Troj/Danmec-C
This malware was reported by: Sophos
Troj/Danmec-C is a component of a Trojan for the Windows platform.
Troj/Danmec-C can be used in conjunction with other malware to offer remote attackers the ability to route HTTP traffic through the infected computer.
Troj/Bancos-FV
This malware was reported by: Sophos
Troj/Bancos-FV is an internet banking Trojan for the Windows platform.
When first run Troj/Bancos-FV copies itself to <Windows>kernels32.exe.
W32/Mytob-FV
This malware was reported by: Sophos
W32/Mytob-FV is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FV spreads to other network computers by exploiting common buffer
overflow vulnerabilities, includin
PE_THEALS.A
This malware was reported by: Trendmicro
This file infector arrives on a system either as a dropped file of the malware detected by Trend Micro as VBS_SIMP.A or as an attachment to mass-mailed email messages.
W32.Beagle.CQ@mm
This malware was reported by: Symantec
W32.Beagle.CQ@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of another threat, Trojan.Lodear.D. The worm also opens a back door on the compromised computer using TCP port 80 and lowers security settings.
TROJ_SMALL.AWM
This malware was reported by: Trendmicro
A Trojan application is a malware with no capability to spread into other systems. This Trojan arrives attached to an email message, which is manually spammed by a malicious user.
Backdoor.Spymon
This malware was reported by: Symantec
Backdoor.Spymon is a Trojan horse that opens a back door on a compromised computer.
Troj/Goldun-AE
This malware was reported by: Sophos
Troj/Goldun-AE is a Trojan for the Windows platform.
The Trojan steals login credentials entered into web forms related to certain financial institutions.
Troj/Goldun-AE may arrive as an email attachment, and when run it displays a pic
W32/Mytob-FX
This malware was reported by: Sophos
W32/Mytob-FX is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-FX may arrive as an attachment in an email with various characteristics.
W32/Mytob-FX runs continuously in the background, providing a back
TROJ_MGLIEDER.AA
This malware was reported by: Trendmicro
W32/Kelvir-BE
This malware was reported by: Sophos
Troj/Banload-J
This malware was reported by: Sophos
Troj/Banload-J is a downloader for the Windows platform.
Troj/Banload-J attempts to download and execute a file to <System>imgrt.scr.
Troj/RemLoad-B
This malware was reported by: Sophos
Troj/RemLoad-B is a Trojan for the Windows platform.
Troj/RemLoad-B includes functionality to access the internet and communicate with a remote server via HTTP.
When run, Troj/RemLoad-B may display a fake error message stating that a p
W32/Bobax-T
This malware was reported by: Sophos
W32/Bobax-T is a mass-mailing network worm and backdoor Trojan for the Windows platform.
W32/Bobax-T spreads by sending itself to email addresses found on the infected computer and by exploiting the PNP (MS05-039) vulnerability.
Messag
Troj/Paltus-A
This malware was reported by: Sophos
Troj/Paltus-A is a Trojan for the Windows platform.
When first run Troj/Paltus-A copies itself to <System>sserver.exe.
Troj/Skbot-A
This malware was reported by: Sophos
Troj/Skbot-A is a backdoor Trojan for the Windows platform.
Troj/Skbot-A may have been dropped onto an infected system as the file <Windows>Systemlsass.exe.
When Troj/Skbot-A is installed it creates the file <System>w32t
PHP_DEFTOOL.A
This malware was reported by: Trendmicro
This PHP (Hypertext Processor) script is a component used in defacing PHP sites. It allows a remote attacker to execute arbitrary commands, such as execute and overwrite files, when users access particular Web sites.
BKDR_BREPLIBOT.G
This malware was reported by: Trendmicro
This memory-resident backdoor program arrives on a system as an attachment to spammed email messages. It may also be dropped into the machine or downloaded from the Internet.
Troj/IRCBot-AO
This malware was reported by: Sophos
Troj/IRCBot-AO is an IRC backdoor Trojan for the Windows platform.
Troj/IRCBot-AO has functionality to connect to IRC channels and to download and execute EXE files from remote URLs.
Samples of Troj/IRCBot-AO appear to have been massma
Troj/Dloadr-AAP
This malware was reported by: Sophos
Troj/Dloadr-AAP is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/Bankem-I
This malware was reported by: Sophos
Troj/Bankem-I is a password stealing Trojan for the Windows platform.
Troj/Bankem-I includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Danmec-C
This malware was reported by: Sophos
Troj/Danmec-C is a component of a Trojan for the Windows platform.
Troj/Danmec-C can be used in conjunction with other malware to offer remote attackers the ability to route HTTP traffic through the infected computer.
Danmec.C
This malware was reported by: Computer Associates
Fantibag.L
This malware was reported by: Computer Associates
Description Win32.Fantibag.L is a trojan that creates filters for IPv4 packets to block access to many and varied antivirus company domains. This trojan may be downl
W32/Mytob-FY
This malware was reported by: Sophos
W32/Mytob-FY is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FY runs continuously in the background, providing a backdoor server which allows a remote intruder to
PWS-Banker.as
This malware was reported by: Network Associates Inc
SymbOS.Doomboot.P
This malware was reported by: Symantec
SymbOS.Doomboot.P is a Trojan horse that affects Symbian series 60 phones and disables several applications on the compromised device.
Troj/Goldun-AE
This malware was reported by: Sophos
Troj/Goldun-AE is a Trojan for the Windows platform.
The Trojan steals login credentials entered into web forms related to certain financial institutions.
Troj/Goldun-AE may arrive as an email attachment, and when run it displays a pic
W32/Francette-Y
This malware was reported by: Sophos
W32/Francette-Y is a worm and IRC backdoor Trojan for the Windows platform.
W32/Francette-Y spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RPC-DCOM (MS04-012).
W32/Francette-Y runs c
W32/Kelvir-BE
This malware was reported by: Sophos
Cardtrap.H
This malware was reported by: F-Secure
Cardtrap.H is a minor variation of Cardtrap.C, the main differences are
that Cardtrap.C does contain components from many other viruses and installs itself
completely in a memory card.
Cardtrap.H also drops components from SymbOS/Doomboot.A, which p
WORM_MYTOB.NB
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Using its own SMTP
SYMBOS_SKULLS.Q
This malware was reported by: Trendmicro
This SYMBOS_SKULLS variant is capable of infecting mobile phones running the Symbian OS with the Series 60 Platform user interface. It does this by propagating through Bluetooth.
W32/Sdranck-V
This malware was reported by: Sophos
W32/Sdranck-V is a multi-component network worm.
TROJ_BAGLE.AP
This malware was reported by: Trendmicro
Upon execution, this Trojan drops a copy of itself and other files in the Windows system folder. It then attempts to connect to various Web sites where it downloads other malware. Hence, infected systems are loaded with even more malicious applicati
Trojan.Spamforo
This malware was reported by: Symantec
Trojan.Spamforo is a Trojan horse that sends out spam emails.
SymbOS.Ruhag.C
This malware was reported by: Symantec
SymbOS.Ruhag.C is a Trojan horse that runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones. The Trojan disables applications on the compromised device.
SymbOS.Drever.D
This malware was reported by: Symantec
SymbOS.Drever.D is a Trojan horse that disables Simworks Symbian Anti-Virus software.
Trojan.Lodav.C
This malware was reported by: Symantec
Trojan.Lodav.C is a Trojan horse that attempts to lower security settings on the compromised computer. This Trojan may be downloaded by Trojan.Lodear.D.
W32/Traxg-F
This malware was reported by: Sophos
W32/Traxg-F is a worm for the Windows platform.
Adware-PehPai
This malware was reported by: Network Associates Inc
Appdisabler.H
This malware was reported by: F-Secure
Appdisabler.H is a malicious SIS file trojan, which tries to disable
Symbian application menu by copying corrupted system binary to memory card.
Appdisabler.H does not install any components to device memory only to memory card.
Doomboot.I
This malware was reported by: F-Secure
Doomboot.I is a variant of Doomboot.H that contains a pirate copy of
ExoVirusStop application and claims to be installation package
for ExoVirusStop.
However in addition to pirate copied anti virus the Doomboot.I also contains corrupted
system files
W32/Mytob-FZ
This malware was reported by: Sophos
W32/Mytob-FZ is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FZ runs continuously in the background, providing a backdoor server which allows a remote intruder to
Troj/Paltus-A
This malware was reported by: Sophos
Troj/Paltus-A is a Trojan for the Windows platform.
When first run Troj/Paltus-A copies itself to <System>sserver.exe.
Fontal.G
This malware was reported by: F-Secure
Fontal.G is a SIS file trojan that installs corrupted Font file into infected device,
thus causing the device to fail at next reboot. Fontal.G also tries to disable
Kaspersky Anti-Virus for Symbian, currently it is still unverified whether this
attem
Fontal.H
This malware was reported by: F-Secure
Fontal.H is a SIS file trojan that installs corrupted Font file into infected device,
thus causing the device to fail at next reboot.
If a phone is infected with Fontal.H, it must not be rebooted as the
trojan will prevent the phone from booting aga
Troj/Iefeat-AR
This malware was reported by: Sophos
Troj/Iefeat-AR is a downloader and browser hijacking Trojan.
Troj/Iefeat-AR will attempt to download and run files from a remote site.
Troj/Iefeat-AR may drop a file, detected as Troj/Dloader-AQ.
Troj/Iefeat-AR changes settings for
Troj/Bankem-I
This malware was reported by: Sophos
Troj/Bankem-I is a password stealing Trojan for the Windows platform.
Troj/Bankem-I includes functionality to access the internet and communicate with a remote server via HTTP.
WORM_LOOKSKY.D
This malware was reported by: Trendmicro
This worm arrives as an attachment to an email message. To spread, it gathers target email addresses from found .HTM files in the personal folder and the Windows address book (.WAB) file. It then sends a copy of itself to harvested recipients via em
Downloader-ABA
This malware was reported by: Network Associates Inc
Troj/Rasdoor-D
This malware was reported by: Sophos
Troj/Rasdoor-D is a backdoor Trojan for the Windows platform.
Troj/IRCBot-AO
This malware was reported by: Sophos
Troj/IRCBot-AO is an IRC backdoor Trojan for the Windows platform.
Troj/IRCBot-AO has functionality to connect to IRC channels and to download and execute EXE files from remote URLs.
Samples of Troj/IRCBot-AO appear to have been massma
Viewpoint
This malware was reported by: Network Associates Inc
Skintrim Family
This malware was reported by: Computer Associates
Description Win32.Skintrim is a family of trojans that downloads and executes arbitrary files. In the wild, they have been observed downloading variants of the Win32
Backdoor.Nuclear
This malware was reported by: Symantec
Backdoor.Nuclear is a back door Trojan that gives an attacker full control over the compromised computer. It is created and configured using a builder program.
Troj/Bagle-AS
This malware was reported by: Sophos
Troj/Bagle-AS is a backdoor Trojan.
When the Trojan executes it will start a backdoor and send connection information to a number of websites.
W32/Mytob-FY
This malware was reported by: Sophos
W32/Mytob-FY is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FY runs continuously in the background, providing a backdoor server which allows a remote intruder to
W32/Kelvir-BF
This malware was reported by: Sophos
WORM_RONTOKBRO.T
This malware was reported by: Trendmicro
This memory-resident worm propagates by sending a copy of itself as an attachment to email messages. It gathers target email addresses by searching an affected system for files with certain extensions.
Doomboot.J
This malware was reported by: F-Secure
Doomboot.J is close variant to Doomboot.B. The major difference between
Doomboot.J and Doomboot.B is that the Doomboot.J does contain also
application files from Fontal.A.
If you have installed Doomboot.J, the most important thing is not to
reboot t
Appdisabler.H@dr
This malware was reported by: F-Secure
Appdisabler.H@dr is a malicous Symbian SIS file trojan dropper, that
drops Appdisabler.H trojan on the infected device.
W32/Ritdoor-D
This malware was reported by: Sophos
W32/Ritdoor-D is a worm and backdoor Trojan for the Windows platform.
W32/Ritdoor-D spreads:
- to other network computers by exploiting common buffer overflow
vulnerabilities, including: LSASS (MS04-011), ASN.1 (MS04-007), and PNP
(MS05-03
W32/Francette-Y
This malware was reported by: Sophos
W32/Francette-Y is a worm and IRC backdoor Trojan for the Windows platform.
W32/Francette-Y spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RPC-DCOM (MS04-012).
W32/Francette-Y runs c
W32.Secefa.B
This malware was reported by: Symantec
W32.Secefa.B is a worm that drops another threat onto the compromised computer.
Trojan.Bookmarker.J
This malware was reported by: Symantec
Trojan.Bookmarker.J is a Trojan horse that modifies Internet Explorer settings by changing the home page and search page, and by adding Web sites to the Favorites menu. The Trojan also downloads remote files and opens a back door.
AVKiller.V
This malware was reported by: Panda Software
AVKiller.V is a Trojan that attempts to download and run a file that belongs to other Trojan detected as Banker.BHD from a certain website. Additionally, it ends several processes belonging to security tools and antivirus programs.AVKiller.V does not spr
W32.Yimper
This malware was reported by: Symantec
W32.Yimper is a worm that spreads through AOL Instant Messenger and Yahoo! Instant Messenger by sending messages that contain a link to a malicious Web site.
W32.Looksky.D@mm
This malware was reported by: Symantec
W32.Looksky.D@mm is a mass-mailing worm that drops malware and lowers security settings on the compromised computer.
Troj/Krepper-S
This malware was reported by: Sophos
Troj/Krepper-S is a Trojan for the Windows platform.
Troj/Krepper-S includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Sdranck-V
This malware was reported by: Sophos
W32/Sdranck-V is a multi-component network worm.
WORM_MYTOB.MA
This malware was reported by: Trendmicro
This worm propagates by sending a copy of itself as an attachment to email messages, which it then sends to target addresses using its own Simple Mail Transfer Protocol (SMTP) engine. Using its own email engine enables this worm to spread without us
TROJ_AGENT.AHS
This malware was reported by: Trendmicro
A Trojan application is a malware with no capability to spread into other systems. It is usually downloaded from the Internet or attached in spammed email messages.
Troj/Piebot-A
This malware was reported by: Sophos
Troj/Piebot-A is an IRC backdoor Trojan for the Windows platform.
Troj/Piebot-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Traxg-F
This malware was reported by: Sophos
W32/Traxg-F is a worm for the Windows platform.
Smamate Family
This malware was reported by: Computer Associates
Description Win32.Smamate is a device driver that is used to hide files, registry keys and running processes. It is installed and used by variants of the Win32.Propo
Accoona.dr
This malware was reported by: Network Associates Inc
Accoona
This malware was reported by: Network Associates Inc
W32.Secefa.C
This malware was reported by: Symantec
Danmec Family
This malware was reported by: Computer Associates
Description Win32.Danmec is a family of trojans that gathers sensitive system information and posts it to particular websites.
Adware-404Search
This malware was reported by: Network Associates Inc
Adware-Serch
This malware was reported by: Network Associates Inc
Adware-IEBar
This malware was reported by: Network Associates Inc
Adware-PigSearch
This malware was reported by: Network Associates Inc
Troj/Banker-HX
This malware was reported by: Sophos
Troj/Banker-HX is a Trojan for the Windows platform.
Troj/Banker-HX includes functionality to send notification messages to remote locations.
W32/Mytob-FZ
This malware was reported by: Sophos
W32/Mytob-FZ is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FZ runs continuously in the background, providing a backdoor server which allows a remote intruder to
Samony.B
This malware was reported by: Panda Software
Samony.B is a worm with backdoor characteristics that remains listening to port 321, in order to receive control commands, which allow the affected computer to be remotely administrated. It can be instructed to download, run, copy and delete files, list
W32/Mytob-GA
This malware was reported by: Sophos
W32/Mytob-GA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-GA runs continuously in the background, providing a backdoor server which allows a remote intruder to gai
Troj/Iefeat-AR
This malware was reported by: Sophos
Troj/Iefeat-AR is a downloader and browser hijacking Trojan.
Troj/Iefeat-AR will attempt to download and run files from a remote site.
Troj/Iefeat-AR may drop a file, detected as Troj/Dloader-AQ.
Troj/Iefeat-AR changes settings for
JS_WINDEXP.A
This malware was reported by: Trendmicro
This malicious JavaScript is downloaded on an affected system whenever the user accesses certain Web sites.
RemAdm-ProcLaunch
This malware was reported by: Network Associates Inc
WORM_MYTOB.NE
This malware was reported by: Trendmicro
This worm arrives as a .ZIP attachment to an email message with the following details:
W32/Rbot-AZU
This malware was reported by: Sophos
W32/Rbot-AZU is a Trojan for the Windows platform.
W32/Rbot-AZU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W3
Troj/Rasdoor-D
This malware was reported by: Sophos
Troj/Rasdoor-D is a backdoor Trojan for the Windows platform.
W32/Ritdoor-F
This malware was reported by: Sophos
W32/Ritdoor-F is a worm and backdoor Trojan for the Windows platform.
W32/Ritdoor-F spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), PNP (MS05-039) and ASN.1 (MS04-007).
TROJ_YABE.E
This malware was reported by: Trendmicro
W32.Gudeb
This malware was reported by: Symantec
W32.Gudeb is a worm that lowers security settings and hides folders on the compromised computer. It spreads via FTP and gathers valid accounts from Total Commander configuration file.
BodyOnLoad
This malware was reported by: Panda Software
Troj/Surila-I
This malware was reported by: Sophos
Troj/Surila-I is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Surila-I includes functionality to access the internet and communicate with a remote server via HTTP. It can act as a proxy,
Troj/Bagle-AS
This malware was reported by: Sophos
Troj/Bagle-AS is a backdoor Trojan.
When the Trojan executes it will start a backdoor and send connection information to a number of websites.