to Novemb
Bagle.EG
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 1st, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as T_535475.EXE. This dropper and downloader are
quite similar to the variant that appeared earlier:
h
Bagle.EF
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 1st, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as TEXT.EXE. This dropper and downloader are
quite similar to the variant that appeared earlier:
http:
Bagle.EE
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 1st, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as LOADER.EXE.
W32/Oscabot-N
This malware was reported by: Sophos
W32/Oscabot-N is an instant messaging worm that can exploit users of AOL Instant Messaging clients.
W32/Oscabot-N will attempt to locate the Aim application and use it to send web links to other users.
W32/Mytob-FF
This malware was reported by: Sophos
W32/Mytob-FF is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-FF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, inclu
W32.Mytob.LO@mm
This malware was reported by: Symantec
TROJ_DLOADER.AMC
This malware was reported by: Trendmicro
A Trojan application is a malware with no capability to spread into other systems. It usually arrives on an affected system bundled with other malware. Affected users may also download and install a Trojan on their system without knowledge of its ma
W32.Beagle.CN@mm
This malware was reported by: Symantec
W32.Beagle.CN@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Lodear. The worm also opens a back door on the compromised computer on TCP port 80 and lowers security settings.
Bagle.EB
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 2nd, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as TEXT5546.EXE. This dropper and downloader are
quite similar to the variant that appeared yesterday:
Bagle.EI
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 2nd, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as 1.EXE. As in all previous cases, the dropper
was sent inside a ZIP archive. This dropper and downloa
Trojan.Lodear.B
This malware was reported by: Symantec
W32.Monikey
This malware was reported by: Symantec
Backdoor.Toob.A
This malware was reported by: Symantec
Backdoor.Toob.A is a Trojan horse that opens a back door and allows a remote attacker to perform unauthorized actions on the compromised computer.
Backdoor.Ranky.V
This malware was reported by: Symantec
Backdoor.Ranky.V is a Trojan horse that allows a compromised computer to be used as a covert proxy.
W32.Monikey@mm
This malware was reported by: Symantec
W32.Monikey@mm is a mass-mailing worm that sends an email containing potentially malicious link to email addresses gathered from the compromised computer and also spreads via file-sharing networks. The worm may also attempt to lower security settings and
Trojan.Lodav.A
This malware was reported by: Symantec
W32/Bagle.dn
This malware was reported by: Network Associates Inc
Glieder.CC
This malware was reported by: Computer Associates
Description Win32.Glieder.CC is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,6
Glieder.CD
This malware was reported by: Computer Associates
Description Win32.Glieder.CD is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,8
Fantibag.H
This malware was reported by: Computer Associates
Description Win32.Fantibag.H is a trojan that creates filters for IPv4 packets to block access to many and varied antivirus company domains. This trojan may be downl
WORM_RBOT.CMR
This malware was reported by: Trendmicro
This memory-resident worm propagates across networks by dropping a copy of itself into network shares. It logs on to password-protected systems using a list of user names and passwords.
WORM_BAGLE.BS
This malware was reported by: Trendmicro
This worm propagates via email messages. It gathers target recipients from the contacts listed in the Windows Address Book of an affected system. It then sends out emails with a copy of TROJ_BAGLE.AB as an attachment to the collected contacts list.
WORM_BAGLE.BQ
This malware was reported by: Trendmicro
This worm propagates via email messages. It gathers target recipients from the contacts listed in the Windows Address Book of an affected system. It then sends out emails with a copy of TROJ_BAGLE.AB as an attachment to the collected contacts list.
Mitglieder.FN
This malware was reported by: Panda Software
Mitglieder.FN is a Trojan that attempts to download and run a file from different websites on the affected computer.Mitglieder.FN injects the executable file HLEADER_DLL.DLL in the system process EXPLORER.EXE, in order to carry out its actions.Mitglieder
Mitglieder.FM
This malware was reported by: Panda Software
Mitglieder.FM is a Trojan that prevents the user from accessing several websites, mostly belonging to antivirus companies, disables several system services, deletes certain files and several Windows Registry editing tools, etc.Mitglieder.FM injects the e
Mitglieder.FL
This malware was reported by: Panda Software
Mitglieder.FL is a Trojan that attempts to download and run a file from different websites on the affected computer.Mitglieder.FL injects the executable file HLEADER_DLL.DLL in the system process EXPLORER.EXE, in order to carry out its actions.Mitglieder
Packed
This malware was reported by: F-Secure
Bagle.EK
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 3rd, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as 5.EXE. As in all previous cases, the dropper
was sent inside a ZIP archive. This dropper and downloa
Trojan.Lodear.C
This malware was reported by: Symantec
W32/Bagle.gen!0070D9DB
This malware was reported by: Network Associates Inc
Backdoor.Zagaban
This malware was reported by: Symantec
Backdoor.Zagaban is a Trojan horse that allows the compromised computer to be used as a covert proxy.
Trojan.Bankem
This malware was reported by: Symantec
Trojan.Bankem is a Trojan horse that searches for certain strings in Internet Explorer windows related to online banking Web sites. It then attempts to steal sensitive information.
Bagle.FN
This malware was reported by: Panda Software
Bagle.FN is a worm that sends a copy of the Trojan Mitglieder.FK to all the email addresses it manages to harvest from the affected computer.Bagle.FN attempts to download and run two different files from several websites.Additionally, it deletes entries
W32.Beagle.CO@mm
This malware was reported by: Symantec
Trojan.Lodear.D is a Trojan horse that attempts to lower security settings on the compromised computer.
Note: Virus definitions dated November 4, 2005 or earlier may detect this threat as W32.Beagle.CO@mm.
Glieder.CE
This malware was reported by: Computer Associates
Description Win32.Glieder.CE is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 10,
Ilomo.A
This malware was reported by: Computer Associates
Bagle.CX
This malware was reported by: Computer Associates
Description Win32.Bagle.CX is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
WORM_RONTOKBRO.L
This malware was reported by: Trendmicro
This memory-resident worm propagates by sending a copy of itself as an attachment to email messages. It gathers target email addresses by searching an affected system for files with certain extensions.