W32/Kelvir-BF
This malware was reported by: Sophos
Winfixer
This malware was reported by: Network Associates Inc
Trojan.Esteems.E
This malware was reported by: Symantec
Trojan.Esteems.E is a Trojan horse that steals confidential information from a compromised computer by logging keystrokes and sending the data it gathers to a remote server.
Trojan.Hanmon
This malware was reported by: Symantec
Trojan.Hanmon is a Trojan Horse that injects malicious code into several Windows processes.
W32/Attech-B
This malware was reported by: Sophos
W32/Attech-B is a worm for the Windows platform. This worm is capable of spreading via AOL Instant Messenger and via file sharing on peer to peer networks.
W32/Attech-B will disable Task Manager, regedit, Windows Explorer and will prevent In
W32/Ritdoor-D
This malware was reported by: Sophos
W32/Ritdoor-D is a worm and backdoor Trojan for the Windows platform.
W32/Ritdoor-D spreads:
- to other network computers by exploiting common buffer overflow
vulnerabilities, including: LSASS (MS04-011), ASN.1 (MS04-007), and PNP
(MS05-03
WinFetch Family
This malware was reported by: Computer Associates
Description Win32.Winfetch is a family of trojans that downloads and executes arbitrary files.
Cardtrap.J
This malware was reported by: F-Secure
Cardtrap.J is a Symbian SIS file trojan that disables Symbian built in system
applications, installs several Cabir variants and copies Windows worms Win32.Rays
and Win32.Padobot.Z to the phone memory card.
The Win32/Rays is copied with name System.e
Cardtrap.I
This malware was reported by: F-Secure
Cardtrap.I is a Symbian SIS file trojan that disables Symbian built in system
applications, installs several Cabir variants, drops SymbOS/Cabir.A worm and
copies Windows worms Win32.Rays and Win32.Padobot.Z to the phone memory card.
The Win32/Rays i
Troj/Bancban-JN
This malware was reported by: Sophos
Troj/Bancban-JN is a Trojan for the Windows platform.
Troj/Bancban-JN targets the users of certain Brazilian banking websites with the aim of harvesting account details.
Troj/Krepper-S
This malware was reported by: Sophos
Troj/Krepper-S is a Trojan for the Windows platform.
Troj/Krepper-S includes functionality to access the internet and communicate with a remote server via HTTP.
SYMBOS_PBSTEAL.B
This malware was reported by: Trendmicro
W32/Dolebot-A
This malware was reported by: Sophos
W32/Dolebot-A is an email and network worm with IRC backdoor functionality for the Windows platform.
W32/Dolebot-A spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCO
Troj/Piebot-A
This malware was reported by: Sophos
Troj/Piebot-A is an IRC backdoor Trojan for the Windows platform.
Troj/Piebot-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Keylog-Absolute
This malware was reported by: Network Associates Inc
W32.Mytob.MK@mm
This malware was reported by: Symantec
W32.Mytob.MK@mm is a worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
Troj/Banker-HX
This malware was reported by: Sophos
Troj/Banker-HX is a Trojan for the Windows platform.
Troj/Banker-HX includes functionality to send notification messages to remote locations.
WORM_MYTOB.NF
This malware was reported by: Trendmicro
Like other MYTOB variants, this memory-resident worm spreads copies of itself as attachments to email messages that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Through this SMTP engine, it is able to easi
SYMBOS_PBSTEAL.C
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. Among the phone models that use this operating system are the following:
W32/Rbot-BAF
This malware was reported by: Sophos
W32/Rbot-BAF is a worm with backdoor functionality for the Windows platform.
W32/Rbot-BAF spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS
W32/Mytob-GA
This malware was reported by: Sophos
W32/Mytob-GA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-GA runs continuously in the background, providing a backdoor server which allows a remote intruder to gai
Troj/Surila-J
This malware was reported by: Sophos
Troj/Surila-J is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Surila-J includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Rbot-AZU
This malware was reported by: Sophos
W32/Rbot-AZU is a Trojan for the Windows platform.
W32/Rbot-AZU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W3
W32.Mytob.ML@mm
This malware was reported by: Symantec
W32.Mytob.ML@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
SymbOS.Fontal.D
This malware was reported by: Symantec
SymbOS.Fontal.D is a Trojan horse that affects Symbian series 60 phones. It drops a corrupted Font file, thus causing the phone to fail at next reboot. It also attempts to disable Kaspersky Anti-Virus for Symbian on the compromised device by overwriting
Symbos.Fontal.E
This malware was reported by: Symantec
SymbOS.Fontal.E is a Trojan horse that installs a corrupt font file on the compromised device. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.
SymbOS.Hidmenu.A
This malware was reported by: Symantec
SymbOS.Hidmenu.A is a Trojan horse that drops corrupted files to the memory card of the compromised device.
W32/Poebot-T
This malware was reported by: Sophos
W32/Poebot-T is a worm for the Windows platform.
The worm spreads through network shares protected by weak passwords and through operating system vulnerabilities such as LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), Veritas (
W32/Ritdoor-F
This malware was reported by: Sophos
W32/Ritdoor-F is a worm and backdoor Trojan for the Windows platform.
W32/Ritdoor-F spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), PNP (MS05-039) and ASN.1 (MS04-007).
Troj/Zlob-O
This malware was reported by: Sophos
Troj/Zlob-O is a downloader Trojan.
Troj/Zlob-O will contact predefined remote sites and download data. The Trojan may then download further executable files and run them.
Troj/Surila-I
This malware was reported by: Sophos
Troj/Surila-I is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Surila-I includes functionality to access the internet and communicate with a remote server via HTTP. It can act as a proxy,
W32.Feldor.A
This malware was reported by: Symantec
W32.Feldor.A is a virus that drops files, creates a registry entry, and may display a message.
SYMBOS_DOOMED.J
This malware was reported by: Trendmicro
This SYMBOS_DOOMED variant is capable of infecting mobile phones running the Symbian OS with the Series 60 Platform user interface. It does this by propagating through Bluetooth.
W32/Rbot-BAL
This malware was reported by: Sophos
W32/Rbot-BAL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BAL spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1
(MS04-007) and
TROJ_DANMEC.E
This malware was reported by: Trendmicro
Upon execution this memory-resident Trojan displays the following fake error message to trick users into thinking that it does not run on an affected system:
W32/Spybot-EL
This malware was reported by: Sophos
W32/Spybot-EL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-EL spreads to other network computers infected with Troj/Kuang.
W32/Spybot-EL runs continuously in the background, providing a backdoor server which allows
W32/Attech-B
This malware was reported by: Sophos
W32/Attech-B is a worm for the Windows platform. This worm is capable of spreading via AOL Instant Messenger and via file sharing on peer to peer networks.
W32/Attech-B will disable Task Manager, regedit, Windows Explorer and will prevent In
Troj/Brepbot-B
This malware was reported by: Sophos
Troj/Brepbot-B is a backdoor Trojan for the Windows platform.
Troj/Bancban-JN
This malware was reported by: Sophos
Troj/Bancban-JN is a Trojan for the Windows platform.
Troj/Bancban-JN targets the users of certain Brazilian banking websites with the aim of harvesting account details.
BKDR_BREPLIBOT.N
This malware was reported by: Trendmicro
This memory-resident backdoor application arrives on a system as an attachment to mass-mailed email messages. It may also be downloaded from the Internet, or dropped by other malware programs.
Qweasy.F
This malware was reported by: Computer Associates
Description Win32.Qweasy.F is a worm that spreads via exploiting several vulnerablities. This worm can also ownload and execute arbitrary files.
Troj/Stinx-H
This malware was reported by: Sophos
Troj/Stinx-H is a Trojan for the Windows platform.
W32/Dolebot-A
This malware was reported by: Sophos
W32/Dolebot-A is an email and network worm with IRC backdoor functionality for the Windows platform.
W32/Dolebot-A spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCO
Troj/Bancban-JX
This malware was reported by: Sophos
Troj/Bancban-JX is an internet banking Trojan for the Windows platform.
BKDR_BREPLIBOT.M
This malware was reported by: Trendmicro
This memory-resident backdoor application arrives on a system as an attachment to mass-mailed email messages. It may also be downloaded from the Internet or dropped by other malware programs.
MailSkinner
This malware was reported by: Network Associates Inc
Troj/Danmec-E
This malware was reported by: Sophos
Troj/Danmec-E is a Trojan for the Windows platform.
Troj/Danmec-E displays a fake error message with the title "Component not found" and the message text "Application can not run because vbreun64.dll not found".
The Trojan opens a port and
W32/Rbot-BAF
This malware was reported by: Sophos
W32/Rbot-BAF is a worm with backdoor functionality for the Windows platform.
W32/Rbot-BAF spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS
WORM_RONTOKBRO.Y
This malware was reported by: Trendmicro
This memory-resident worm propagates by sending a copy of itself as an attachment to email messages.
Cardtrap.K
This malware was reported by: F-Secure
Cardtrap.K is a minor variation of Cardtrap.E.
Cardtrap.K is a Symbian SIS file trojan that disables Symbian built in system applications,
installs several Cabir variants and copies Windows worms Win32.Rays and Win32.Padobot.Z to the
phone memory ca
HacDef
This malware was reported by: F-Secure
Hacker Defender is one of the most widely deployed rootkits in the wild.
It is a user-mode rootkit that modifies several Windows and Native API functions,
which allows it to hide information (files, processes, etc.) from other applications.
In additi
Trojan.Gurepirls
This malware was reported by: Symantec
Trojan.Gurepirls is a Trojan horse that steals email address and registers the stolen addresses for a pornographic service. The Trojan then prompts the user to pay for access to a pornographic Web site.
W32/Sdbot.worm.gen.h!74752
This malware was reported by: Network Associates Inc
Pbstealer.B
This malware was reported by: F-Secure
SymbOS/Pbstealer.B is a trojan application that runs under Symbian Series
60 platform. Pbstealer.B pretends to be utility software that compacts
the phone contacts database. Instead of compacting information
Pbstealer.B reads the contact informatio
Pbstealer.C
This malware was reported by: F-Secure
SymbOS/Pbstealer.C is a trojan application that runs under Symbian Series
60 platform. Pbstealer.C pretends to be utility software that compacts
the phone contacts database. Instead of compacting information
Pbstealer.C reads the contact informatio
Troj/Bancban-KB
This malware was reported by: Sophos
Troj/Bancban-KB is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-KB includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan attempts to log keypresses enter
Troj/Surila-J
This malware was reported by: Sophos
Troj/Surila-J is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Surila-J includes functionality to access the internet and communicate with a remote server via HTTP.
MultiDropper-PH
This malware was reported by: Network Associates Inc
WORM_MYTOB.NH
This malware was reported by: Trendmicro
Unlike most MYTOB variants, this memory-resident worm spreads copies of itself by using its own Simple Mail Transfer Protocol (SMTP) engine to send out email messages that contains a link, which when clicked downloads a copy of itself onto target sy
Troj/Danmec-F
This malware was reported by: Sophos
Troj/Danmec-F is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files.
Troj/Danmec-
W32/Poebot-T
This malware was reported by: Sophos
W32/Poebot-T is a worm for the Windows platform.
The worm spreads through network shares protected by weak passwords and through operating system vulnerabilities such as LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007), Veritas (
Proxy-Agent.af
This malware was reported by: Network Associates Inc
X97M.Sops
This malware was reported by: Symantec
X97M.Sops is a macro virus that infects Microsoft Excel workbooks.
SymbOS.Pbstealer.B
This malware was reported by: Symantec
SymbOS.Cardtrp.H
This malware was reported by: Symantec
SymbOS.Cardtrp.H is a Trojan horse that drops many various threats on to the compromised device. The Trojan also disables several applications. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephon
Generic.dc
This malware was reported by: Network Associates Inc
Spy-Looxee
This malware was reported by: Network Associates Inc
BackDoor-CVZ
This malware was reported by: Network Associates Inc
QHosts-53
This malware was reported by: Network Associates Inc
Troj/Graybrd-AU
This malware was reported by: Sophos
Troj/GrayBrd-AU is a Trojan for the Windows platform.
Troj/GrayBrd-AU includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Tilebot-BY
This malware was reported by: Sophos
W32/Tilebot-BY is a Trojan for the Windows platform.
W32/Tilebot-BY spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS0
W32/Rbot-BAN
This malware was reported by: Sophos
W32/Rbot-BAN is a worm for the Windows platform.
W32/Rbot-BAN spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012).
W32/Rbot-BAM
This malware was reported by: Sophos
W32/Rbot-BAM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BAM spreads:
- to other network computers infected with W32/Sasser
- to other network computers by exploiting common buffer overflow vulnerabilities, includ
Troj/Brepbot-B
This malware was reported by: Sophos
Troj/Brepbot-B is a backdoor Trojan for the Windows platform.
BKDR_ZAPCHAST.BB
This malware was reported by: Trendmicro
WORM_AIMDES.E
This malware was reported by: Trendmicro
Trojan.Farknew
This malware was reported by: Symantec
SymbOS.Doomboot.Q
This malware was reported by: Symantec
SymbOS.Doomboot.Q is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.
Troj/Danmec-G
This malware was reported by: Sophos
Troj/Danmec-G is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files and retrieve i
Troj/Stinx-H
This malware was reported by: Sophos
Troj/Stinx-H is a Trojan for the Windows platform.
Troj/Bancban-JX
This malware was reported by: Sophos
Troj/Bancban-JX is an internet banking Trojan for the Windows platform.
WORM_KELVIR.CY
This malware was reported by: Trendmicro
Similar to most WORM_KELVIR variants, this memory-resident worm propagates via the instant messaging application MSN Messenger. It sends an instant message to all the online contacts of an affected user. The message it sends contains a URL that down
W32.Mytob.MN@mm
This malware was reported by: Symantec
W32.Mytob.MN@mm is a worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
Note: Virus definitions dated December 6, 2005 detect this variant as W32.Mytob@mm.
Trojan.Zlob.E
This malware was reported by: Symantec
Trojan.Zlob.E is a Trojan horse that redirects the Internet Explorer home page and search page.
SWF_CRASHBRWSR.A
This malware was reported by: Trendmicro
This proof-of-concept malware takes advantage of MPSB05-07 Flash Player 7 Improper Memory Access vulnerability, found in Macromedia Flash players. More information can be found on the following Web page.
Keylog-Advanced
This malware was reported by: Network Associates Inc
Alcan.H
This malware was reported by: Computer Associates
Description Win32.Alcan.H is a worm that spreads via peer-to-peer file sharing networks. It has been distributed as a 602,893-byte, Win32 executable.
Adware-Favadd
This malware was reported by: Network Associates Inc
Bootton.C
This malware was reported by: F-Secure
Bootton.C is a SIS file that installs small component that resets the
device if executed, this component is installed into locations where
it replaces system and third party applications.
Bootton.C installs also Doomboot.A components that cause rebo
Bootton.B
This malware was reported by: F-Secure
Bootton.B is a SIS file that installs small component that resets the
device if executed, this component is installed into locations where
it replaces system and third party applications.
Bootton.B installs also Doomboot.A components that cause rebo
Soclaip Family
This malware was reported by: Computer Associates
Description Win32.Soclaip is a family of trojans that functions as a socks proxy. They can also download and execute arbitrary files.
W32/Mytob-GC
This malware was reported by: Sophos
W32/Mytob-GC is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-GC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, includin
Troj/Danmec-E
This malware was reported by: Sophos
Troj/Danmec-E is a Trojan for the Windows platform.
Troj/Danmec-E displays a fake error message with the title "Component not found" and the message text "Application can not run because vbreun64.dll not found".
The Trojan opens a port and
WORM_FALSU.A
This malware was reported by: Trendmicro
This worm spreads through network shares. It creates the subfolder shared within the Windows folder and drops copies of itself in the said subfolder
Ryknos.G
This malware was reported by: Panda Software
Ryknos.G is a backdoor that ends several processes belonging to certain firewalls and antivirus programs, and it also connects to an IRC server in order to receive remote control commands to carry out on the affected computer.Ryknos.G does not spread aut
W32/Sdbot-AGC
This malware was reported by: Sophos
W32/Sdbot-AGC is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGC spreads to other network computers by Instant messaging programmes and by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (
Troj/Bancban-KB
This malware was reported by: Sophos
Troj/Bancban-KB is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-KB includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan attempts to log keypresses enter
Troj/Banker-IK
This malware was reported by: Sophos
Troj/Banker-IK is a Trojan for the Windows platform.
Troj/Danmec-F
This malware was reported by: Sophos
Troj/Danmec-F is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files.
Troj/Danmec-
TROJ_AGENT.AKR
This malware was reported by: Trendmicro
This Trojan arrives on a system as a file bearing the Microsoft Word document icon to disguise itself as a legitimate file. When executed, it even drops and opens a Microsoft Word .DOC file in order trick unsuspecting users into thinking that they a