W32/Mytob-FI
This malware was reported by: Sophos
W32/Mytob-FI is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network. W32/Mytob-FI spreads through email. W32/Mytob-FI harvests email addresses from files on the infected computer an

Troj/WowPWS-A
This malware was reported by: Sophos
Troj/WowPWS-A is a password stealing Trojan for the Windows platform. Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal account details.

W32/Bagle-BS
This malware was reported by: Sophos
W32/Bagle-BS is a worm for the Windows platform. W32/Bagle-BS sends a ZIP file as an email attachment. The ZIP file contains an executable detected as Troj/BagleDl-W. When run, this executable attempts to download further files, which may

Troj/BagleDl-AB
This malware was reported by: Sophos
Troj/BagleDl-AB is a Trojan for the Windows platform. When first run Troj/BagleDl-AB copies itself to <System>hloader_exe.exe and creates the file <System>hleader_dll.dll. Both these files are detected as Troj/BagleDl-AB.

W32/Esbot-B
This malware was reported by: Sophos
W32/Esbot-B is a worm and IRC backdoor Trojan for the Windows platform. W32/Esbot-B will connect to an IRC channel and wait for instructions.

Troj/Bancban-HE
This malware was reported by: Sophos
Troj/Bancban-HE is an internet banking Trojan for the Windows platform.

W32/Tilebot-AP
This malware was reported by: Sophos
W32/Tilebot-AP is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels. W32/Tilebot-AP spreads to network s

Troj/BagleDl-Y
This malware was reported by: Sophos
Troj/BagleDl-Y downloads files from a number of remote websites and executes them.

Troj/BagleDl-AA
This malware was reported by: Sophos
Troj/BagleDl-AA is a Trojan for the Windows platform. Troj/BagleDl-AA attempts to terminate processes and services, delete files and registry entries, and block access to URLs related to anti-virus and security programs.

Troj/BagleDl-Z
This malware was reported by: Sophos
Troj/BagleDl-Z downloads files from a number of remote websites and executes them.

Mitglieder.FO
This malware was reported by: Panda Software
 Mitglieder.FO is a Trojan that attempts to download and run a file from different websites on the affected computer.Mitglieder.FO injects the executable file HLEADER_DLL.DLL in the system process EXPLORER.EXE, in order to carry out its actions.Mitglieder

TROJ_DNSCHANGE.F
This malware was reported by: Trendmicro
 This Trojan may arrive on an affected system as an attachment to email messages, which may be downloaded by affected users without knowledge of its malicious content.

Troj/Haxdoor-AN
This malware was reported by: Sophos
Troj/Haxdoor-AN is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. Troj/Haxdoor-AN includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Haxdoor

Troj/BagleDl-AA
This malware was reported by: Sophos
Troj/BagleDl-AA is a Trojan for the Windows platform. Troj/BagleDl-AA attempts to terminate processes and services, delete files and registry entries, and block access to URLs related to anti-virus and security programs.

Mitglieder.FP
This malware was reported by: Panda Software
 Mitglieder.FP is a Trojan that prevents the user from accessing several websites, mostly belonging to antivirus companies, disables several system services, deletes certain files and several Windows Registry editing tools, etc.Mitglieder.FP injects the e

Troj/Bankash-L
This malware was reported by: Sophos
Troj/Bankash-L is a password-stealing Trojan for the Windows platform. Troj/Bankash-L attempts to steal user passwords and information, as well as website details related to banking and anti-virus websites. Troj/Bankash-L may download

Troj/BagleDl-Y
This malware was reported by: Sophos
Troj/BagleDl-Y downloads files from a number of remote websites and executes them.

WORM_RONTOKBRO.M
This malware was reported by: Trendmicro
 This worm propagates by sending a copy of itself to email messages as KANGEN.EXE. It gathers target email addresses by searching an affected system for files with certain extensions.

Adware-Nsupdate
This malware was reported by: Network Associates Inc


DNSChanger.c
This malware was reported by: Network Associates Inc


TROJ_YABE.D
This malware was reported by: Trendmicro
 This Trojan usually arrives as an attachment to spammed email messages. It uses the file name T-COM-RECHNUNG.PDF.EXE.

W32/Ritdoor-B
This malware was reported by: Sophos
W32/Ritdoor-B is a worm and backdoor for the Windows platform. W32/Ritdoor-B spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and PNP (MS05-039). W32/Ritdoor-B runs

W32/Tilebot-AP
This malware was reported by: Sophos
W32/Tilebot-AP is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels. W32/Tilebot-AP spreads to network s

StartPage-GU
This malware was reported by: Network Associates Inc


Backdoor.Haxdoor.G
This malware was reported by: Symantec
Backdoor.Haxdoor.G is a Trojan horse program that opens a covert proxy on the compromised computer.

Trojan.Lodear.D
This malware was reported by: Symantec
Trojan.Lodav.B is a Trojan horse that attempts to lower security settings on the compromised computer. Note: Virus definitions dated November 9, 2005 or earlier may detect this threat as Trojan.Lodear.D. Virus definitions dated November 4, 2005 or earl

Trojan.Totmau
This malware was reported by: Symantec
Trojan.Totmau is a Trojan horse that allows the compromised computer to be used as a covert proxy to relay spam.

Troj/Dloader-YF
This malware was reported by: Sophos
Troj/Dloader-YF is a Trojan for the Windows platform. Troj/Dloader-YF includes functionality to access the internet and communicate with a remote server via HTTP. When first run Troj/Dloader-YF copies itself to <System>ipwf.exe an

Troj/Bancban-HE
This malware was reported by: Sophos
Troj/Bancban-HE is an internet banking Trojan for the Windows platform.

Troj/GrayBir-AB
This malware was reported by: Sophos
Troj/GrayBir-AB is a backdoor Trojan for the Windows platform.

W32/Esbot-B
This malware was reported by: Sophos
W32/Esbot-B is a worm and IRC backdoor Trojan for the Windows platform. W32/Esbot-B will connect to an IRC channel and wait for instructions.

W32/Agobot-UB
This malware was reported by: Sophos
W32/Agobot-UB is a worm and IRC backdoor Trojan for the windows platform. W32/Agobot-UB spreads to other computers via network shares and the following software vulnerabilities: RPC-DCOM (MS04-012) PNP (MS05-039) When first run W32

Troj/BagleDl-AB
This malware was reported by: Sophos
Troj/BagleDl-AB is a Trojan for the Windows platform. When first run Troj/BagleDl-AB copies itself to <System>hloader_exe.exe and creates the file <System>hleader_dll.dll. Both these files are detected as Troj/BagleDl-AB.

Troj/Dloader-YG
This malware was reported by: Sophos
Troj/Dloader-YG is a Trojan for the Windows platform. Troj/Dloader-YG attempts to download and install software from the internet.

W32/Bagle-BS
This malware was reported by: Sophos
W32/Bagle-BS is a worm for the Windows platform. W32/Bagle-BS sends a ZIP file as an email attachment. The ZIP file contains an executable detected as Troj/BagleDl-W. When run, this executable attempts to download further files, which may

Troj/WowPWS-A
This malware was reported by: Sophos
Troj/WowPWS-A is a password stealing Trojan for the Windows platform. Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal account details.

W32/Ixbot-D
This malware was reported by: Sophos
W32/Ixbot-D is a worm and IRC backdoor Trojan for the Windows platform. W32/Ixbot-D runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC chann

W32/Mytob-FI
This malware was reported by: Sophos
W32/Mytob-FI is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network. W32/Mytob-FI spreads through email. W32/Mytob-FI harvests email addresses from files on the infected computer an

Linux.Plupii
This malware was reported by: Symantec
Linux.Plupii is a worm with back door capabilities that spreads by exploiting several Web server-related vulnerabilities.

Linux/Lupper.worm
This malware was reported by: Network Associates Inc
This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper  and BSD/Scalper worms from which it inherits the propagation strategy. It scans an entire class B subnet creat

Fantibag.I
This malware was reported by: Computer Associates
Description Win32.Fantibag.I is a trojan that creates filters for IPv4 packets to block access to many and varied antivirus company domains. This trojan may be downl

W32/Bagle-AR
This malware was reported by: Sophos
W32/Bagle-AR is a mass-mailing worm for the Windows platform. W32/Bagle-AR sends a ZIP file as an email attachment. The ZIP file contains an executable detected as either Troj/BagleDl-W, Troj/BagleDl-Y or Troj/BagleDl-Z. Once installed

Troj/Haxdoor-AN
This malware was reported by: Sophos
Troj/Haxdoor-AN is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. Troj/Haxdoor-AN includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Haxdoor

Lupper.B
This malware was reported by: Computer Associates


Lupper.A
This malware was reported by: Computer Associates


Exedrop.A:trojan
This malware was reported by: Computer Associates


DNSChanger
This malware was reported by: F-Secure
Recently we got a few reports about trojans that are designed to change DNS server address on computers that they are run on. This is done to redirect victims to fake websites that steal credit card information, logins and passwords for on-line banks

Winbomb
This malware was reported by: F-Secure


Troj/Haxdoor-AO
This malware was reported by: Sophos
Troj/Haxdoor-AO is a Trojan for the Windows platform. Troj/Haxdoor-AO includes functionality to: - stealth its files, processes, registry entries and services - prevent itself being terminated - prevent itself being deleted

Troj/Bankash-L
This malware was reported by: Sophos
Troj/Bankash-L is a password-stealing Trojan for the Windows platform. Troj/Bankash-L attempts to steal user passwords and information, as well as website details related to banking and anti-virus websites. Troj/Bankash-L may download

W32/Loosky-B
This malware was reported by: Sophos
W32/Loosky-B is a multi-component email worm with Trojan functionality for the Windows platform. W32/Loosky-B logs passwords and window text, acts as a proxy server, and allows remote user to modify, run and download files on the infected

W32/Ritdoor-B
This malware was reported by: Sophos
W32/Ritdoor-B is a worm and backdoor for the Windows platform. W32/Ritdoor-B spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and PNP (MS05-039). W32/Ritdoor-B runs

Trojan.Lodav.B
This malware was reported by: Symantec
Trojan.Lodav.B is a Trojan horse that attempts to lower security settings on the compromised computer. Note: Virus definitions dated November 9, 2005 or earlier may detect this threat as Trojan.Lodear.D. Virus definitions dated November 4, 2005 or earl

W32/Nelo-A
This malware was reported by: Sophos
W32/Nelo-A is a worm for the Windows platform. W32/Nelo-A attempts to copy itself to the root of any any connected hard disks, removable disks, ram disks and networked drives along with a file named Autorun.inf. W32/Nelo-A may open and

Troj/Dloader-YF
This malware was reported by: Sophos
Troj/Dloader-YF is a Trojan for the Windows platform. Troj/Dloader-YF includes functionality to access the internet and communicate with a remote server via HTTP. When first run Troj/Dloader-YF copies itself to <System>ipwf.exe an

Trojan.Tracker
This malware was reported by: Symantec


Magic Byte Virus Modification
This malware was reported by: Computer Associates


Troj/Ranck-DF
This malware was reported by: Sophos
Troj/Ranck-DF is a Trojan for the Windows platform. The Trojan acts as a proxy server, allowing remote attackers the ability to route HTTP traffic through the infected computer.

Troj/GrayBir-AB
This malware was reported by: Sophos
Troj/GrayBir-AB is a backdoor Trojan for the Windows platform.

Fantibag.K
This malware was reported by: Computer Associates
Description Win32.Fantibag.K is a trojan that creates filters for IPv4 packets to block access to many and varied antivirus company domains. This trojan may be downl

Bagle.CY
This malware was reported by: Computer Associates
Description Win32.Bagle.CY is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

Bagle.CZ
This malware was reported by: Computer Associates
Description Win32.Bagle.CZ is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

Bagle.DA
This malware was reported by: Computer Associates
Description Win32.Bagle.DA is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32

W32/Mydoom@MM
This malware was reported by: Network Associates Inc
-- Update March 11, 2004 -- The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence. --Update 17th Febuary, 2004 -- The risk assessment was lowered to Medium due to a decrease in prevalence. -

Troj/Dadobra-I
This malware was reported by: Sophos
Troj/Dadobra-I is a downloader Trojan for the Windows platform. When first run Troj/Dadobra-I copies itself to <System>servicos..exe.

W32/Agobot-UB
This malware was reported by: Sophos
W32/Agobot-UB is a worm and IRC backdoor Trojan for the windows platform. W32/Agobot-UB spreads to other computers via network shares and the following software vulnerabilities: RPC-DCOM (MS04-012) PNP (MS05-039) When first run W32

Doomboot.H
This malware was reported by: F-Secure
Doomboot.H is a variant of Doomboot.G that contains a pirate copy of ExoVirusStop application and claims to be installation package for ExoVirusStop. However in addition to pirate copied anti virus the Doomboot.H also contains corrupted system files

Doomboot.G
This malware was reported by: F-Secure
Doomboot.G is a variant of Doomboot.A that contains a pirate copy of ExoVirusStop application and claims to be installation package for ExoVirusStop. However in addition to pirate copied anti virus the Doomboot.G also contains corrupted system files

Zagaban.H
This malware was reported by: Panda Software
 Zagaban.H is a password stealer type Trojan that attempts to log several web addresses accessed by the user, mostly belonging to banking entities, and the keystrokes typed in them, which can be used to obtain sensitive information: passwords, account num

Troj/Shredl-B
This malware was reported by: Sophos
Troj/Shredl-B is a downloader Trojan for the Windows platform.

Troj/Dloader-YG
This malware was reported by: Sophos
Troj/Dloader-YG is a Trojan for the Windows platform. Troj/Dloader-YG attempts to download and install software from the internet.

WORM_RBOT.CSI
This malware was reported by: Trendmicro
 This memory-resident worm propagates across networks by dropping a copy of itself into network shares. It logs on to password-protected systems using a list of user names and passwords.

ELF_LUPPER.B
This malware was reported by: Trendmicro
 This executable Linux file (ELF) is a command line tool used in connecting to various ports. It may be used to connect back to remote malicious users, thus providing them a shell to control an affected system.

ELF_LUPPER.A
This malware was reported by: Trendmicro
 This malicious executable Linux file (ELF) generates random IP addresses and appends certain strings on the said addresses to access target systems.

Bloodhound.Exploit.45
This malware was reported by: Symantec
Bloodhound.Exploit.45 is a heuristic detection for the Graphic Rendering Engine Vulnerability and the Windows Metafile Vulnerability (as described in Microsoft Security Bulletin MS05-053).

MS Vulnerability MS05-053
This malware was reported by: Network Associates Inc


W32/Rbot-AWM
This malware was reported by: Sophos
W32/Rbot-AWM is a network worm with backdoor Trojan functionality for the Windows platform. W32/Rbot-AWM spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system v

W32/Ixbot-D
This malware was reported by: Sophos
W32/Ixbot-D is a worm and IRC backdoor Trojan for the Windows platform. W32/Ixbot-D runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC chann

Bloon.V
This malware was reported by: Computer Associates


XCP
This malware was reported by: Network Associates Inc


Email-Flooder.Win32.VB.bc
This malware was reported by: F-Secure


Mitglieder.DH
This malware was reported by: Computer Associates
Description Win32.Mitglieder.DH is a trojan that opens a backdoor on an infected machine, and acts as a SOCKS 4 proxy. The trojan also periodically contacts web site

Lupper.C
This malware was reported by: Computer Associates


MS05-053
This malware was reported by: Panda Software


Troj/Dadobra-J
This malware was reported by: Sophos
Troj/Dadobra-J is a Trojan for the Windows platform. Troj/Dadobra-J includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Bagle-AR
This malware was reported by: Sophos
W32/Bagle-AR is a mass-mailing worm for the Windows platform. W32/Bagle-AR sends a ZIP file as an email attachment. The ZIP file contains an executable detected as either Troj/BagleDl-W, Troj/BagleDl-Y or Troj/BagleDl-Z. Once installed

Linux/Lupper.worm.b
This malware was reported by: Network Associates Inc


BackDoor-CEP.kit
This malware was reported by: Network Associates Inc


Adware-Starware
This malware was reported by: Network Associates Inc


Cardtrap.D
This malware was reported by: F-Secure
Cardtrap.D is a minor variation of Cardtrap.B, the main differences are that Cardtrap.D disables smaller number of application and drops other Symbian malware on the device. We have tested Cardtrap.D on several different phones, and on all the phone

Cardtrap.E
This malware was reported by: F-Secure
Cardtrap.E is a minor variation of Cardtrap.D. We have tested Cardtrap.E on several different phones, and on all the phones we tested the installation of Cardtap.E fails. And thus it is not dangerous to most of the users. But we cannot be sure that

W32/Tilebot-AY
This malware was reported by: Sophos
W32/Tilebot-AY is a network worm and backdoor Trojan for the Windows platform. W32/Tilebot-AY spreads by copying itself to network shares protected by weak passwords and by exploiting the following vulnerabilities: LSASS (MS04-011), RPC-D

Troj/Haxdoor-AO
This malware was reported by: Sophos
Troj/Haxdoor-AO is a Trojan for the Windows platform. Troj/Haxdoor-AO includes functionality to: - stealth its files, processes, registry entries and services - prevent itself being terminated - prevent itself being deleted

W32/Loosky-B
This malware was reported by: Sophos
W32/Loosky-B is a multi-component email worm with Trojan functionality for the Windows platform. W32/Loosky-B logs passwords and window text, acts as a proxy server, and allows remote user to modify, run and download files on the infected

TROJ_EMFSPLOIT.A
This malware was reported by: Trendmicro
 TrendLabs is currently analyzing samples of this Trojan. Detailed analysis will be posted shortly.

Exploit-MS05-053
This malware was reported by: Network Associates Inc


W32/Stando-E
This malware was reported by: Sophos
W32/Stando-A is a worm for the Windows platform. W32/Stando-A copies itself to the root folder of available disk drives with the filename sys.exe and creates the hidden file autorun.inf to run it.

W32/Nelo-A
This malware was reported by: Sophos
W32/Nelo-A is a worm for the Windows platform. W32/Nelo-A attempts to copy itself to the root of any any connected hard disks, removable disks, ram disks and networked drives along with a file named Autorun.inf. W32/Nelo-A may open and

SYMBOS_DOOMED.I
This malware was reported by: Trendmicro
 This Symbian malware affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. Some of the affected mobile phone models are:

SYMBOS_DOOMED.H
This malware was reported by: Trendmicro
 This Symbian malware affects mobile devices running on Symbian operating system with Series 60 Platform user interface. Some of the affected phone models are the following:


Anti virus links

Anti-virus programs
Virus history
Top-100 malware
Svenska
Antivirus programs


Sitemap


Anti virus and malware

  Anti virus